DNP3 Intrusion Detection Dataset
Creators
- 1. Radoglou-Grammatikis
- 2. Kelli
- 3. Lagkas
- 4. Argyriou
- 5. Sarigiannidis
Description
1.Introduction
In the digital era of the Industrial Internet of Things (IIoT), the conventional Critical Infrastructures (CIs) are transformed into smart environments with multiple benefits, such as pervasive control, self-monitoring and self-healing. However, this evolution is characterised by several cyberthreats due to the necessary presence of insecure technologies. DNP3 is an industrial communication protocol which is widely adopted in the CIs of the US. In particular, DNP3 allows the remote communication between Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). It can support various topologies, such as Master-Slave, Multi-Drop, Hierarchical and Multiple-Server. Initially, the architectural model of DNP3 consists of three layers: (a) Application Layer, (b) Transport Layer and (c) Data Link Layer. However, DNP3 can be now incorporated into the Transmission Control Protocol/Internet Protocol (TCP/IP) stack as an application-layer protocol. However, similarly to other industrial protocols (e.g., Modbus and IEC 60870-5-104), DNP3 is characterised by severe security issues since it does not include any authentication or authorisation mechanisms. More information about the DNP3 security issue is provided in [1-3]. This dataset contains labelled Transmission Control Protocol (TCP) / Internet Protocol (IP) network flow statistics (Common-Separated Values - CSV format) and DNP3 flow statistics (CSV format) related to 9 DNP3 cyberattacks. These cyberattacks are focused on DNP3 unauthorised commands and Denial of Service (DoS). The network traffic data are provided through Packet Capture (PCAP) files. Consequently, this dataset can be used to implement Artificial Intelligence (AI)-powered Intrusion Detection and Prevention (IDPS) systems that rely on Machine Learning (ML) and Deep Learning (DL) techniques.
2.Instructions
This DNP3 Intrusion Detection Dataset was implemented following the methodological frameworks of A. Gharib et al. in [4] and S. Dadkhah et al in [5], including eleven features: (a) Complete Network Configuration, (b) Complete Traffic, (c) Labelled Dataset, (d) Complete Interaction, (e) Complete Capture, (f) Available Protocols, (g) Attack Diversity, (h) Heterogeneity, (i) Feature Set and (j) Metadata.
A network topology consisting of (a) eight industrial entities, (b) one Human Machine Interfaces (HMI) and (c) three cyberattackers was used to implement this DNP3 Intrusion Detection Dataset. In particular, the following cyberattacks were implemented.
- On Thursday, May 14, 2020, the DNP3 Disable Unsolicited Messages Attack was executed for 4 hours.
- On Friday, May 15, 2020, the DNP3 Cold Restart Message Attack was executed for 4 hours.
- On Friday, May 15, 2020, the DNP3 Warm Restart Message Attack was executed for 4 hours.
- On Saturday, May 16, 2020, the DNP3 Enumerate Attack was executed for 4 hours.
- On Saturday, May 16, 2020, the DNP3 Info Attack was executed for 4 hours.
- On Monday, May 18, 2020, the DNP3 Initialisation Attack was executed for 4 hours.
- On Monday, May 18, 2020, the Man In The Middle (MITM)-DoS Attack was executed for 4 hours.
- On Monday, May 18, 2020, the DNP3 Replay Attack was executed for 4 hours.
- On Tuesday, May 19, 2020, the DNP3 Stop Application Attack was executed for 4 hours.
The aforementioned DNP3 cyberattacks were executed, utilising penetration testing tools, such as Nmap and Scapy. For each attack, a relevant folder is provided, including the network traffic and the network flow statistics for each entity. In particular, for each cyberattack, a folder is given, providing (a) the pcap files for each entity, (b) the Transmission Control Protocol (TCP)/ Internet Protocol (IP) network flow statistics for 120 seconds in a CSV format and (c) the DNP3 flow statistics for each entity (using different timeout values in terms of second (such as 45, 60, 75, 90, 120 and 240 seconds)). The TCP/IP network flow statistics were produced by using the CICFlowMeter, while the DNP3 flow statistics were generated based on a Custom DNP3 Python Parser, taking full advantage of Scapy.
