ICS Dataset for Smart Grid Anomaly Detection
The dataset comprises of several files that contain smart grid communication, namely protocols IEC 60870-104 (IEC 104) and IEC 61850 (MMS) in form of CSV traces. The traces were generated from PCAP files using IPFIX flow probe or an extraction script. CSV traces include the timestamp, IP addresses and ports of communicating devices, and selected IEC 104 and MMS headers that are interesting for security monitoring and anomaly detection. Datasets were by obtained partly by monitoring communication of real ICS devices and partly by monitoring communication of virtual ICS applications. Datasets contain both normal traffic within a few days and traffic with attack like scanning, switching, command blocking, etc.
The dataset is provided in the form of CSV traces obtained from MMS or IEC 104 packets. It contains both normal traffic and communication with anomalies (cyber attacks, link failure, etc.). Dataset is available as a ZIP file with folders containing captured communication.