A Comparison of ICS Datasets for Security Research Based on Attack Paths

  • Seungoh ChoiEmail author
  • Jeong-Han Yun
  • Sin-Kyu Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11260)


Industrial control systems (ICSs) are widely deployed in various domains of critical infrastructure. In recent years, security threats targeting an ICS are increasing. However, developing or verifying security technology at actual operation sites is quite difficult due to constraints that must be in place for non-disruptive operation and high availability of the control system. In addition, there is also a limit in obtaining datasets for security research. To overcome these limitations, several experimental studies have been conducted to build an ICS testbed for an experimental environment. Based on the testbed, datasets have been captured and released publicly. To properly apply datasets to fulfill the research objectives, the datasets should be analyzed in advance, because each dataset has different characteristics based on domains and security concerns. In this paper, we introduce the results of comparative analysis of various ICS datasets focusing on attack scenarios and discuss considerations of applying datasets to an ICS security research. It is expected that our results will help further researchers deal with datasets for their individual purposes.


Security Dataset Attack path Industrial control system 


  1. 1.
    Beaver, J.M., Borges-Hink, R.C., Buckner, M.A.: An evaluation of machine learning methods to detect malicious scada communications. In: 2013 12th International Conference on Machine Learning and Applications, vol. 2, pp. 54–59 (2013).
  2. 2.
    CIPedia\(\copyright \). Last Accessed 30 Apr 2018
  3. 3.
    DEFCON23: compilation of ICS PCAP files indexed by protocol. 23/DEFCON23villages/DEFCON23icsvillage/DEFCON23ICS Village packet captures.rar. Last Accessed 30 Apr 2018
  4. 4.
    Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 88–99. Springer, Cham (2017). Scholar
  5. 5.
    Hink, R.C.B., Beaver, J.M., Buckner, M.A., Morris, T., Adhikari, U., Pan, S.: Machine learning for power system disturbance and cyber-attack discrimination. In: 2014 7th International Symposium on Resilient Control Systems (ISRCS), pp. 1–8 (2014).
  6. 6.
    iTrust: Swat datasets. Last Accessed 30 Apr 2018
  7. 7.
    Kravchik, M., Shabtai, A.: Detecting cyberattacks in industrial control systems using convolutional neural networks. ArXiv e-prints, June 2018Google Scholar
  8. 8.
    ICS Lab: 4SICS ICS lab PCAP files. Last Accessed 30 Apr 2018
  9. 9.
    Lemay, A.: SCADA network datasets. Last Accessed 30 Apr 2018
  10. 10.
    Lemay, A., Fernandez, J.M., Montréal, É.P.D.: Providing SCADA network data sets for intrusion detection research. In: Usenix Cset (2016)Google Scholar
  11. 11.
    Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36 (2016).
  12. 12.
    McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016). Scholar
  13. 13.
    Morris, T.H.: Industrial control system (ICS) cyber attack datasets. Last Accessed 30 Apr 2018
  14. 14.
    Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 65–78. Springer, Heidelberg (2014). Scholar
  15. 15.
    Morris, T.H., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011). Scholar
  16. 16.
    Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research (2015)Google Scholar
  17. 17.
    NCCIC: ICS-CERT year in review. Last Accessed 30 Apr 2018 (2016)
  18. 18.
    Pan, S., Morris, T., Adhikari, U.: Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. IEEE Trans. Ind. Inform. 11(3), 650–662 (2015). Scholar
  19. 19.
    Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015). Scholar
  20. 20.
    Pan, S., Morris, T.H., Adhikari, U.: A specification-based intrusion detection framework for cyber-physical environment in electric power system. I. J. Netw. Secur. 17, 174–188 (2015)Google Scholar
  21. 21.
    Peterson, D., Wightman, R.: Digital bond S4x15 ICS village CTF PCAP files. Last Accessed 30 Apr 2018
  22. 22.
    Rodofile, N.R.: S7comm datasets. Last Accessed 30 Apr 2018
  23. 23.
    Rodofile, N.R., Schmidt, T., Sherry, S.T., Djamaludin, C., Radke, K., Foo, E.: Process control cyber-attacks and labelled datasets on S7Comm critical infrastructure. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 452–459. Springer, Cham (2017). Scholar
  24. 24.
    Stallings, W.: Network Security Essentials: Applications and Standards. Pearson Education India, Kindersley (2000)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.The Affiliated Institute of ETRIDaejeonRepublic of Korea

Personalised recommendations