Skip to main content
SpringerLink
Log in
Book cover

International Conference on Critical Information Infrastructures Security

CRITIS 2019: Critical Information Infrastructures Security pp 122–133Cite as

Using Datasets from Industrial Control Systems for Cyber Security Research and Education

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11777))

Abstract

The availability of high-quality benchmark datasets is an important prerequisite for research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test novel models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. In this paper, we describe six publicly available datasets from the domain of Industrial Control Systems (ICS). Five of these datasets are obtained through experiments conducted in the context of operational ICS while the sixth is obtained from a widely used simulation tool, namely EPANET, for large scale water distribution networks. This paper presents two studies on the use of the datasets. The first study uses the dataset from a live water treatment plant. This study leads to a novel and explainable anomaly detection method based upon Timed Automata and Bayesian Networks. The study conducted in the context of education made use of the water distribution network dataset in a graduate course on cyber data analytics. Through an assignment, students explored the effectiveness of various methods for anomaly detection. Research outcomes and the success of the course indicate an appreciation in the research community and positive learning experience in education.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://itrust.sutd.edu.sg/research/dataset/.

  2. 2.

    https://itrust.sutd.edu.sg/dataset/.

References

  1. Almgren, M., et al.: RICS-el: building a national testbed for research and training on SCADA security (short paper). In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 219–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05849-4_17

    Chapter  Google Scholar 

  2. Anderson, R., et al.: Measuring the cost of cybercrime. In: Proceedings of the 11th Workshop on Economics of Information Security (2012)

    Google Scholar 

  3. Balaganski, A., Derwisch, S.: Big data and information security. KuppingerCole and BARC Joint Study, Report No.: 7400 (2016)

    Google Scholar 

  4. Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 154–166. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05849-4_12

    Chapter  Google Scholar 

  5. Council of the European Union: European council, council directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union (2016). https://eur-lex.europa.eu/eli/dir/2016/1148/oj

  6. Digitalbond: S4x15 ICS village CTF dataset (2015). https://www.digitalbond.com/blog/2015/03/16/s4x15-ctf-ics-village-page/

  7. G8: G8 principles for protecting critical information infrastructures (2003). http://www.cybersecuritycooperation.org/documents/G8_CIIP_Principles.pdf

  8. GFCE: global forum on cyber expertise (2015). https://www.thegfce.com/about

  9. Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)

    Google Scholar 

  10. Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems, vol. 9417, pp. 11–26. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26502-5_2

    Chapter  Google Scholar 

  11. ICS-CERT: Cyber-attack against Ukrainian critical infrastructure (2016). https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01

  12. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065. IEEE (2017)

    Google Scholar 

  13. iTrust: Centre for Research in Cyber Security (2015). https://itrust.sutd.edu.sg/

  14. iTrust: Secure Water Treatment (SWaT) Testbed (2015). https://itrust.sutd.edu.sg/research/dataset/

  15. Lemay, A., Fernandez, J.M.: Providing \(\{\)SCADA\(\}\) network data sets for intrusion detection research. In: 2016 9th Workshop on Cyber Security Experimentation and Test (\(\{\)CSET\(\}\)) (2016)

    Google Scholar 

  16. Lewis, J.A.: Economic impact of cybercrime-no slowing down (2018). https://www.csis.org/analysis/economic-impact-cybercrime

  17. Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: a graphical model-based approach for anomaly detection in Industrial Control Systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)

    Google Scholar 

  18. Luiijf, E., Besseling, K., De Graaf, P.: Nineteen national cyber security strategies. Int. J. Crit. Infrastruct. (IJCIS) 9(1/2), 3–31 (2013)

    Article  Google Scholar 

  19. Mathur, A.P., Tippenhauer, N.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE, USA, April 2016

    Google Scholar 

  20. McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)

    Article  MathSciNet  Google Scholar 

  21. Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 65–78. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_5

    Chapter  Google Scholar 

  22. Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)

    Article  Google Scholar 

  23. Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In: 7th Annual Southeastern Cyber Security Summit, pp. 3–4 (2015)

    Google Scholar 

  24. Morris, T.: Industrial control system (ICS) cyber attack datasets (2015). https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets

  25. NRF: Singapore, national cybersecurity R&D programme (2013). https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme

  26. Ostfeld, A., et al.: Battle of the water calibration networks. J. Water Resour. Plan. Manag. 138(5), 523–532 (2012)

    Article  Google Scholar 

  27. Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015)

    Article  Google Scholar 

  28. Rossman, L.A.: EPANET 2: User Manual (2000)

    Google Scholar 

  29. Symantec: Norton cyber security insights report, global results (2017). https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir-global-results-en.pdf

  30. Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Characterizing cyber-physical attacks on water distribution systems. J. Water Resour. Plan. Manag. 143(5), 04017009 (2017)

    Article  Google Scholar 

  31. Taormina, R., et al.: The battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8), 1–11 (2018)

    Article  Google Scholar 

  32. UC Irvine: Machine learning repository (2007). https://archive.ics.uci.edu/ml/index.php

  33. Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142–145 (2011)

    Article  Google Scholar 

Download references

Acknowledgements

This work is partially supported by Technologiestichting STW VENI project 13136 (MANTA), NWO project 62001628 (LEMMA) and the 2+2 PhD program of TUD and SUTD. This work was also supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-040) and administered by the National Cybersecurity R&D Directorate. The testbeds were made possible through funding from Ministry of Defence, Singapore, NRF and the SUTD-MIT International Design Centre (IDC). The authors thank Mark Goh for maintaining the iTrust datasets and processing requests for downloads.

Author information

Authors and Affiliations

  1. Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, Delft, The Netherlands

    Qin Lin, Sicco Verwer & Robert Kooij

  2. iTrust Centre for Research in Cyber Security, Singapore University of Technology and Design, Tampines, Singapore

    Robert Kooij & Aditya Mathur

  3. Computer Science, Purdue University, West Lafayette, USA

    Aditya Mathur

Authors
  1. Qin Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sicco Verwer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert Kooij
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aditya Mathur
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Kooij .

Editor information

Editors and Affiliations

  1. Linköping University, Linköping, Sweden

    Simin Nadjm-Tehrani

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, Q., Verwer, S., Kooij, R., Mathur, A. (2020). Using Datasets from Industrial Control Systems for Cyber Security Research and Education. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37670-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37669-7

  • Online ISBN: 978-3-030-37670-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation