General Information about Data Set Creation: +-------------------------+-------------------------------------------------------------------------------------------+ | Aspect | Description | +-------------------------+-------------------------------------------------------------------------------------------+ | Location | TU Wien Pilot Factory, Vienna – within the "turning cell" network segment | | Switch | Cisco 2960 enterprise-grade switch used for normal factory networking | | Traffic Mirroring | Mirror port (SPAN) on the switch forwarded all traffic to the capture device | | Capture Server | DAG* server equipped with an Endace capture card | | Time Synchronization | PPS** signal from external GPS antenna for microsecond-accurate timestamps | | Capture Characteristics | - Lossless Ethernet frame capture using Endace Hardware | | | - Off-path setup (capturing does not interfere with factory network) | | | - Suitable for real-time IDS and labeling | | | | | Captured Data | - 173 GB of PCAP data captured during 16 experiment days (395 hours) | | | - Includes benign traffic and penetration-test-based attacks | | | | | Factory Equipment | - EMCO MAXXTURN 45 Turning Machine | | Monitored | - Siemens PCU & NCU (840D SL), SENTRON PAC sensors | | | - MQTT brokers, IDS hosts, attacker, vulnerable Linux systems | +-------------------------+-------------------------------------------------------------------------------------------+ *Data Acquisition and Generation **Pulse Per Second File Descriptions: +-------------------------------+-------------------------------------------------------------+ | File/Folder | Description | +-------------------------------+-------------------------------------------------------------+ | readme.txt | Dataset usage, format, and required tools | | license.txt | Licensing details | | a_day1, a_day2, s_day1, s_day2| Attack data: mix of operational and malicious traffic | | tf_a, tf_s | Training data: contains only benign traffic | | images.zip | Visual representations of the dataset | | extractions.zip | Labeled/unlabeled packet and flow-level data | | a_day_tuesday_dos.zip | Extra attack day (includes DoS attack) – not labeled | | list_of_extracted_features | Full list of extracted flow features | | list_of_identified_protocols | All identifiable protocols in the PCAP files | +-------------------------------+-------------------------------------------------------------+ How to use: +-------------------------------+---------------------------------------------------------------------------------------------+ | File Type | How to Use | +-------------------------------+---------------------------------------------------------------------------------------------+ | PCAP | Analyze with Wireshark (https://www.wireshark.org/) – a powerful packet analyzer | | Open large CSV files | E.g. with EmEditor (https://www.emeditor.com/) – a lightweight editor for large files | | | (free version available) | | Extract Flows from PCAP files| Process using go-flows (https://github.com/CN-TU/go-flows) – a flow extractor for labeled | | | traffic data | +-------------------------------+---------------------------------------------------------------------------------------------+