Federated OCPP 1.6 Intrusion Detection Dataset

The Federated OCPP 1.6 Intrusion Detection Dataset contains network traffic and labeled data related to cyberattacks on OCPP 1.6, designed to support AI-based Intrusion Detection Systems. It includes attacks such as Charging Profile Manipulation, Denial of Charge, Heartbeat Flooding DoS, and Unauthorized Access.

The dataset consists of multiple files: the Balanced_OCPP16_APP_Layer.7z includes CSV files with OCPP-specific statistics for AI/ML training, while the Balanced_OCPP16_TCP-IP_Layer.7z contains CSV files with TCP/IP flow statistics. Additionally, each specific cyberattack has a corresponding compressed file (OCPP16_AttackX.7z) that contains both PCAP files with raw network traffic and CSVs with extracted statistics.

The data includes TCP/IP flow statistics generated by CICFlowMeter, capturing packet sizes, flow duration, and flag counts, along with OCPP 1.6 flow statistics from OCPPFlowMeter, providing details on WebSocket interactions and protocol-specific message counts. Two balanced dataset versions exist—one for OCPP and another for TCP/IP layers—ensuring equal sample distribution per class. The dataset is split into 70% training and 30% testing, with an additional partitioning for Federated Learning across multiple clients.

For analysis, PCAP files can be used to examine raw traffic, while CSV files serve as input for AI/ML model training and evaluation. Each attack folder contains a README.txt file summarizing labeling details, IP addresses, and attack descriptions. Further details are available in the attached dataset documentation.

Citation & References

C. Dalamagkas, P. Radoglou-Grammatikis, P. Bouzinis, I. Papadopoulos, T. Lagkas, V. Argyriou, S. Goudos, D. Margounakis, E. Fountoukidis and P. Sarigiannidis, “Federated Detection of Open Charge Point Protocol 1.6 Cyberattacks,” Feb. 03, 2025, arXiv: arXiv:2502.01569. doi: 10.48550/arXiv.2502.01569.