This data article introduces a comprehensive, high-resolution honeynet dataset designed to support standalone analyses of global cyberattack behaviors. Collected over a continuous 72-hour window (June 9 to 11, 2025) on Microsoft Azure, the dataset comprises 132,425 individual attack events captured by three honeypots (Cowrie, Dionaea, and SentryPeer) deployed across four geographically dispersed virtual machines. Each event record includes enriched metadata (UTC timestamps, source/destination IPs, autonomous system and organizational mappings, geolocation coordinates, targeted ports, and honeypot identifiers alongside derived temporal features and standardized protocol classifications). We provide actionable guidance for researchers seeking to leverage this dataset in anomaly detection, protocol-misuse studies, threat intelligence, and defensive policy design. Descriptive statistics highlight significant skew: 2,438 unique source IPs span 95 countries, yet the top 1% of IPs account for 1% of all events, and three protocols dominate: Session Initiation Protocol (SIP), Telnet, Server Message Block (SMB). Temporal analysis uncovers pronounced rush-hour peaks at 07:00 and 23:00 UTC, interspersed with maintenance-induced gaps that reveal operational blind spots. Geospatial mapping further underscores platform-specific biases: SentryPeer captures concentrated SIP floods in North America and Southeast Asia, Cowrie logs Telnet/SSH scans predominantly from Western Europe and the U.S., and Dionaea records SMB exploits around European nodes. By combining fine-grained temporal resolution with rich, contextual geolocation and protocol metadata, this standalone dataset aims to empower reproducible, cloud-scale investigations into evolving cyber threats. Accompanying analysis code and data access details are provided.

翻译：本文介绍了一个全面、高分辨率的蜜网数据集，旨在支持对全球网络攻击行为的独立分析。该数据集在微软Azure平台上于连续72小时窗口内（2025年6月9日至11日）采集，包含由部署在四个地理分散虚拟机上的三个蜜罐（Cowrie、Dionaea和SentryPeer）捕获的132,425个独立攻击事件。每个事件记录均包含丰富的元数据（UTC时间戳、源/目标IP地址、自治系统与组织映射、地理位置坐标、目标端口、蜜罐标识符，以及衍生的时序特征和标准化协议分类）。我们为寻求利用此数据集进行异常检测、协议滥用研究、威胁情报和防御策略设计的研究人员提供了可行的指导。描述性统计突显了显著的偏斜分布：2,438个独立源IP地址遍布95个国家，然而前1%的IP地址贡献了1%的事件总数，且三种协议占据主导：会话发起协议（SIP）、Telnet和服务器消息块（SMB）。时序分析揭示了在UTC时间07:00和23:00存在显著的流量高峰，其间穿插着因维护导致的间隙，这些间隙揭示了运营盲点。地理空间映射进一步强调了平台特定的偏差：SentryPeer捕获了集中在北美和东南亚的SIP洪水攻击，Cowrie记录了主要来自西欧和美国的Telnet/SSH扫描，而Dionaea则记录了围绕欧洲节点的SMB漏洞利用事件。通过将细粒度的时间分辨率与丰富的上下文地理位置及协议元数据相结合，这个独立的数据集旨在赋能对不断演变的网络威胁进行可复现的云规模调查。随附的分析代码和数据访问详情已一并提供。