3. Dataset Structure
The dataset consists of the following folders:
- 20200514_DNP3_Disable_Unsolicited_Messages_Attack: It includes the pcap and CSV files related to the DNP3 Disable Unsolicited Message attack.
- 20200515_DNP3_Cold_Restart_Attack: It includes the pcap and CSV files related to the DNP3 Cold Restart attack.
- 20200515_DNP3_Warm_Restart_Attack: It includes the pcap and CSV files related to DNP3 Warm Restart attack.
- 20200516_DNP3_Enumerate: It includes the pcap and CSV files related to the DNP3 Enumerate attack.
- 20200516_DNP3_Ιnfo: It includes the pcap and CSV files related to the DNP3 Info attack.
- 20200518_DNP3_Initialize_Data_Attack: It includes the pcap and CSV files related to the DNP3 Data Initialisation attack.
- 20200518_DNP3_MITM_DoS: It includes the pcap and CSV files related to the DNP3 MITM-DoS attack.
- 20200518_DNP3_Replay_Attack: It includes the pcap and CSV files related to the DNP3 replay attack.
- 20200519_DNP3_Stop_Application_Attack: It includes the pcap and CSV files related to the DNP3 Stop Application attack.
- Training_Testing_Balanced_CSV_Files: It includes balanced CSV files from CICFlowMeter and the Custom DNP3 Python Parser that could be utilised for training ML and DL methods. Each folder includes different sub-folder for the corresponding flow timeout values used by the DNP3 Python Custom Parser. For CICFlowMeter, only the timeout value of 120 seconds was used.
Each folder includes respective subfolders related to the entities/devices (described in the following section) participating in each attack. In particular, for each entity/device, there is a folder including (a) the DNP3 network traffic (pcap file) related to this entity/device during each attack, (b) the TCP/IP network flow statistics (CSV file) generated by CICFlowMeter for the timeout value of 120 seconds and finally (c) the DNP3 flow statistics (CSV file) from the Custom DNP3 Python Parser. Finally, it is noteworthy that the network flows from both CICFlowMeter and Custom DNP3 Python Parser in each CSV file are labelled based on the DNP3 cyberattacks executed for the generation of this dataset. The description of these attacks is provided in the following section, while the various features from CICFlowMeter and Custom DNP3 Python Parser are presented in Section 5.
4.Testbed & DNP3 Attacks
The following figure shows the testbed utilised for the generation of this dataset. It is composed of eight industrial entities that play the role of the DNP3 outstations/slaves, such as Remote Terminal Units (RTUs) and Intelligent Electron Devices (IEDs). Moreover, there is another workstation which plays the role of the Master station like a Master Terminal Unit (MTU). For the communication between, the DNP3 outstations/slaves and the master station, opendnp3 was used.
