Datasets
Standard Dataset
UNSW-MG24
- Citation Author(s):
- Submitted by:
- Zhibo Zhang
- Last updated:
- Sun, 01/26/2025 - 02:39
- DOI:
- 10.21227/q9td-3f09
- Data Format:
- License:
22 Views- Categories:
- Keywords:
Abstract
One of the major challenges of microgrid systems is the lack of comprehensive Intrusion Detection System (IDS) datasets specifically for realistic microgrid systems' communication. To address the unavailability of comprehensive IDS datasets for realistic microgrid systems, this paper presents a UNSW-MG24 dataset based on realistic microgrid testbeds. This dataset contains synthesized benign network traffic from different campus departments, network flow of attack activities, system call traces, and microgrid-specific data from an integrated Festo LabVolt microgrid system. Additionally, pivoting attacks and mimicry attacks are implemented to increase this dataset's heterogeneity for intrusion detection. Comprehensive features such as network flow attributes, system call parameters, and power measurement metrics are extracted from the generated dataset. Finally, a comprehensive evaluation of the UNSW-MG24 dataset using Machine Learning (ML) intrusion detection algorithms demonstrates its ability to validate new AI-based cybersecurity strategies for microgrid systems.
## Introduction
UNSW-MG24 is a comprehensive Intrusion Detection System (IDS) dataset specifically designed for communications of realistic microgrid systems. This dataset was generated based on realistic microgrid testbeds and contains heterogeneous data sources, including synthesized benign network traffic from different campus departments, system call traces of normal processes, microgrid power measurements, and various attack activities.
This dataset was collected from a realistic microgrid system at the Cyber Security Centre Laboratory, The University of New South Wales, Canberra. The dataset aims to address the lack of comprehensive IDS datasets for microgrid systems.
For more information on this work, including inspiration, development process and aims, please refer to our academic publication:
- "UNSW-MG24: Cyberattack Dataset and AI-based Intrusion Detection for Microgrid Systems" submitted to IEEE Open Journal of the Computer Society.
## Testbed Environment
The experimental testbed consists of various microgrid devices from the LabVolt Series by Festo Didactic, virtual machines in VMWare, and GNS3 network emulator. Microgrid devices include two chopper/photovoltaic (PV) inverters, one power supply, one synchronous generator, one four-quadrant dynamometer, two filters, two data acquisitions and control interfaces (DACIs), and resistance loads, all managed through LVDAC Energy Management System (EMS) software and SCADA systems.
## Dataset Overview
### Network Traffic
- **Benign Traffic**: Sythteic benign traffic was generated based on realistic network traffic caused by departmental behaviors (admin, teaching, and research) and Labvolt Festo microgrid controllers' network communications. Real benign traffic was collected from real microgrid controllers' network communications of the Festo LabVolt microgrid testbed in the laboratory.
- **Malicious Traffic**: Includes data from cyberattacks such as DoS, DDoS, MITM, and ransomware attacks.
### System Call Traces
- **Normal Traces**: Collected during regular operations, such as web browsing, file transfer, SCADA, and EMS software activities.
- **Malicious Traces**: Generated during various attack scenarios, including backdoors, ransomware, and mimicry attacks.
### Power Measurements
- **Benign Data**: Includes voltage, current, frequency, and motor speed measurements collected during microgrid operations.
### Pre and post processing
- **Network Traffic**: Convert PCAP files to CSV using CICFlowMeter to extract flow features.
- **System Calls**: Process raw logs using Python pandas to structure tabular data.
- **Power Measurements**: Data is available in structured CSV format.
Documentation
| Attachment | Size |
|---|---|
 readme.md | 4.38 KB |
