The Westermo Network Traffic Data Set

This is a data article in Elsevier's Data in Brief by P E Strandberg, D Söderman, A Dehlaghi-Ghadim, M Leon, T Markovic, S Punnekkat, M Helali Moghadam, and D Buffoni. The data set is available at github: [1] and the paper describing it was accepted to Elsevier's Data in Brief, late August 2023: [2]

Abstract

There is a growing body of knowledge on network intrusion detection, and several open data sets with network traffic and cyber-security threats have been released in the past decades. However, many data sets have aged, were not collected in a contemporary industrial communication system, or do not easily support research focusing on distributed anomaly detection. This paper presents the Westermo network traffic data set, 1.8 million network packets recorded in over 90 minutes in a network built up of twelve hardware devices. In addition to the raw data in PCAP format, the data set also contains pre-processed data in the form of network flows in CSV files. This data set can support the research community for topics such as intrusion detection, anomaly detection, misconfiguration detection, distributed or federated artificial intelligence, and attack classification. In particular, we aim to use the data set to continue work on resource-constrained distributed artificial intelligence in edge devices. The data set contains six types of events: harmless SSH, bad SSH, misconfigured IP address, duplicated IP address, port scan, and man in the middle attack.

Keywords: industrial communication system, cyber-physical systems, network intrusion detection, distributed artificial intelligence

Belongs in Kategori Publikationer