TRAFFIC DATA SETS FOR INTRUSION DETECTION RESEARCH

Supervisory control and data acquisition (SCADA) systems monitor and control physical processes associated with the critical infrastructure. Weaknesses in the application layer protocols, however, leave SCADA networks vulnerable to attack. In response, cyber security researchers have developed myriad intrusion detection systems. Researchers primarily rely on unique threat models and the corresponding network traffic data sets to train and validate their intrusion detection systems. This leads to a situation in which researchers cannot independently verify the results, cannot compare the effectiveness of different instruction detection systems, and cannot adequately validate the ability of intrusion detection systems to detect various classes of attacks. Indeed, a common data set is needed that can be used by researchers to compare intrusion detection approaches and implementations. This paper describes four data sets, which include network traffic, process control and process measurement features from a set of 28 attacks against two laboratory-scale industrial control systems that use the MODBUS application layer protocol. The data sets, which are freely available, enable effective comparisons of intrusion detection solutions for SCADA sys-

[1]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[2]  Milos Manic,et al.  Improving Control System Cyber-State Awareness Using Known Secure Sensor Measurements , 2012, CRITIS.

[3]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[4]  Alfonso Valdes,et al.  Communication pattern anomaly detection in process control systems , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[5]  Paul W. Oman,et al.  Intrusion Detection and Event Monitoring in SCADA Networks , 2007, Critical Infrastructure Protection.

[6]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[7]  Kyoung-Don Kang,et al.  Detecting Anomalies in Process Control Networks , 2009, Critical Infrastructure Protection.

[8]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[9]  Wei Gao,et al.  A control system testbed to validate critical infrastructure protection concepts , 2011, Int. J. Crit. Infrastructure Prot..

[10]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[11]  Brian Randell,et al.  Cyber threats , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[12]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[13]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.

[14]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .