Abstract
The availability of high-quality benchmark datasets is an important prerequisite for research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test novel models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. In this paper, we describe six publicly available datasets from the domain of Industrial Control Systems (ICS). Five of these datasets are obtained through experiments conducted in the context of operational ICS while the sixth is obtained from a widely used simulation tool, namely EPANET, for large scale water distribution networks. This paper presents two studies on the use of the datasets. The first study uses the dataset from a live water treatment plant. This study leads to a novel and explainable anomaly detection method based upon Timed Automata and Bayesian Networks. The study conducted in the context of education made use of the water distribution network dataset in a graduate course on cyber data analytics. Through an assignment, students explored the effectiveness of various methods for anomaly detection. Research outcomes and the success of the course indicate an appreciation in the research community and positive learning experience in education.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Almgren, M., et al.: RICS-el: building a national testbed for research and training on SCADA security (short paper). In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 219–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05849-4_17
Anderson, R., et al.: Measuring the cost of cybercrime. In: Proceedings of the 11th Workshop on Economics of Information Security (2012)
Balaganski, A., Derwisch, S.: Big data and information security. KuppingerCole and BARC Joint Study, Report No.: 7400 (2016)
Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 154–166. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05849-4_12
Council of the European Union: European council, council directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union (2016). https://eur-lex.europa.eu/eli/dir/2016/1148/oj
Digitalbond: S4x15 ICS village CTF dataset (2015). https://www.digitalbond.com/blog/2015/03/16/s4x15-ctf-ics-village-page/
G8: G8 principles for protecting critical information infrastructures (2003). http://www.cybersecuritycooperation.org/documents/G8_CIIP_Principles.pdf
GFCE: global forum on cyber expertise (2015). https://www.thegfce.com/about
Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)
Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems, vol. 9417, pp. 11–26. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26502-5_2
ICS-CERT: Cyber-attack against Ukrainian critical infrastructure (2016). https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065. IEEE (2017)
iTrust: Centre for Research in Cyber Security (2015). https://itrust.sutd.edu.sg/
iTrust: Secure Water Treatment (SWaT) Testbed (2015). https://itrust.sutd.edu.sg/research/dataset/
Lemay, A., Fernandez, J.M.: Providing \(\{\)SCADA\(\}\) network data sets for intrusion detection research. In: 2016 9th Workshop on Cyber Security Experimentation and Test (\(\{\)CSET\(\}\)) (2016)
Lewis, J.A.: Economic impact of cybercrime-no slowing down (2018). https://www.csis.org/analysis/economic-impact-cybercrime
Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: a graphical model-based approach for anomaly detection in Industrial Control Systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)
Luiijf, E., Besseling, K., De Graaf, P.: Nineteen national cyber security strategies. Int. J. Crit. Infrastruct. (IJCIS) 9(1/2), 3–31 (2013)
Mathur, A.P., Tippenhauer, N.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE, USA, April 2016
McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)
Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 65–78. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_5
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)
Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In: 7th Annual Southeastern Cyber Security Summit, pp. 3–4 (2015)
Morris, T.: Industrial control system (ICS) cyber attack datasets (2015). https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets
NRF: Singapore, national cybersecurity R&D programme (2013). https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme
Ostfeld, A., et al.: Battle of the water calibration networks. J. Water Resour. Plan. Manag. 138(5), 523–532 (2012)
Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015)
Rossman, L.A.: EPANET 2: User Manual (2000)
Symantec: Norton cyber security insights report, global results (2017). https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir-global-results-en.pdf
Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Characterizing cyber-physical attacks on water distribution systems. J. Water Resour. Plan. Manag. 143(5), 04017009 (2017)
Taormina, R., et al.: The battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8), 1–11 (2018)
UC Irvine: Machine learning repository (2007). https://archive.ics.uci.edu/ml/index.php
Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142–145 (2011)
Acknowledgements
This work is partially supported by Technologiestichting STW VENI project 13136 (MANTA), NWO project 62001628 (LEMMA) and the 2+2 PhD program of TUD and SUTD. This work was also supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-040) and administered by the National Cybersecurity R&D Directorate. The testbeds were made possible through funding from Ministry of Defence, Singapore, NRF and the SUTD-MIT International Design Centre (IDC). The authors thank Mark Goh for maintaining the iTrust datasets and processing requests for downloads.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lin, Q., Verwer, S., Kooij, R., Mathur, A. (2020). Using Datasets from Industrial Control Systems for Cyber Security Research and Education. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-37670-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37669-7
Online ISBN: 978-3-030-37670-3
eBook Packages: Computer ScienceComputer Science (R0)