Skip to main content
SpringerLink
Log in

Process Control Cyber-Attacks and Labelled Datasets on S7Comm Critical Infrastructure

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10343))

Included in the following conference series:

Abstract

Cyber-security of their critical infrastructure is the current grand challenge facing nation-states. Development and research of cyber-security solutions for operational technology environments of critical infrastructure is being inhibited by the lack of publically available datasets. This paper provides a collection of labelled datasets containing attacks on the widely used STEP 7 (S7) protocol. To achieve this goal, we designed and executed a series of process-control attacks, using our physical critical infrastructure test-bed. The created labelled datasets, and the associated process logs, will directly aid in the development and assessment of intrusion detection systems (IDSs). We validate our dataset using Snort, configured with openly available S7 rule-sets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Link: https://github.com/qut-infosec/2017QUT_S7comm.

  2. 2.

    The Wash Tank runs with water. In a real world scenario, this could be any chemical.

  3. 3.

    http://www.digitalbond.com/tools/quickdraw/.

References

  1. Barbosa, R.R.R., Sadre, R., Pras, A.: A first look into SCADA network traffic. In: 2012 IEEE Network Operations and Management Symposium, pp. 518–521. IEEE (2012a)

    Google Scholar 

  2. Barbosa, R.R.R., Sadre, R., Pras, A.: Difficulties in modeling SCADA traffic: a comparative analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol. 7192, pp. 126–135. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28537-0_13

    Chapter  Google Scholar 

  3. Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: eCrime, pp. 1–9. IEEE (2010)

    Google Scholar 

  4. Knijff, R.V.D.: Control systems/SCADA forensics, what’s the difference? Digital Investigation (2014)

    Google Scholar 

  5. Meshram, A., Haas, C.: Anomaly detection in industrial networks using machine learning: a roadmap. In: Machine Learning for Cyber Physical Systems, pp. 65–72. Springer (2017)

    Google Scholar 

  6. Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Critical Infrastructure Protection VIII, pp. 65–78. Springer (2014)

    Google Scholar 

  7. Rodofile, N.R., Radke, K., Foo, E.: Framework for SCADA cyber-attack dataset creation. In: Proceedings of the ACSW-AISC. ACM (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Discipline, School of Electrical Engineering and Computer Science, Science and Engineering Faculty, Queensland University of Technology (QUT), Brisbane, Australia

    Nicholas R. Rodofile, Thomas Schmidt, Sebastian T. Sherry, Christopher Djamaludin, Kenneth Radke & Ernest Foo

  2. Fakultät für Elektrotechnik und Informationstechnik Ruhr-Universität Bochum, Bochum, Germany

    Thomas Schmidt

Authors
  1. Nicholas R. Rodofile
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sebastian T. Sherry
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christopher Djamaludin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kenneth Radke
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ernest Foo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicholas R. Rodofile .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Rodofile, N.R., Schmidt, T., Sherry, S.T., Djamaludin, C., Radke, K., Foo, E. (2017). Process Control Cyber-Attacks and Labelled Datasets on S7Comm Critical Infrastructure. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59870-3_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59869-7

  • Online ISBN: 978-3-319-59870-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation