DNP3 Intrusion Detection Dataset

In the digital era of the Industrial Internet of Things (IIoT), the conventional Critical Infrastructures (CIs) are transformed into smart environments with multiple benefits, such as pervasive control, self-monitoring and self-healing. However, this evolution is characterised by several cyberthreats due to the necessary presence of insecure technologies. DNP3 is an industrial communication protocol which is widely adopted in the CIs of the US. In particular, DNP3 allows the remote communication between Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). It can support various topologies, such as Master-Slave, Multi-Drop, Hierarchical and Multiple-Server. Initially, the architectural model of DNP3 consists of three layers: (a) Application Layer, (b) Transport Layer and (c) Data Link Layer. However, DNP3 can be now incorporated into the Transmission Control Protocol/Internet Protocol (TCP/IP) stack as an application-layer protocol. However, similarly to other industrial protocols (e.g., Modbus and IEC 60870-5-104), DNP3 is characterised by severe security issues since it does not include any authentication or authorisation mechanisms. This dataset contains labelled Transmission Control Protocol (TCP) / Internet Protocol (IP) network flow statistics (Common-Separated Values - CSV format) and DNP3 flow statistics (CSV format) related to 9 DNP3 cyberattacks. These cyberattacks are focused on DNP3 unauthorised commands and Denial of Service (DoS). The network traffic data are provided through Packet Capture (PCAP) files. Consequently, this dataset can be used to implement Artificial Intelligence (AI)-powered Intrusion Detection and Prevention (IDPS) systems that rely on Machine Learning (ML) and Deep Learning (DL) techniques

在工业物联网（Industrial Internet of Things，IIoT）的数字化时代，传统关键基础设施（Critical Infrastructures，CIs）已转型为具备多重优势的智能环境，例如泛在控制、自主监控与自主自愈。然而，这一演进过程因不可避免地采用了存在安全隐患的技术，而面临诸多网络威胁。DNP3是一款被美国关键基础设施广泛采用的工业通信协议。具体而言，DNP3可实现工业控制系统（Industrial Control Systems，ICS）与监控与数据采集系统（Supervisory Control and Data Acquisition，SCADA）之间的远程通信。该协议支持多种拓扑结构，包括主从式、多分支式、层级式以及多服务器式。最初，DNP3的架构模型包含三层：(a) 应用层（Application Layer）、(b) 传输层（Transport Layer）以及(c) 数据链路层（Data Link Layer）。但如今，DNP3可作为应用层协议集成至传输控制协议/互联网协议（Transmission Control Protocol/Internet Protocol，TCP/IP）协议栈中。然而，与其他工业协议（如Modbus与IEC 60870-5-104）类似，DNP3存在严重的安全隐患，因其未内置任何身份验证或授权机制。本数据集包含与9种DNP3网络攻击相关的标注型传输控制协议/互联网协议（TCP/IP）网络流统计数据（采用逗号分隔值（Common-Separated Values，CSV）格式）以及DNP3流统计数据（CSV格式）。这些网络攻击针对DNP3未授权命令与拒绝服务（Denial of Service，DoS）场景展开。网络流量数据以数据包捕获（Packet Capture，PCAP）文件形式提供。因此，本数据集可用于构建依托机器学习（Machine Learning，ML）与深度学习（Deep Learning，DL）技术的人工智能（Artificial Intelligence，AI）驱动型入侵检测与防御（Intrusion Detection and Prevention，IDPS）系统。