X-IIoTID: A Connectivity- and Device-agnostic Intrusion Dataset for Industrial Internet of Things

Industrial Internet of Things (IIoTs) are high-value cyber targets due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT's co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems' activities, connectivities and attack behaviors. In addition, owing to their multi-platform connectivity protocols and multi-vendor devices, collecting and creating such data is also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion dataset for an IIoT called X-IIoTID, connectivity- and device-agnostic intrusion dataset for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multi-view features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with eighteen intrusion datasets to verify its novelty.