Side-Channel Based Intrusion Detection for Industrial Control Systems: Side-Channel Based Intrusion Detection for Industrial Control Systems: electromagnetic traces

Raw EM traces that were used to generate the results used in 'Side-Channel Based Intrusion Detection for Industrial Control Systems' (doi:10.1007/978-3-319-99843-5_19) and 'Security and Privacy in the Smart Grid' (PhD Thesis, ISBN 978-94-6473-209-2).Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. In these publications we use a technique from cryptographic side-channel analysis, multivariate templating, to detect anomalous behaviour in Programmable Logic Controllers. Our solution uses side-channel measurements of the electromagnetic emissions of an industrial control system to detect behavioural changes of the software running on them. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.This dataset consists of raw electromagnetic trace files captured on 2017-05-27. It can be used to reproduce the results in the aforementioned publications. For three different programs, 16 different inputs were captured. Each input has 100.000 traces.Analysis (& capturing) code is available as a separate dataset at doi:10.17026/dans-x7m-6222.Please note that although this dataset of EM traces is published under CC0 -- effectively waiving all copyright and related or neighbouring rights -- the *code* dataset is licensed under GPLv3 and thus subject to the limitations of that license.

本数据集所用的原始电磁（Electromagnetic, EM）轨迹曾用于生成《面向工业控制系统的基于侧信道的入侵检测》（DOI: 10.1007/978-3-319-99843-5_19）与《智能电网中的安全与隐私》（博士学位论文，ISBN: 978-94-6473-209-2）中的研究结果。 工业控制系统（Industrial Control Systems, ICS）正受到愈发严格的审视。长期以来，其安全水平处于较低水准；尽管制造商已采取相关措施加以改善，但庞大的遗留系统装机存量难以轻松部署最前沿的安全防护方案。 上述两篇文献中，我们采用了密码学侧信道分析领域的多变量模板法，以检测可编程逻辑控制器（Programmable Logic Controller, PLC）中的异常行为。本方案通过采集工业控制系统的电磁辐射侧信道测量数据，识别其上运行软件的行为变化。为验证该方法的可行性，我们基于密码学侧信道分析技术，证明了即便对西门子S7-317 PLC上的程序进行细微改动，也可对其进行特征刻画并加以区分。 本数据集包含2017年5月27日采集的原始电磁轨迹文件，可用于复现上述两篇文献中的研究结果。本次采集覆盖3种不同程序，每种程序对应16组不同输入，每组输入包含10万条轨迹。 分析（含采集）代码可作为独立数据集通过DOI:10.17026/dans-x7m-6222获取。 请注意：本电磁轨迹数据集采用CC0协议发布，实际上已放弃全部著作权及相关或邻接权利；但代码数据集采用GPLv3协议授权，因此受该协议条款约束。