Skip to content

Latest commit

 

History

History
 
 

pcaps

ICS PCAPs

Developed as a community asset

Tools

Protocol Organized PCAPs

  • Jason Smith's Organized ICS PCAP repo - A comprehensive collection of ICS/SCADA PCAPs organized by protocol. Make sure to have git lfs support and do a git lfs clone of the linked repo to get the actual files.

Captures

Datasets

  • 4SICS - 4SICS 2015 PCAP Files from their Geek Lounge
  • batadal datasets - water distribution datasets, also used here
  • control logic attack dataset - these consist of training datasets (normal), datasets of traditional control logic injection attacks, and datasets of (new) stealthy control logic injection attacks (i.e., Data Execution, Fragmentation and Noise Padding), for Schneider Electric's Modicon M221 PLC and Allen-Bradley's MicroLogix 1400 PLC.
  • covert modbus - Modbus Dataset from CSET 2016 demonstrating covert communications with modbus.
  • cybercity dataset - SANS Holiday Hack 2013 dataset
  • DoS Modbus dataset - used in CRITIS 2018 paper about machine learning fragility
  • electra modbus dataset - The Electra dataset models the behaviour of an electric traction substation used in a real high-speed railway area.
  • HAI Dataset - The HAI dataset was collected from a realistic industrial control system (ICS) testbed augmented with a Hardware-In-the-Loop (HIL) simulator that emulates steam-turbine power generation and pumped-storage hydropower generation.
  • hvac traces - This repository contains pcap traces of the HVAC system of a university
  • ics attack datasets - five datasets representing power systems, gas, and water storage ICS systems from Tommy Morris, et al.
  • iTrust Secure Water Treatment Testbed (SWaT/SUTD) Dataset - The SWaT Dataset was systematically generated from the Secure Water Treatment Testbed (SUTD) to address this need. The data collected from the testbed consists of 11 days of continuous operation. 7 days’ worth of data was collected under normal operation while 4 days’ worth of data was collected with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected [available by request]
  • iTrust WADI Dataset - Similar to the SWaT dataset, the data collected from the Water Distribution testbed consists of 16 days of continuous operation, of which 14 days’ worth of data was collected under normal operation and 2 days with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected. [available by request]
  • iTrust EPIC Dataset - Blaq_0 Hackathon was first organized in January 2018 for SUTD undergraduate students. Independent attack teams design and launch attacks on EPIC. Attack teams are scored according to how successful they are in performing attacks based on specific intents. [available by request]
  • Illinois ADSC 61850 Dataset - This repository contains network traces that describe GOOSE communications in a mock substation that consists of 4-buses and 18 IEDs. The IEDs communicate with each other using the IEC 61850 GOOSE protocol. These are traces that represent normal, disturbance, and attack scenarios.
  • mining s7 dataset - Process control cyber-attacks and labelled datasets on S7Comm critical infrastructure.
  • s4x15 dataset - captures from s4x15 conference.
  • WUSTL-IIOT-2018 Dataset - captures for 2018 paper demonstrating machine-learning applied to a representative ICS testbed.
  • QUT 2017 DNP3 dataset - DNP3 Cyber-attack dataset
  • QUT 2017 S7 dataset - S7 Cyber-attack dataset

(creative commons license)