Table 1: DNP3 Attacks Description
|
DNP3 Attack |
Description |
Dataset Folder |
|
DNP3 Disable Unsolicited Message Attack |
This attack targets a DNP3 outstation/slave, establishing a connection with it, while acting as a master station. The false master then transmits a packet with the DNP3 Function Code 21, which requests to disable all the unsolicited messages on the target. |
20200514_DNP3_Disable_Unsolicited_Messages_Attack |
|
DNP3 Cold Restart Attack |
The malicious entity acts as a master station and sends a DNP3 packet that includes the “Cold Restart” function code. When the target receives this message, it initiates a complete restart and sends back a reply with the time window before the restart process. |
20200515_DNP3_Cold_Restart_Attack |
|
DNP3 Warm Restart Attack |
This attack is quite similar to the “Cold Restart Message”, but aims to trigger a partial restart, re-initiating a DNP3 service on the target outstation. |
20200515_DNP3_Warm_Restart_Attack |
|
DNP3 Enumerate Attack |
This reconnaissance attack aims to discover which DNP3 services and functional codes are used by the target system. |
20200516_DNP3_Enumerate |
|
DNP3 Info Attack |
This attack constitutes another reconnaissance attempt, aggregating various DNP3 diagnostic information related the DNP3 usage. |
20200516_DNP3_Ιnfo |
|
Data Initialisation Attack |
This cyberattack is related to Function Code 15 (Initialize Data). It is an unauthorised access attack, which demands from the slave to re-initialise possible configurations to their initial values, thus changing potential values defined by legitimate masters |
20200518_Initialize_Data_Attack |
|
MITM-DoS Attack |
In this cyberattack, the cyberattacker is placed between a DNP3 master and a DNP3 slave device, dropping all the messages coming from the DNP3 master or the DNP3 slave. |
20200518_MITM_DoS |
|
DNP3 Replay Attack |
This cyberattack replays DNP3 packets coming from a legitimate DNP3 master or DNP3 slave. |
20200518_DNP3_Replay_Attack |
|
DNP3 Step Application Attack |
This attack is related to the Function Code 18 (Stop Application) and demands from the slave to stop its function so that the slave cannot receive messages from the master. |
20200519_DNP3_Stop_Application_Attack |
5. Features
The TCP/IP network flow statistics generated by CICFlowMeter are summarised below. The TCP/IP network flows and their statistics generated by CICFlowMeter are labelled based on the DNP3 attacks described above, thus allowing the training of ML/DL models. Finally, it is worth mentioning that these statistics are generated when the flow timeout value is equal with 120 seconds.
Table 2: CICFlowMeter TCP/IP Network Flow Statistics - Features
|
Feature |
Description |
|
Flow ID |
ID of the flow |
|
Src IP |
Source IP address |
|
Src Port |
Source TCP/UDP port |
|
Dst IP |
Destination IP address |
|
Dst Port |
Destination TCP/UDP port |
|
Protocol |
The protocol related to the corresponding flow |
|
Timestamp |
Flow timestamp |
|
Flow Duration |
Duration of the flow in Microsecond |
|
Tot Fwd Pkts |
Total packets in the forward direction |
|
Tot Bwd Pkts |
Total packets in the backward direction |
|
TotLen Fwd Pkts |
Total size of packets in forward direction |
|
TotLen Bwd Pkts |
Total size of packets in backward direction |
|
Fwd Pkt Len Max |
Maximum size of packet in forward direction |
|
Fwd Pkt Len Min |
Minimum size of packet in forward direction |
|
Fwd Pkt Len Mean |
Mean size of packet in forward direction |
|
Fwd Pkt Len Std |
Standard deviation size of packet in forward direction |
|
Bwd Pkt Len Max |
Maximum size of packet in backward direction |
|
Bwd Pkt Len Min |
Minimum size of packet in backward direction |
|
Bwd Pkt Len Mean |
Mean size of packet in backward direction |
|
Bwd Pkt Len Std |
Standard deviation size of packet in backward direction |
|
Flow Byts/s |
Number of flow bytes per second |
|
Flow Pkts/s |
Number of flow packets per second |
|
Flow IAT Mean |
Mean time between two packets sent in the flow |
|
Flow IAT Std |
Standard deviation time between two packets sent in the flow |
|
Flow IAT Max |
Maximum time between two packets sent in the flow |
|
Flow IAT Min |
Minimum time between two packets sent in the flow |
|
Fwd IAT Tot |
Total time between two packets sent in the forward direction |
|
Fwd IAT Mean |
Mean time between two packets sent in the forward direction |
|
Fwd IAT Std |
