Dataset of a Cyber-Physical Detection Tool Evaluated in a Multi-Stage Attack Scenario

Electric power systems are comprised of cyber and physical components that are crucial to grid resiliency. Data from both components should be collected when modeling power systems: data from communication networks and intrusion detection systems; physical telemetry from sensors and field devices. For accurate and timely detection of malicious activity, should we always account for cyber and physical telemetry data, or data fusion? To further investigate the application of data fusion, this paper presents a new threat scenario in which an adversary affects power generation. It is a multi-stage strategy that includes a database intrusion. Multiple industrial communication protocols are applied in a cyber-physical testbed. Packets and alarms are collected using our cyber-physical data fusion engine, and evaluated using an autoencoder algorithm. It predicted malicious packets with high precision at an early stage of the scenario, using cyber-only telemetry.

电力系统由网络与物理组件构成，这些组件对于电网的弹性至关重要。在建模电力系统时，应收集这两类组件的数据：通信网络和入侵检测系统的数据；来自传感器和现场设备的物理遥测数据。为了准确及时地检测恶意活动，我们是否应当始终考虑网络与物理遥测数据，抑或数据融合？为了进一步探讨数据融合的应用，本文提出了一种新的威胁场景，其中攻击者影响电力生成。该策略包含多阶段，包括数据库入侵。在网络安全-物理测试床上应用了多种工业通信协议。利用我们开发的网络安全-物理数据融合引擎收集数据包和警报，并使用自动编码器算法进行评估。在场景的早期阶段，该算法能够以高精度预测恶意数据包，仅使用网络遥测数据。