Sherlock: A Dataset for Process-aware Intrusion Detection Research on Power Grid Networks
- 1. Fraunhofer-Institut für Kommunikation, Informationsverarbeitung und Ergonomie FKIE
-
2.
Fraunhofer Institute for Communication, Information Processing and Ergonomics
Description
Sherlock is a dataset developed for research into, among others, process-aware intrusion detection in power grid networks. It is created with the power grid co-simulator Wattson. The dataset was initially presented in the ACM CODASPY'25 paper "Sherlock: A Dataset for Process-aware Intrusion Detection Research on Power Grid Networks" and a detailed documentation is available at https://sherlock.wattson.it/.
Sherlock contains 3 scenarios, namely 01_Basic, 02_Semiurban, and 03_Rural. All scenarios are of realistically-sized networks, but 01_Basic is smaller and therefore recommended for initial prototyping. 01_Basic and 02_Semiurban contain a train set without attacks, and a test set with attacks. 03_Rural only contains a test set to motivate research into transferability of results into new networks.
Each scenarios contains:
- network captures of primarily IEC 60870-5-104 from different vantage points
- accurate labels for attacks, recoveries from attacks, benign events, and normal operation
- ground truth data
- device logs
- captures transcibed into the Intrustrial Protocol Abstraction Layer (IPAL) format for easy processing