Standard deviation time between two packets sent in the forward direction |
|
Fwd IAT Max |
Maximum time between two packets sent in the forward direction |
|
Fwd IAT Min |
Minimum time between two packets sent in the forward direction |
|
Bwd IAT Tot |
Total time between two packets sent in the backward direction |
|
Bwd IAT Mean |
Mean time between two packets sent in the backward direction |
|
Bwd IAT Std |
Standard deviation time between two packets sent in the backward direction |
|
Bwd IAT Max |
Maximum time between two packets sent in the backward direction |
|
Bwd IAT Min |
Minimum time between two packets sent in the backward direction |
|
Fwd PSH Flags |
Number of times the PSH flag was set in packets travelling in the forward direction (0 for UDP) |
|
Bwd PSH Flags |
Number of times the PSH flag was set in packets travelling in the backward direction (0 for UDP) |
|
Fwd URG Flags |
Number of times the URG flag was set in packets travelling in the forward direction (0 for UDP) |
|
Bwd URG Flags |
Number of times the URG flag was set in packets travelling in the backward direction (0 for UDP) |
|
Fwd Header Len |
Total bytes used for headers in the forward direction |
|
Bwd Header Len |
Total bytes used for headers in the backward direction |
|
Fwd Pkts/s |
Number of forward packets per second |
|
Bwd Pkts/s |
Number of backward packets per second |
|
Pkt Len Min |
Minimum length of a packet |
|
Pkt Len Max |
Maximum length of a packet |
|
Pkt Len Mean |
Mean length of a packet |
|
Pkt Len Std |
Standard deviation length of a packet |
|
Pkt Len Var |
Variance length of a packet |
|
FIN Flag Cnt |
Number of packets with FIN |
|
SYN Flag Cnt |
Number of packets with SYN |
|
RST Flag Cnt |
Number of packets with RST |
|
PSH Flag Cnt |
Number of packets with PUSH |
|
ACK Flag Cnt |
Number of packets with ACK |
|
URG Flag Cnt |
Number of packets with URG |
|
CWE Flag Count |
Number of packets with CWE |
|
ECE Flag Cnt |
Number of packets with ECE |
|
Down/Up Ratio |
Download and upload ratio |
|
Pkt Size Avg |
Average size of packet |
|
Fwd Seg Size Avg |
Average size observed in the forward direction |
|
Bwd Seg Size Avg |
Average size observed in the backward direction |
|
Fwd Byts/b Avg |
Average number of bytes bulk rate in the forward direction |
|
Fwd Pkts/b Avg |
Average number of packets bulk rate in the forward direction |
|
Fwd Blk Rate Avg |
Average number of bulk rate in the forward direction |
|
Bwd Byts/b Avg |
Average number of bytes bulk rate in the backward direction |
|
Bwd Pkts/b Avg |
Average number of packets bulk rate in the backward direction |
|
Bwd Blk Rate Avg |
Average number of bulk rate in the backward direction |
|
Subflow Fwd Pkts |
The average number of packets in a sub flow in the forward direction |
|
Subflow Fwd Byts |
The average number of bytes in a sub flow in the forward direction |
|
Subflow Bwd Pkts |
The average number of packets in a sub flow in the backward direction |
|
Subflow Bwd Byts |
The average number of bytes in a sub flow in the backward direction |
|
Init Fwd Win Byts |
The total number of bytes sent in initial window in the forward direction |
|
Init Bwd Win Byts |
The total number of bytes sent in initial window in the backward direction |
|
Fwd Act Data Pkts |
Count of packets with at least 1 byte of TCP data payload in the forward direction |
|
Fwd Seg Size Min |
Minimum segment size observed in the forward direction |
|
Active Mean |
Mean time a flow was active before becoming idle |
|
Active Std |
Standard deviation time a flow was active before becoming idle |
|
Active Max |
Maximum time a flow was active before becoming idle |
|
Active Min |
Minimum time a flow was active before becoming idle |
|
Idle Mean |
Mean time a flow was idle before becoming active |
|
Idle Std |
Standard deviation time a flow was idle before becoming active |
|
Idle Max |
Maximum time a flow was idle before becoming active |
|
Idle Min |
Minimum time a flow was idle before becoming active |
|
Label |
Attack label |
The DNP3 flow statistics generated by the DNP3 Python Parser are summarised below. The DNP3 flows and their statistics generated by the DNP3 Python Parser are labelled based on the DNP3 attacks described above, thus allowing the training of ML/DL models. Finally, it is worth mentioning that these statistics are available for various flow timeout values, such as 45, 60, 75, 90, 120 and 240 seconds.
