IEC 60870-5-104 Intrusion Detection Dataset

The evolution of the Industrial Internet of Things (IIoT) introduces several benefits, such as real-time monitoring, pervasive control and self-healing. However, despite the valuable services, security and privacy issues still remain given the presence of legacy and insecure communication protocols like IEC 60870-5-104. IEC 60870-5-104 is an industrial protocol widely applied in critical infrastructures, such as the smart electrical grid and industrial healthcare systems. The IEC 60870-5-104 Intrusion Detection Dataset was implemented in the context of the research paper entitled "Modeling, Detecting, and Mitigating Threats Against Industrial Healthcare Systems: A Combined Software Defined Networking and Reinforcement Learning Approach" [1], in the context of two H2020 projects: ELECTRON: rEsilient and seLf-healed EleCTRical pOwer Nanogrid (101021936) and SDN-microSENSE: SDN - microgrid reSilient Electrical eNergy SystEm (833955). This dataset includes labelled Transmission Control Protocol (TCP)/Internet Protocol (IP) network flow statistics (Common-Separated Values (CSV) format) and IEC 60870-5-104 flow statistics (CSV format) related to twelve IEC 60870-5-104 cyberattacks. In particular, the cyberattacks are related to unauthorised commands and Denial of Service (DoS) activities against IEC 60870-5-104. Moreover, the relevant Packet Capture (PCAP) files are available. The dataset can be utilised for Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS), taking full advantage of Machine Learning (ML) and Deep Learning (DL).

工业物联网（Industrial Internet of Things, IIoT）的演进带来了诸多优势，例如实时监控、泛在控制与自愈能力。然而，尽管其具备可观的服务价值，但由于存在IEC 60870-5-104这类老旧且不安全的通信协议，安全与隐私问题依旧突出。IEC 60870-5-104是一种广泛应用于关键基础设施（如智能电网与工业医疗系统）的工业通信协议。本数据集“IEC 60870-5-104入侵检测数据集”的构建源自两项研究背景：一是发表于题为《面向工业医疗系统的威胁建模、检测与缓解：软件定义网络与强化学习的组合方案》[1]的学术论文；二是两项欧盟地平线2020（H2020）项目，分别为ELECTRON：弹性自愈式电力微电网（101021936）与SDN-microSENSE：软件定义网络-微电网弹性能源系统（833955）。该数据集包含标记后的传输控制协议（Transmission Control Protocol, TCP）/网际协议（Internet Protocol, IP）网络流统计数据（逗号分隔值（Common-Separated Values, CSV）格式），以及与12种IEC 60870-5-104网络攻击相关的IEC 60870-5-104流统计数据（CSV格式）。具体而言，这些网络攻击涵盖针对IEC 60870-5-104的未授权命令攻击与拒绝服务（Denial of Service, DoS）活动。此外，相关的数据包捕获（Packet Capture, PCAP）文件也已同步提供。本数据集可用于基于人工智能（Artificial Intelligence, AI）的入侵检测系统（Intrusion Detection Systems, IDS）研究，可充分发挥机器学习（Machine Learning, ML）与深度学习（Deep Learning, DL）的技术优势。