Data4Cyber: A Labeled Cyber-Physical Dataset for Distribution-Grid Management Systems Under Representative OT Attacks

Data4Cyber is a multi-modal, scenario-based dataset for cyber-physical securityresearch on distribution-grid management systems with distributed energyresources (DER). The release contains seven primary scenarios (S0--S6) coveringa benign baseline, two Industroyer-style Modbus manipulations against PV andBSS, three ARP/MITM false-data-injection variants on meter telemetry, and oneMQTT supply-chain compromise of the price signal. One alternate scenario(S1_industroyer_pv_alt) is shipped as additional reference material outside theprimary analysis set. Each scenario folder contains a synchronized 1 Hz process telemetry table(dataset.csv with 151 to 158 columns), benign-only and attack-only splits, anIPAL-compatible state log (state.jsonl.gz), full and split OT packet captures(pcapng), attack-phase annotations, IP/MAC-to-role and Modbus-registersemantic mappings, and per-scenario plots. Labels include a binaryattack_active indicator, a single-label attack_phase token, and a multi-labelattack_phase_all field for overlapping phases. The aggregate row count is14,354 (5,880 benign / 8,474 attack), collected on 2026-03-05 and 2026-03-06. The dataset supports anomaly detection, intrusion detection, phase-awaresequence labeling, and cross-layer cause-effect analysis. Baseline IDS resultsacross twelve IPAL detector implementations are reported in the companionpublication. The release is standalone: all files required for interpretationand reproduction are inside the archive.