Data Exfiltration Malware (DEM) contains network captures (.pcap) mainly of info-stealer malware. The dataset also contains the traffic we generated using the VM. We used this traffic for training in our analysis, and the malware for testing. This dataset is made publicly available to foster research in data exfiltration detection and prevention. The dataset is not licensed, but we kindly ask you to cite the following work in case you make use of it:
Decanter: Detection of Anomalous Outbound HTTP Traffic By Passive Application Fingerprinting. Riccardo Bortolameotti, Thijs van Ede, Marco Caselli, Rick Hofstede, Maarten H. Everts, Willem Jonker, Pieter Hartel and Andreas Peter. To appear in Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC). December 2017, Orlando, FL.