ICS Dataset for Smart Grid Anomaly Detection

Citation Author(s):
Brno University of Technology, Czech Republic
Brno University of Technology, Czech Republic
Brno University of Technology, Czech Republic
Submitted by:
Petr Matousek
Last updated:
Wed, 03/16/2022 - 11:08
Data Format:
0 ratings - Please login to submit your rating.


The dataset comprises of several files that contain smart grid communication, namely protocols IEC 60870-104 (IEC 104) and IEC 61850 (MMS) in form of CSV traces. The traces were generated from PCAP files using IPFIX flow probe or an extraction script. CSV traces include the timestamp, IP addresses and ports of communicating devices, and selected IEC 104 and MMS headers that are interesting for security monitoring and anomaly detection. Datasets were by obtained partly by monitoring communication of real ICS devices and partly by monitoring communication of virtual ICS applications. Datasets contain both normal traffic within a few days and traffic with attack like scanning, switching, command blocking, etc.


The dataset is provided in the form of CSV traces obtained from MMS or IEC 104 packets. It contains both normal traffic and communication with anomalies (cyber attacks, link failure, etc.). Dataset is available as a ZIP file with folders containing captured communication.

Funding Agency: 
Ministry of Interior, Czech Republic


I want to access this dataset.
Please show me how to do that.

Submitted by Prithwish Maiti on Tue, 04/26/2022 - 03:59

I download the dataset, but I was surprised that connection-loss, dos-attacks, injection-attack and normal-traffic are exactly the same file. The same issue with folder gis-mms.

Submitted by najet hamdi on Tue, 01/17/2023 - 14:23