The increasing number of attacks against automation systems such as SCADA and their network infrastructure have demonstrated that there is a need to secure those systems. Unfortunately, directly applying existing ICT security mechanisms to automation systems is hard due to constraints of the latter, such as availability requirements or limitations of the hardware. Thus, the solution privileged by researchers is the use of network-based intrusion detection systems (N-IDS). One of the issue that many researchers encounter is how to validate and evaluate their N-IDS. Having access to a real and large automation systems for experimentation is almost impossible as companies are not inclined to give access to their systems due to obvious concerns. The few public traffic datasets that could be used for off-line experiments are either synthetic or collected at small testbeds. In this paper, we will describe and characterize a public traffic dataset collected at the HVAC management system of a university campus. Although the dataset contains only packet headers, we believe that it can help researchers, in particular designers of flow-based IDS, to validate their solutions under more realistic conditions. The traces can be found on this https URL.
A Public Network Trace of a Control and Automation System
- OT Security Certifications (GICSP, GRID, GCIP)
- ATT&CK® for Industrial Control Systems (ICS)
- Convergence of IT and SCADA: Associated Security Threats and Vulnerabilities
- Adversarial Attacks on Machine Learning Cybersecurity Defences in ICS
- Cybersecurity for Industrial Control Systems: A Survey
- Architecture and Security of SCADA Systems: A Review
- Assessing Cyber-Physical Security in Industrial Control Systems
- Anomaly Detection for Industrial Control Networks using Machine Learning
- An IT-Security Fuzzing Framework for Proprietary ICS Protocols
- Securing Big Data from Eavesdropping Attacks in SCADA/ICS Network Data Streams