Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Anomaly Detection Dataset for Industrial Control Systems
RISE Research Institutes of Sweden, Digital Systems, Industrial Systems. Mälardalens University, Sweden.ORCID iD: 0000-0001-5332-1033
Mälardalens University, Sweden.ORCID iD: 0000-0003-3354-1463
Mälardalens University, Sweden.ORCID iD: 0000-0002-4473-7763
RISE Research Institutes of Sweden, Digital Systems, Industrial Systems. Mälardalens University, Sweden.ORCID iD: 0000-0002-7235-6888
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 107982-107996Article in journal (Refereed) Published
Abstract [en]

Over the past few decades, Industrial Control Systems (ICS) have been targeted by cyberattacks and are becoming increasingly vulnerable as more ICSs are connected to the internet. Using Machine Learning (ML) for Intrusion Detection Systems (IDS) is a promising approach for ICS cyber protection, but the lack of suitable datasets for evaluating ML algorithms is a challenge. Although a few commonly used datasets may not reflect realistic ICS network data, lack necessary features for effective anomaly detection, or be outdated. This paper introduces the ’ICS-Flow’ dataset, which offers network data and process state variables logs for supervised and unsupervised ML-based IDS assessment. The network data includes normal and anomalous network packets and flows captured from simulated ICS components and emulated networks, where the anomalies were applied to the system through various cyberattacks. We also proposed an open-source tool, ’ICSFlowGenerator,’ for generating network flow parameters from Raw network packets. The final dataset comprises over 25,000,000 raw network packets, network flow records, and process variable logs. The paper describes the methodology used to collect and label the dataset and provides a detailed data analysis. Finally, we implement several ML models, including the decision tree, random forest, and artificial neural network to detect anomalies and attacks, demonstrating that our dataset can be used effectively for training intrusion detection ML models.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2023. Vol. 11, p. 107982-107996
Keywords [en]
Data mining; Decision trees; Feature extraction; Integrated circuits; Intrusion detection; Learning systems; Network security; Neural networks; Open systems; Anomaly detection; Anomaly detection dataset; Cyber-attacks; Features extraction; Industrial control systems; Integrated circuit modeling; Intrusion-Detection; Networks flows; Telecommunications traffic; Computer crime
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:ri:diva-67715DOI: 10.1109/ACCESS.2023.3320928Scopus ID: 2-s2.0-85173045898OAI: oai:DiVA.org:ri-67715DiVA, id: diva2:1809721
Funder
EU, Horizon 2020
Note

This work has been partially supported by the H2020 ECSEL EU project Intelligent Secure Trustable Things (InSecTT).

Available from: 2023-11-06 Created: 2023-11-06 Last updated: 2023-11-06Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Dehlaghi Ghadim, AlirezaHelali Moghadam, MahshidBalador, AliHansson, Hans

Search in DiVA

By author/editor
Dehlaghi Ghadim, AlirezaHelali Moghadam, MahshidBalador, AliHansson, Hans
By organisation
Industrial Systems
In the same journal
IEEE Access
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 95 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf