Skip to content

Latest commit

 

History

History
43 lines (33 loc) · 4.66 KB

README.md

File metadata and controls

43 lines (33 loc) · 4.66 KB

ICS PCAPs

Developed as a community asset

Tools

  • CapSan - Packet capture sanitizer/anonymizer for Jon Siwek at University of Illinois.
  • Malcolm - Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.

Protocol Organized PCAPs

  • Jason Smith's Organized ICS PCAP repo - A comprehensive collection of ICS/SCADA PCAPs organized by protocol. Make sure to have git lfs support and do a git lfs clone of the linked repo to get the actual files.

Captures

Datasets

  • iTrust Secure Water Treatment Testbed (SWaT/SUTD) Dataset - The SWaT Dataset was systematically generated from the Secure Water Treatment Testbed (SUTD) to address this need. The data collected from the testbed consists of 11 days of continuous operation. 7 days’ worth of data was collected under normal operation while 4 days’ worth of data was collected with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected [available by request]
  • iTrust WADI Dataset - Similar to the SWaT dataset, the data collected from the Water Distribution testbed consists of 16 days of continuous operation, of which 14 days’ worth of data was collected under normal operation and 2 days with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected. [available by request]
  • iTrust EPIC Dataset - Blaq_0 Hackathon was first organised in January 2018 for SUTD undergraduate students. Independent attack teams design and launch attacks on EPIC. Attack teams are scored according to how successful they are in performing attacks based on specific intents. [available by request]
  • Illinois ADSC 61850 Dataset - This repository contains network traces that describe GOOSE communications in a mock substation that consists of 4-buses and 18 IEDs. The IEDs communicate with each other using the IEC 61850 GOOSE protocol. These are traces that represent normal, disturbance, and attack scenarios.
  • HAI Dataset - The HAI dataset was collected from a realistic industrial control system (ICS) testbed augmented with a Hardware-In-the-Loop (HIL) simulator that emulates steam-turbine power generation and pumped-storage hydropower generation.

(creative commons license)