Table 3: DNP3 Flow Statistics – Features
|
Feature |
Field description |
|
flow ID |
ID of the flow |
|
source IP |
Source IP address |
|
destination IP |
Destination IP address |
|
source port |
Source TCP/UDP Port |
|
destination port |
Destination TCP/UDP port |
|
protocol |
The protocol related to the corresponding flow |
|
date |
Flow timestamp |
|
TotalFwdPkts |
The total number of the DNP3 packets in the forward direction |
|
TotalBwdPkts |
The total number of the DNP3 packets in the backyard direction |
|
TotLenfwdDL |
The total size of the DNP3 payload at the link layer in the forward direction |
|
TotLenfwdTR |
The total size of the DNP3 payload at the transport layer in the forward direction |
|
TotLenfwdAPP |
The total size of the DNP3 payload at the application layer in the forward direction |
|
TotLenbwdDL |
The total size of the DNP3 payload at the link layer in the backyard direction |
|
TotLenbwdTR |
The total size of the DNP3 payload at the transport layer in the backyard direction |
|
TotLenbwdAPP |
The total size of the DNP3 payload at the application layer in the backyard direction |
|
DLfwdPktLenMAX |
The maximum size of the DNP3 payload at the link layer in the forward direction |
|
DLfwdPktLenMIN |
The minimum size of the DNP3 payload at the link layer in the forward direction |
|
DLfwdPktLenMEAN |
The mean of the DNP3 payload at the link layer in the forward direction |
|
DLfwdPktLenSTD |
The standard deviation of the DNP3 payload at the link layer in the forward direction |
|
TRfwdPktLenMAX |
The maximum size of the DNP3 payload at the transport layer in the forward direction |
|
TRfwdPktLenMIN |
The minimum size of the DNP3 payload at the transport layer in the forward direction |
|
TRfwdPktLenMEAN |
The mean of the DNP3 payload at the transport layer in the forward direction |
|
TRfwdPktLenSTD |
The standard deviation of the DNP3 payload at the transport layer in the forward direction |
|
APPfwdPktLenMAX |
The maximum size of the DNP3 payload at the application layer in the backyard direction |
|
APPfwdPktLenMIN |
The minimum size of the DNP3 payload at the application layer in the backyard direction |
|
APPfwdPktLenMEAN |
The mean of the DNP3 payload at the application layer in the backyard direction |
|
APPfwdPktLenSTD |
The standard deviation of the DNP3 payload at the application layer in the backyard direction |
|
DLbwdPktLenMAX |
The maximum size of the DNP3 payload at the link layer in the backyard direction |
|
DLbwdPktLenMIN |
The minimum size of the DNP3 payload at the link layer in the backyard direction |
|
DLbwdPktLenMEAN |
The mean of the DNP3 payload at the link layer in the backyard direction |
|
DLbwdPktLenSTD |
The standard deviation of the DNP3 payload at the link layer in the backyard direction |
|
TRbwdPktLenMAX |
The maximum size of the DNP3 payload at the transport layer in the backyard direction |
|
TRbwdPktLenMIN |
The minimum size of the DNP3 payload at the transport layer in the backyard direction |
|
TRbwdPktLenMEAN |
The mean of the DNP3 payload at the transport layer in the backyard direction |
|
TRbwdPktLenSTD |
The standard deviation of the DNP3 payload at the transport layer in the backyard direction |
|
APPbwdPktLenMAX |
The maximum size of the DNP3 payload at the application layer in the backyard direction |
|
APPbwdPktLenMIN |
The minimum size of the DNP3 payload at the application layer in the backyard direction |
|
APPbwdPktLenMEAN |
The mean of the DNP3 payload at the application layer in the backyard direction |
|
APPbwdPktLenSTD |
The standard deviation of the DNP3 payload at the application layer in the backyard direction |
|
DLflowBytes/sec |
How many bytes of the DNP3 link-layer were transmitted per second |
|
TRflowBytes/sec |
