Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments

The increasing integration of cyber-physical systems in industrial environments has underscored the critical need of robust security mechanisms to counteract evolving cyber threats. To allow a full performance evaluation of these security mechanisms as well as the extension of their detection skills concerning new cyber-physical-attacks, this paper introduces an open-source dataset, called Industrial Control System - Anomaly Detection Dataset (ICS-ADD). ICS-ADD would like to be a valuable resource for researchers and practitioners who aim to develop, test, and benchmark new cyber-physical security monitoring and detection technologies. ICS-ADD comprises raw network traffic captures of an industrial control system (ICS) subjected to a variety of simulated cyber-attacks, including but not limited to denial of service (DoS), man-in-the-middle (MITM), and malware infiltration. In addition to raw network traffic, ICS-ADD includes the output of two widely utilized open-source security monitoring tools, OSSIM (Open Source Security Information Management) and Suricata, which offer insights concerning the detection and analysis capabilities of existing security frameworks against threats. The analysis appearing in this paper highlights the complexity and variety of modern cyber threats in industrial environments and the novelty of ICS-ADD with respect to publicly available datasets. The reported performance analysis of OSSIM and Suricata by using ICS-ADD reveals areas of improvement for the detection of new attacks, which will be object of future research concerning the protection of industrial control systems.