X-IIoTID: A Connectivity- and Device-agnostic Intrusion Dataset for Industrial Internet of Things

Industrial Internet of Things (IIoTs) are high-value cyber targets due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT's co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems' activities, connectivities and attack behaviors. In addition, owing to their multi-platform connectivity protocols and multi-vendor devices, collecting and creating such data is also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion dataset for an IIoT called X-IIoTID, connectivity- and device-agnostic intrusion dataset for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multi-view features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with eighteen intrusion datasets to verify its novelty.

工业物联网（IIoTs）因其部署的设备特性和连接协议而成为高价值网络目标。由于易于被攻破，且由于其与大规模高价值数据内容的连接，任何单一设备的被攻破都可能扩展至整个系统，并干扰关键功能。目前存在多种安全解决方案用于检测和缓解入侵行为。然而，由于它们缺乏处理工业物联网共存异构性和互操作性的能力，因此开发满足其需求的新通用安全解决方案至关重要。这一挑战源于关于工业物联网系统活动、连接性和攻击行为的准确数据的稀缺。此外，由于它们的跨平台连接协议和多厂商设备，收集和创建此类数据也颇具挑战。为了解决这些问题，我们提出了一种全面的方法，用于生成适用于工业物联网的入侵数据集X-IIoTID，这是一种连接性和设备无关的入侵数据集，旨在适应工业物联网系统的异构性和互操作性。它包括新型IIoT连接协议的行为、近期设备的活动、多样化的攻击类型和场景，以及各种攻击协议。X-IIoTID定义了一种攻击分类法，并包含多视图特征，如网络流量、主机资源、日志和警报。X-IIoTID使用流行的机器学习和深度学习算法进行评估，并与十八个入侵数据集进行比较，以验证其新颖性。