How many bytes of the DNP3 transport layer were transmitted per second |
|
APPflowBytes/sec |
How many bytes of the DNP3 application layer were transmitted per second |
|
FlowPkts/sec |
How many DNP3 packets were transmitted per second |
|
FlowIAT_MEAN |
The mean of the DNP3 packets interarrival time |
|
FlowIAT_STD |
The standard deviation of the DNP3 packets interarrival time |
|
FlowIAT_MAX |
The maximum value of the DNP3 packets interarrival time |
|
FlowIAT_MIN |
The minimum value of the DNP3 packets interarrival time |
|
TotalFwdIAT |
The sum of the DNP3 packets interarrival time in the forward direction |
|
fwdIAT_MEAN |
The mean of the DNP3 packets interarrival time in the forward direction |
|
fwdIAT_STD |
The standard deviation of the DNP3 packets interarrival time in the forward direction |
|
fwdIAT_MAX |
The maximum value of the DNP3 packets interarrival time in the forward direction |
|
fwdIAT_MIN |
The minimum value of the DNP3 packets interarrival time in the forward direction |
|
TotalBwdIAT |
The sum of the DNP3 packets interarrival time in the backyard direction |
|
bwdIAT_MEAN |
The mean of the DNP3 packets interarrival time in the backyard direction |
|
bwdIAT_STD |
The standard deviation of the DNP3 packets interarrival time in the backyard direction |
|
bwdIAT_MAX |
The maximum value of the DNP3 packets interarrival time in the backyard direction |
|
bwdIAT_MIN |
The minimum value of the DNP3 packets interarrival time in the backyard direction |
|
DLfwdHdrLen |
The sum of the DNP3 headers at the link layer in the forward direction |
|
TRfwdHdrLen |
The sum of the DNP3 headers at the transport layer in the forward direction |
|
APPfwdHdrLen |
The sum of the DNP3 headers at the application layer in the forward direction |
|
DLbwdHdrLen |
The sum of the DNP3 headers at the link layer in the backyard direction |
|
TRbwdHdrLen |
The sum of the DNP3 headers at the transport layer in the backyard direction |
|
APPbwdHdrLen |
The sum of the DNP3 headers at the application layer in the backyard direction |
|
fwdPkts/sec |
How many DNP3 packets per second in the forward direction |
|
bwdPkts/sec |
How many DNP3 packets per second in the backyard direction |
|
DLpktLenMEAN |
The mean of the bytes at the DNP3 link layer |
|
DLpktLenMIN |
The minimum value of the bytes at the DNP3 link layer |
|
DLpktLenMAX |
The maximum value of the bytes at the DNP3 link layer |
|
DLpktLenSTD |
The standard deviation of the bytes at the DNP3 link layer |
|
DLpktLenVAR |
The variance of the bytes at the DNP3 link layer |
|
TRpktLenMEAN |
The mean of the bytes at the DNP3 transport layer |
|
TRpktLenMIN |
The minimum value of the bytes at the DNP3 transport layer |
|
TRpktLenMAX |
The maximum value of the bytes at the DNP3 transport layer |
|
TRpktLenSTD |
The standard deviation of the bytes at the DNP3 transport layer |
|
TRpktLenVAR |
The variance of the bytes at the DNP3 transport layer |
|
APPpktLenMEAN |
The mean of the bytes at the DNP3 application layer |
|
APPpktLenMIN |
The minimum value of the bytes at the DNP3 application layer |
|
APPpktLenMAX |
The maximum value of the bytes at the DNP3 application layer |
|
APPpktLenSTD |
The standard deviation of the bytes at the DNP3 application layer |
|
APPpktLenVAR |
The variance of the bytes at the DNP3 application layer |
|
ActiveMEAN |
The time-mean where the flow was active |
|
ActiveSTD |
The time standard deviation where the flow was active |
|
ActiveMAX |
The maximum value of the time where the flow is active |
|
ActiveMIN |
The maximum value of the time where the flow is idle. |
|
IdleMEAN |
The time-mean where the flow was idle before becoming active |
|
IdleSTD |
The standard deviation of the time where the flow was idle before becoming active |
|
IdleMAX |
