DDoS Attack Dataset in AMI using CICFlowMeter

Citation Author(s):
Hemavathi
N
Hariprasaath
R
Sriranjani
R
Praveen Kumar
R A
Srivathsan
Y
Submitted by:
Hemavathi N
Last updated:
Thu, 08/08/2024 - 07:58
DOI:
10.21227/kzdh-sf07
Data Format:
*.csv
License:
Creative Commons Attribution
304 Views
Categories:
IoT
Machine Learning
Smart Grid
Security
Keywords:
Smart grid, Advanced Metering Infrastructure Testbed, Distributed Denial of Service Attack, CICFlowMeter and Machine Learning
0
0 ratings - Please login to submit your rating.
ACCESS DATASET CITE SHARE/EMBED

Abstract 

Smart grid, an application of Internet of Things (IoT) is modern power grid that encompasses power and communication network from generation to utilization. Home Area Network (HAN), Field or Neighborhood Area Network (FAN/NAN) and Wide Area network (NAN) using Wireless LAN and Wireless/Wired WAN protocols are employed from generation to utilization . Advanced Metering Infrastructure, a utilization side infrastructure facilitates communication between smart meters and the server where energy efficient protocols are mandate to support smart grid . Under such circumstance, the smart devices involved in bidirectional communication is prone to diverse cyber threats due to diversity of devices, protocols, application programming interfaces and light weight cryptographic algorithms. Among the cyber threats, Distributed Denial of Service (DDoS) attack is one of the prominent threats that would result in unavailability of service.

Instructions: 

The Advanced Metering Infrastructure (AMI) is established in the Electrical Drives Laboratory, School of Electrical and Electronics Engineering, SASTRA Deemed University, Thanjavur, Tamil Nadu, India. In this AMI setup, smart meter actions are replicated on a Raspberry Pi board, which publishes the meter readings using the MQTT protocol through a router, which is also a Raspberry Pi board. The router runs a MOSQUITTO broker and a traffic monitoring program. A personal computer subscribes to the broker running on the router to receive meter readings and store the data.

An attacker node, another Raspberry Pi, is connected to the network and initiates a DDoS attack on the router. To generate DDoS traffic, the Python SCAPY library is used to create packets with random IP addresses and random source ports of SYN flood packets. Since the MQTT protocol uses Transmission Control Protocol (TCP), the attack node generates TCP-SYN packets targeting the router, flooding it with a large number of packets. Additionally, HPING3, a network tool, is used to send custom packets to the targeted IP.

The normal and malicious traffic is captured using CICFlowMeter and stored as a CSV file. The dataset includes 82 network features and is categorized into three classes: TCP_SYN attack without sniffing, TCP_SYN attack with sniffing and Normal traffic.

 

Funding Agency: 
Department Of Science & Technology-Science and Engineering Research Board, India
Grant Number: 
SPG/2021/000332

Dataset Files

LOGIN TO ACCESS DATASET FILES

 

QUESTIONS?