Dataset for Network Intrusion Detection System on SCADA IEC 60870-5-104

Security is the main challenge in Supervisory Control and Data Acquisition (SCADA) systems since SCADA systems must be connected to heterogeneous networks to save costs. SCADA devices such as RTUs have limited resources, so a small-scale cyber attack on a computer network will have a major impact on the SCADA system. This study discusses the SCADA system with the IEC 60870-5-104 protocol which is widely used in the power plant industry. A physical testbed is built to simulate the electrical distribution process. The SCADA system in the distribution section is more vulnerable than other parts because it is located directly in the community environment so that many holes can be entered by attackers. The purpose of this study is to obtain relevant datasets in the SCADA system. The simulation carried out in this study is a normal communication between the HMI and the RTU, then attacked to disrupt the communication. The attack activities carried out are port scan, brute force and DoS. DoS attacks carried out are ICMP flood, Syn flood, and IEC 104 flood. IEC 104 flood attack is a modified attack to attack RTU where RTU is flooded with an unknown typeid ASDU (Application Service Data Unit). Attacks are carried out using Kali Linux operating system. All scenarios are recorded and saved in pcap. To prove that there is attack data traffic on the IDS dataset Snort and Suricata are used to detect it. In this study, there are also intrusion detection performance results from Snort and Suricata