The maximum value of the time where the flow was idle before becoming active |
|
IdleMIN |
The minimum value of the time where the flow was idle before becoming active |
|
frameSrc |
The source MAC address |
|
frameDst |
The destination MAC address |
|
TotPktsInFlow |
The total number of the DNP3 packets |
|
firstPacketDIR |
Whether the flow was initiated by a DNP3 master device or DNP3 slave device |
|
mostCommonREQ_FUNC_CODE |
The DNP3 function code which was used mostly in the DNP3 request packets |
|
mostCommonRESP_FUNC_CODE |
The DNP3 function code which was used mostly in the DNP3 response packets |
|
corruptConfigFragments |
How many responses were sent by the slave, setting the corruptConfig bit in the IIN value |
|
deviceTroubleFragments |
How many responses were sent by the slave, setting the deviceTrouble bit in the IIN value |
|
deviceRestartFragments |
How many responses were sent by the slave, setting the deviceRestart bit in the IIN value |
|
pktsFromMASTER |
How many packets that transmitted by a DNP3 master device |
|
pktsFromSLAVE |
How many packets that transmitted by a DNP3 slave device |
|
Label |
Attack label |
6.Citation
The users of this dataset are kindly asked to cite the following papers as follows.
V. Kelli et al., "Attacking and Defending DNP3 ICS/SCADA Systems", 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2022, pp. 183-190, doi: 10.1109/DCOSS54816.2022.00041.
V. Kelli, P. Radoglou-Grammatikis, T. Lagkas, E. K. Markakis and P. Sarigiannidis, "Risk Analysis of DNP3 Attacks", 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022, pp. 351-356, doi: 10.1109/CSR54599.2022.9850291.
P. Radoglou-Grammatikis, P. Sarigiannidis, G. Efstathopoulos, P.-A.Karypidis, and A. Sarigiannidis, "Diderot: An intrusion detection and prevention system for dnp3-based scada systems", in Proceedings of the15th International Conference on Availability, Reliability and Security, ser. ARES ’20.New York, NY, USA: Association for Computing Machinery, 2020, doi: 10.1145/3407023.3409314.
7. Acknowledgment
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreements No 101021936 (ELECTRON) and No 833955 (SDN-microSENSE).
References
- V. Kelli et al., "Attacking and Defending DNP3 ICS/SCADA Systems", 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS), 2022, pp. 183-190, doi: 10.1109/DCOSS54816.2022.00041.
- V. Kelli, P. Radoglou-Grammatikis, T. Lagkas, E. K. Markakis and P. Sarigiannidis, "Risk Analysis of DNP3 Attacks", 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022, pp. 351-356, doi: 10.1109/CSR54599.2022.9850291.
- P. Radoglou-Grammatikis, P. Sarigiannidis, G. Efstathopoulos, P.-A.Karypidis, and A. Sarigiannidis, "Diderot: An intrusion detection and prevention system for dnp3-based scada systems", in Proceedings of the15th International Conference on Availability, Reliability and Security, ser. ARES ’20.New York, NY, USA: Association for Computing Machinery, 2020, doi: 10.1145/3407023.3409314.
- A. Gharib, I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, "An Evaluation Framework for Intrusion Detection Dataset", 2016 International Conference on Information Science and Security (ICISS), 2016, pp. 1-6, doi: 10.1109/ICISSEC.2016.7885840.
- S. Dadkhah, H. Mahdikhani, P. K. Danso, A. Zohourian, K. A. Truong and A. A. Ghorbani, "Towards the Development of a Realistic Multidimensional IoT Profiling Dataset", 2022 19th Annual International Conference on Privacy, Security & Trust (PST), 2022, pp. 1-11, doi: 10.1109/PST55820.2022.9851966.
Files
DNP3_Intrusion_Detection_Dataset_Readme.pdf
Files
(194.9 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:880a3e13cef99706e671a47f767b224d
|
194.4 MB | Download |
|
md5:d1b77f0d094f8ac74b763f04a9d36c56
|
500.0 kB | Preview Download |