Datasets
Standard Dataset
IEC 61850 Process bus GOOSE attack datasets
- Citation Author(s):
- Submitted by:
- Xuelei Wang
- Last updated:
- Mon, 07/08/2024 - 15:59
- DOI:
- 10.21227/qr8j-h344
- Data Format:
- Research Article Link:
- License:
136 Views- Categories:
- Keywords:
Abstract
The datasets were collected by operating the testbed (simulation of small-scale of IEC 61850-compliant SASs) under four types of behaviours: 1) normal operation when no unusual events happen; 2) emergency operation when non-malicious events (e.g., short-circuit faults) happen; 3) an attack under normal operation to disrupt energy transmission; and 4) an attack under emergency operation to stop protection mechanisms or trigger undesirable protection operations.
Based on these four types of behaviours, a total of 31 datasets were generated. Each dataset consists of network traffic and system logs (simulink).
Note: Since the testbed only models instantaneous overcurrent protection and circuit breaker failure protection, the sensor data only contains circuit current values from sensors at different locations and the operational status of various circuit breakers.
There are three folders in the Datasets.zip. Original remain as raw datasets collected from the testbed while Normalised are normalised datasets after several data pre-processes, including format conversion, data merging, data normalisation, feature selection, feature extraction, and labelling.
Each Scenario consists of network traffic and system logs (simulink)
- network traffic contains 5 network PCAP files and 5 CSV files which are converted from those 5 pcap files
- simulink consists of 4 CSV files record physical features from four IEDs
Final are one-sheet datasets summarised from all benign and malicious scenarios. It includes six groups of datasets which are discribed in details in the manuscript.
