Cyber-Physical Dataset for MiTM attacks in Power Systems

Citation Author(s):
Abhijeet
Sahu
Texas A&M University
Zeyu
Mao
Texas A&M University
Patrick
Wlazlo
Texas A&M University
Hao
Huang
Texas A&M University
Katherine
Davis
Texas A&M University
Ana
Goulart
Texas A&M University
Saman
Zonouz
Rutgers University
Submitted by:
Abhijeet sahu
Last updated:
Mon, 02/01/2021 - 12:56
DOI:
10.21227/e4dd-2163
Data Format:
License:
0
0 ratings - Please login to submit your rating.

Abstract 

The dataset is generated by performing different MiTM attacks in the synthetic electric grid in RESLab testbed at Texas A&M University, US. The testbed primarily consists of a dynamic power system simulator (Powerworld Dynamic Studio), network emulator (CORE), Snort IDS, open DNP3 master and Elasticsearch's Packetbeat index. There are raw and processed files that can be used by security enthusiasts to develop new features and also to train IDS using our feature space respectively.

Instructions: 

Dataset Directories:

a. Adversary/ : This folder contains the json files for the DNP3 and ARP based packets captured at the attacker machine used for constructing the labels. For example, the UC1_PyDNP3_CORE_Adversary_10_OS_30_dnp3.json file is for the use case 1 described in the RESLab paper with 10 DNP3 outstations monitored at 30-sec polling interval.

b. csvs/ : This folder contains all the processed and encoded files obtained after the merge and extraction process from multiple sources. The sub-directories distributes the files based on the use case. For example, the DS_merged_phy_cyb_10os_30poll.csv file within the use case 1 contains the merged and processed file for the use case 1 described in the RESLab paper with 10 DNP3  outstations monitored at 30-sec polling interval.

c. RawFiles/: This folder contains raw files obtained from different sources. This folder contains sub-directories: DS, master, router, and snort. The snort sub-directory contains snort logs running in the substation router for different use-cases. For example, the UC1_PyDNP3_CORE_Snort_10_OS_30_1017 file is for the use case 1 described in the RESLab paper with 10 DNP3 outstations monitored at 30 sec polling interval. The master, DS, router folder contains csvs/, PickleFiles/, and Raw/ sub-directories.  The csvs/ folders contain the same files present in the csvs folder mentioned in the previous directory. The PickleFiles/ folders contain the pickle files obtained from Pyshark libraries for adding additional features such as Round Trip Time (RTT) and retransmission. The Raw/ folders contain the raw pcap files in JSON format for creating the cyber and raw physical features.