Dataset of a Cyber-Physical Detection Tool Evaluated in a Multi-Stage Attack Scenario
Electric power systems are comprised of cyber and physical components that are crucial to grid resiliency. Data from both components should be collected when modeling power systems: data from communication networks and intrusion detection systems; physical telemetry from sensors and field devices. For accurate and timely detection of malicious activity, should we always account for cyber and physical telemetry data, or data fusion? To further investigate the application of data fusion, this paper presents a new threat scenario in which an adversary affects power generation. It is a multi-stage strategy that includes a database intrusion. Multiple industrial communication protocols are applied in a cyber-physical testbed. Packets and alarms are collected using our cyber-physical data fusion engine, and evaluated using an autoencoder algorithm. It predicted malicious packets with high precision at an early stage of the scenario, using cyber-only telemetry.
This dataset documentation serves to explain the data that was used in the paper “On Grid Resiliency: Cyber-Physical Detection Tool Evaluated in a Multi-Stage Attack Scenario” to be presented at the IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (IEEE SmartGridComm 2023) in November, 2023 . Users of this dataset are recommended to refer to the documentation complementary to the explanations and details in the paper.
To reference this dataset, please use the following citation: L. Al Homoud, N. Barpanda, A. Goulart, K. Davis, and M. Rice, “On Grid Resiliency: Cyber-Physical Detection Tool Evaluated in a Multi-Stage Attack Scenario,” to be presented at the 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). IEEE, November 2023.