Dataset of a Cyber-Physical Detection Tool Evaluated in a Multi-Stage Attack Scenario

Electric power systems are comprised of cyber and physical components that are crucial to grid resiliency. Data from both components should be collected when modeling power systems: data from communication networks and intrusion detection systems; physical telemetry from sensors and field devices. For accurate and timely detection of malicious activity, should we always account for cyber and physical telemetry data, or data fusion? To further investigate the application of data fusion, this paper presents a new threat scenario in which an adversary affects power generation. It is a multi-stage strategy that includes a database intrusion. Multiple industrial communication protocols are applied in a cyber-physical testbed. Packets and alarms are collected using our cyber-physical data fusion engine, and evaluated using an autoencoder algorithm. It predicted malicious packets with high precision at an early stage of the scenario, using cyber-only telemetry.