A hardware-in-the-loop Secure Water Treatment dataset for cyber-physical security testing

Citation Author(s):
Simone
Guarino
Campus Biomedico University of Rome
Luca
Faramondi
Campus Biomedico University of Rome
Roberto
Setola
Campus Biomedico University of Rome
Francesco
Flammini
Mälardalen University (Sweden)
Submitted by:
SIMONE GUARINO
Last updated:
Tue, 05/04/2021 - 05:04
DOI:
10.21227/rbvf-2h90
Data Format:
License:
0
0 ratings - Please login to submit your rating.

Abstract 

This dataset supports researchers in the validation process of solutions such as Intrusion Detection Systems (IDS) based on artificial intelligence and machine learning techniques for the detection and categorization of threats in Cyber Physical Systems (CPS). To that aim, data have been acquired from a Secure Water Treatment (SWaT) hardware-in-the-loop testbed which emulates water passage between nine tanks via solenoid-valves, pumps, pressure and flow sensors. The testbed is composed by a real partition which is virtually connected to a simulated one. The presented dataset consists of both physical and virtual process measurements in order to highlight the consequences of attacks in the physical process, in control variables as well as in network traffic behavior. Data have been acquired during four different acquisitions for a total of about two hours in normal behaviour and in presence of anomalies induced by different types of physical and/or cyber events.

Instructions: 

This dataset has related to the paper "A hardware-in-the-loop Secure Water Treatment dataset for cyber-physical security testing".
We provide four different acquisitions:
1) A normal acquisition without attacks ("normal.csv" for network traffic and "dataset_norm.csv" for physical measures)
2) Three acquisitions where different types of attacks and physical faults are reproduced ("attack_1.csv", "attack_2.csv" and "attack_3.csv" for network traffic and "dataset_att_1.csv", "dataset_att_2.csv" and "dataset_att_3.csv" for physical measures)
In addition to .csv files we provide four .pcap files ("attack_1.pcap", "attack_2.pcap", "attack_3.pcap" and "normal.pcap") which refer to network acquisitions for the four previous scenarios.
A README.xlsx file summarizes the key features of the entire dataset.