five

Dataset of Publication "Malware Communication in Smart Factories: A Network Traffic Data Set"

收藏
DataCite Commons2025-03-31 更新2025-04-16 收录
下载链接:
https://researchdata.tuwien.at/doi/10.48436/vs6hv-1vs74
下载链接
链接失效反馈
官方服务:
资源简介:
Machine learning-based intrusion detection requires suitable and realisticdata sets for training and testing. However, data sets that originate fromreal networks are rare. Network data is considered privacy sensitive and the purposeful introduction of malicious traffic is usually not possible. In thispaper we introduce a labeled data set captured at a smart factory locatedin Vienna, Austria during normal operation and during penetration tests with differentattack types. The data set contains 173 GB of PCAP files, which represent 16 days (395 hours) of factory operation. It includes MQTT, OPC UA, and Modbus/TCP traffic. The captured malicious traffic was originatedby a professional penetration tester who performed two types of attacks: (a)aggressive attacks that are easier to detect and (b) stealthy attacks that areharder to detect. Our data set includes the raw PCAP files and extractedflow data. Labels for packets and flows indicate whether packets (or flows)originated from a specific attack or from benign communication. We describethe methodology for creating the data set, conduct an analysis of the dataand provide detailed information about the recorded traffic itself. The dataset is freely available to support reproducible research and the comparabilityof results in the area of intrusion detection in industrial networks. File description: a_day1, a_day2, s_day1, s_day2, tf_a and tf_s: Main data set, where files starting with "tf"  are training files  containing only benign, operational data and all other files are attack files containing both, operational data and attack data. images.zip: Contains descriptive images about the data. extractions.zip: Contains extracted packets, flows in both labeled and unlabeled form. a_day_tuesday_dos.zip: additional day of attack traffic containing benign and attack data, including a DoS attack. This day is not labeled.

基于机器学习的入侵检测任务,需要适配性优良且贴合实际场景的数据集用于模型训练与测试。然而,源自真实生产网络的数据集十分稀缺。网络数据涉及隐私敏感信息,且主动构造并引入恶意流量通常难以实现。 本文提出一个标注型数据集,其采集自奥地利维也纳某智能工厂的正常运行场景,以及针对多种攻击类型开展的渗透测试过程中。该数据集包含173 GB的PCAP(Packet Capture)文件,涵盖16天(总计395小时)的工厂运行流量,涉及MQTT(Message Queuing Telemetry Transport)、OPC UA(Open Platform Communications Unified Architecture)以及Modbus/TCP三种工业网络协议。 所采集的恶意流量由专业渗透测试人员生成,包含两类攻击:(a) 易于检测的主动攻击,以及(b) 更难被察觉的隐蔽攻击。本数据集包含原始PCAP文件与提取得到的流量流数据,数据包与流量流的标注可用于区分其属于特定攻击流量还是良性通信流量。本文详细阐述了该数据集的构建方法,对数据集开展了全面分析,并提供了所记录流量的详细信息。本数据集免费公开,旨在支撑工业网络入侵检测领域的可复现研究工作,并提升同类研究结果的可比性。 文件说明: a_day1、a_day2、s_day1、s_day2、tf_a 与 tf_s:主数据集。其中文件名以"tf"开头的为仅包含正常运行流量的训练文件,其余文件为同时包含正常运行数据与攻击数据的攻击样本文件。 images.zip:包含该数据集的说明性图示文件。 extractions.zip:包含已提取的数据包与流量流数据,分为标注与未标注两种形式。 a_day_tuesday_dos.zip:额外的攻击流量数据集,包含正常流量与攻击流量(含拒绝服务(Denial of Service,DoS)攻击),该数据集未进行标注。
提供机构:
TU Wien
创建时间:
2024-10-18
搜集汇总
数据集介绍
main_image_url
背景与挑战
背景概述
该数据集是一个用于智能工厂入侵检测研究的网络流量数据集,包含173 GB的PCAP文件,覆盖16天工厂操作期间的MQTT、OPC UA和Modbus/TCP流量。数据集中包含由专业渗透测试人员生成的激进和隐蔽攻击流量,并提供数据包和流的标签,以区分恶意与良性通信,支持机器学习模型的训练和测试。
以上内容由遇见数据集搜集并总结生成
二维码
社区交流群
二维码
科研交流群
商业服务