five

Real-Time ICS SCADA System Cyber Kit Testbed with Industrial Hacking Scenarios

收藏
DataCite Commons2025-05-01 更新2025-04-16 收录
下载链接:
https://data.mendeley.com/datasets/k76xhm22yj
下载链接
链接失效反馈
官方服务:
资源简介:
An innovative and cost-effective real-time network traffic testbed, which can mimic the industrial control system operation is introduced. The ICS portable kit package provides real industrial network flow data for research and to develop anomaly-based Machine learning algorithms for intrusion detection in ICS systems. The ICS cyber portable test kit can overcome the main concern for researchers on the dependence on public datasets which usually do not include all types of attacks to train and test the machine learning algorithms The ICS portable kit package consists of following components: PLC (IP address-192.168.101.22): SIMATIC S7-1200 Siemens for process operation simulation HMI (IP address-192.168.101.23): SIMATIC Basic panel Siemens for graphical interface Ethernet switch (IP address: 192.168.101.25): Scalance XB213 Siemens with mirror port facility to copy the operational technology (OT)network traffic Process simulation modules- Analogue, digital inputs/outputs for field process simulation Physical sensor: Data collection of network traffic with Deep Packet Inspection (DPI) Attacker system: Launch OT attacks with Penetration test software Kali Linux Industrial Process Plant Operations: The ICS kit is possessed with input/output modules to mimic the field devices and its process variables, which are connected to PLC systems and to the HMI panel Mirrored Ethernet Switch: The ICS components of kit (PLC, HMI) are connected to Siemens ethernet switch for copying OT traffic Industrial Sensor: OT Sensors are used in passive mode, connected to the ethernet switch for metadata OT traffic extraction The test kit can also be attacked and tested with hacking penetration tools to obtain the industrial datasets, which are very difficult to get from the industries due to its sensitivity and criticality Each of the dataset instance has 06 data columns ( Timestamp of each packet, Source IP, Destination IP, OT Protocols, Summarized packet Info for DPI) The datasets include normal operation along with attack scenarios dedicated to OT ICS protocols domain and the contents include: 1. Stable mode of control system operation maintained for at least 10 minutes has 68965 instances 2. MITM attack scenario (ARP) with Ettercap tool for PLC/HMI communication has 52600 instances 3. Telnet communication for PLC/HMI ethernet switch has 13076 instances 4. Web-server access (HTTP) of PLC system with programming tool laptop scenario has 21435 instances The metadata extracted from info column in matrix data is pre-processed, transformed for Deep learning ML techniques for cyber attack abnormality detection MODBUS TCP -S7 ARP TELNET MODBUS LLDP HTTP [27617 x 4] [238x3] [89 x 1] [1503 x 5] [251 x 2] [910 x 1] More information is provided in the data paper which is currently under review: M. H. Habaebi,S. Mubarak (2021),Real-Time ICS SCADA System Testbed with Industrial Datasets Scenarios and Attack Detection Using Machine Learning Techniques, IASC

本文介绍了一款创新且兼具成本效益的实时网络流量测试平台,可模拟工业控制系统(Industrial Control System, ICS)的运行工况。该ICS便携套件套装可为科研工作提供真实工业网络流量数据,并用于开发基于异常检测的机器学习算法,以实现工业控制系统的入侵检测。本ICS网络便携测试套件可解决研究者长期面临的核心痛点:现有公开数据集往往无法覆盖用于训练与测试机器学习算法所需的全部攻击类型。 本ICS便携套件包含以下组成部分:可编程逻辑控制器(Programmable Logic Controller, PLC,IP地址:192.168.101.22):采用西门子(Siemens)SIMATIC S7-1200,用于工艺运行模拟;人机交互界面(Human Machine Interface, HMI,IP地址:192.168.101.23):采用西门子(Siemens)SIMATIC Basic面板,用于提供图形化操作界面;以太网交换机(IP地址:192.168.101.25):采用西门子(Siemens)Scalance XB213,具备镜像端口功能,可复制运营技术(Operational Technology, OT)网络流量;工艺模拟模块:包含模拟量与数字量输入/输出接口,用于现场工艺模拟;物理传感器:采用深度包检测(Deep Packet Inspection, DPI)技术采集网络流量数据;攻击主机:搭载渗透测试软件Kali Linux,可发起运营技术类攻击;工业工厂运行模拟模块:本ICS套件配备输入/输出模块,可模拟现场设备及其工艺变量,该模块与可编程逻辑控制器及人机交互界面相连;镜像以太网交换机:本套件的可编程逻辑控制器、人机交互界面等组件均连接至西门子(Siemens)以太网交换机,以实现运营技术流量的复制采集;工业传感器:以无源模式部署,连接至以太网交换机以提取运营技术流量的元数据。 该测试套件还可通过黑客渗透工具开展攻击与测试,从而获取工业数据集——由于工业数据具有高度敏感性与关键性,此类数据集往往难以从企业直接获取。 每条数据集样本包含6个数据列:数据包时间戳、源IP地址、目的IP地址、运营技术协议类型、用于深度包检测的数据包汇总信息。 数据集涵盖正常运行工况与针对运营技术-工业控制系统协议域的攻击场景,具体包含以下内容:1. 控制系统稳定运行模式:持续时长至少10分钟,共包含68965条样本;2. 中间人攻击(Man-in-the-Middle, MITM)场景:借助Ettercap工具针对可编程逻辑控制器与人机交互界面的通信发起ARP欺骗攻击,共包含52600条样本;3. Telnet通信场景:针对可编程逻辑控制器/人机交互界面以太网交换机的Telnet远程访问,共包含13076条样本;4. Web服务器访问场景:通过搭载编程工具的笔记本电脑访问可编程逻辑控制器的Web服务(HTTP协议),共包含21435条样本。 从矩阵数据信息列中提取的元数据已完成预处理与特征转换,可用于基于深度学习的机器学习网络攻击异常检测任务。所涉及的协议包括:MODBUS TCP、S7、ARP、Telnet、MODBUS、LLDP、HTTP,对应数据维度分别为[27617 x 4]、[238 x 3]、[89 x 1]、[1503 x 5]、[251 x 2]、[910 x 1]。 更多详细信息可参阅目前处于审稿阶段的相关数据论文:M. H. Habaebi、S. Mubarak(2021),"Real-Time ICS SCADA System Testbed with Industrial Datasets Scenarios and Attack Detection Using Machine Learning Techniques", IASC。
提供机构:
Mendeley
创建时间:
2021-06-25
搜集汇总
数据集介绍
main_image_url
背景与挑战
背景概述
该数据集是一个实时工业控制系统(ICS)网络流量测试平台,旨在模拟工业操作并提供网络流量数据,用于研究和开发基于异常的机器学习算法进行入侵检测。数据集包含正常操作和多种攻击场景(如MITM攻击、Telnet通信、Web服务器访问),每个实例有6个数据列,并提供了不同场景的实例数量,强调其成本效益和克服公共数据集局限性的能力。
以上内容由遇见数据集搜集并总结生成
二维码
社区交流群
二维码
科研交流群
商业服务