Sven Zemanek
Eric Wagner
Martin Henze
ABSTRACT
Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids.
- Chuadhry Mujeeb Ahmed and Nandha Kumar Kandasamy. 2021. A Comprehensive Dataset from a Smart Grid Testbed for Machine Learning Based CPS Security Research. In CPS4CIP. Springer Int’l Pub., Cham.Google Scholar
- Partha P. Biswas, Heng Chuan Tan, Qingbo Zhu, 2019. A Synthesized Dataset for Cybersecurity Study of IEC 61850 based Substation. In IEEE SmartGridComm.Google Scholar
- Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2017. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In Critical Information Infrastructures Security. Springer Int’l Pub., Cham.Google Scholar
- Tim Krause, Raphael Ernst, Benedikt Klaer, 2021. Cybersecurity in Power Grids: Challenges and Opportunities. Sensors 21, 18 (2021).Google Scholar
- Ralph Langner. 2011. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy 9, 3 (2011).Google ScholarDigital Library
- Dan Li, Dacheng Chen, Baihong Jin, 2019. MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks. In International Conference on Artificial Neural Networks. Springer, Cham.Google Scholar
- Chih-Yuan Lin, August Fundin, Erik Westring, 2021. RICSel21 Data Collection: Attacks in a Virtual Power Network. In IEEE SmartGridComm.Google Scholar
- Ramin Moghaddass and Jianhui Wang. 2018. A Hierarchical Framework for Smart Grid Anomaly Detection Using Large-Scale Smart Meter Data. IEEE Transactions on Smart Grid 9, 6 (2018).Google ScholarCross Ref
- Ángel Luis Perales Gómez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, 2019. On the Generation of Anomaly Detection Datasets in Industrial Control Systems. IEEE Access 7(2019).Google ScholarCross Ref
- Martin Serror, Sacha Hack, Martin Henze, Marko Schuba, and Klaus Wehrle. 2021. Challenges and Opportunities in Securing the Industrial Internet of Things. IEEE Transactions on Industrial Informatics 17, 5 (2021).Google ScholarCross Ref
- Mustafizur R. Shahid, Gregory Blanc, Houda Jmila, 2020. Generative Deep Learning for Internet of Things Network Traffic Generation. In IEEE Pacific Rim International Symposium on Dependable Computing.Google Scholar
- Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun, and HyoungChun Kim. 2020. HAI 1.0: HIL-based Augmented ICS Security Dataset. In USENIX Workshop on Cyber Security Experimentation and Test (CSET ’20).Google Scholar
- David E. Whitehead, Kevin Owens, Dennis Gammel, and Jess Smith. 2017. Ukraine Cyber-Induced Power Outage: Analysis and Practical Mitigation Strategies. In IEEE Conference for Protective Relay Engineers.Google Scholar
- Konrad Wolsing, Eric Wagner, Antoine Saillard, and Martin Henze. 2022. IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’22).Google ScholarDigital Library
- Tarun Yadav and Arvind Mallari Rao. 2015. Technical Aspects of Cyber Kill Chain. In Security in Computing and Communications. Springer Int’l Pub., Cham.Google Scholar
Index Terms
- PowerDuck: A GOOSE Data Set of Cyberattacks in Substations
Recommendations
Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecuritySmart grid brings various advantages such as increased automation in decision making, tighter coupling between production and consumption, and increased digitalization. Because of the many changes that the smart grid inflicts on the power grid as ...
E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric
Distributed denial-of-service DDoS attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP Internet Protocol ...
Cyberattacks: Why, What, Who, and How
Enterprises rely extensively on computerized information systems and electronic data in cyberspace to perform their daily activities and business. Today, virtually all public and private organizations connect to and live in cyberspace. As computers, ...
Comments