Skip to main content

Using Datasets from Industrial Control Systems for Cyber Security Research and Education

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11777))


The availability of high-quality benchmark datasets is an important prerequisite for research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test novel models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. In this paper, we describe six publicly available datasets from the domain of Industrial Control Systems (ICS). Five of these datasets are obtained through experiments conducted in the context of operational ICS while the sixth is obtained from a widely used simulation tool, namely EPANET, for large scale water distribution networks. This paper presents two studies on the use of the datasets. The first study uses the dataset from a live water treatment plant. This study leads to a novel and explainable anomaly detection method based upon Timed Automata and Bayesian Networks. The study conducted in the context of education made use of the water distribution network dataset in a graduate course on cyber data analytics. Through an assignment, students explored the effectiveness of various methods for anomaly detection. Research outcomes and the success of the course indicate an appreciation in the research community and positive learning experience in education.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

  2. 2.


  1. Almgren, M., et al.: RICS-el: building a national testbed for research and training on SCADA security (short paper). In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 219–225. Springer, Cham (2019).

    Chapter  Google Scholar 

  2. Anderson, R., et al.: Measuring the cost of cybercrime. In: Proceedings of the 11th Workshop on Economics of Information Security (2012)

    Google Scholar 

  3. Balaganski, A., Derwisch, S.: Big data and information security. KuppingerCole and BARC Joint Study, Report No.: 7400 (2016)

    Google Scholar 

  4. Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., Žutautaitė, I., Hämmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 154–166. Springer, Cham (2019).

    Chapter  Google Scholar 

  5. Council of the European Union: European council, council directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union (2016).

  6. Digitalbond: S4x15 ICS village CTF dataset (2015).

  7. G8: G8 principles for protecting critical information infrastructures (2003).

  8. GFCE: global forum on cyber expertise (2015).

  9. Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017)

    Google Scholar 

  10. Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems, vol. 9417, pp. 11–26. Springer, Cham (2015).

    Chapter  Google Scholar 

  11. ICS-CERT: Cyber-attack against Ukrainian critical infrastructure (2016).

  12. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065. IEEE (2017)

    Google Scholar 

  13. iTrust: Centre for Research in Cyber Security (2015).

  14. iTrust: Secure Water Treatment (SWaT) Testbed (2015).

  15. Lemay, A., Fernandez, J.M.: Providing \(\{\)SCADA\(\}\) network data sets for intrusion detection research. In: 2016 9th Workshop on Cyber Security Experimentation and Test (\(\{\)CSET\(\}\)) (2016)

    Google Scholar 

  16. Lewis, J.A.: Economic impact of cybercrime-no slowing down (2018).

  17. Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: a graphical model-based approach for anomaly detection in Industrial Control Systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525–536. ACM (2018)

    Google Scholar 

  18. Luiijf, E., Besseling, K., De Graaf, P.: Nineteen national cyber security strategies. Int. J. Crit. Infrastruct. (IJCIS) 9(1/2), 3–31 (2013)

    Article  Google Scholar 

  19. Mathur, A.P., Tippenhauer, N.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE, USA, April 2016

    Google Scholar 

  20. McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)

    Article  MathSciNet  Google Scholar 

  21. Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 65–78. Springer, Heidelberg (2014).

    Chapter  Google Scholar 

  22. Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)

    Article  Google Scholar 

  23. Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In: 7th Annual Southeastern Cyber Security Summit, pp. 3–4 (2015)

    Google Scholar 

  24. Morris, T.: Industrial control system (ICS) cyber attack datasets (2015).

  25. NRF: Singapore, national cybersecurity R&D programme (2013).

  26. Ostfeld, A., et al.: Battle of the water calibration networks. J. Water Resour. Plan. Manag. 138(5), 523–532 (2012)

    Article  Google Scholar 

  27. Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104–3113 (2015)

    Article  Google Scholar 

  28. Rossman, L.A.: EPANET 2: User Manual (2000)

    Google Scholar 

  29. Symantec: Norton cyber security insights report, global results (2017).

  30. Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Characterizing cyber-physical attacks on water distribution systems. J. Water Resour. Plan. Manag. 143(5), 04017009 (2017)

    Article  Google Scholar 

  31. Taormina, R., et al.: The battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8), 1–11 (2018)

    Article  Google Scholar 

  32. UC Irvine: Machine learning repository (2007).

  33. Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142–145 (2011)

    Article  Google Scholar 

Download references


This work is partially supported by Technologiestichting STW VENI project 13136 (MANTA), NWO project 62001628 (LEMMA) and the 2+2 PhD program of TUD and SUTD. This work was also supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-040) and administered by the National Cybersecurity R&D Directorate. The testbeds were made possible through funding from Ministry of Defence, Singapore, NRF and the SUTD-MIT International Design Centre (IDC). The authors thank Mark Goh for maintaining the iTrust datasets and processing requests for downloads.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Robert Kooij .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, Q., Verwer, S., Kooij, R., Mathur, A. (2020). Using Datasets from Industrial Control Systems for Cyber Security Research and Education. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37669-7

  • Online ISBN: 978-3-030-37670-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics