Mlot, Esteban Damián Gutiérrez; Saldana, Jose; Rodríguez, Ricardo J.; Kotsiuba, Igor; Gañan, Carlos H.
A dataset to train intrusion detection systems based on machine learning models for electrical substations Journal Article
In: Data in Brief, vol. 57, pp. 111153, 2024, ISSN: 2352-3409.
Abstract | Links | BibTeX | Tags: critical infrastructure, cybersecurity, IEC104, IEC60870-5-104, IEC61850, testbed
@article{MlotSRKG-DIB-24,
title = {A dataset to train intrusion detection systems based on machine learning models for electrical substations},
author = {Esteban Damián Gutiérrez Mlot and Jose Saldana and Ricardo J. Rodríguez and Igor Kotsiuba and Carlos H. Gañan},
url = {https://webdiis.unizar.es/~ricardo/files/papers/GutierrezMlotSRKG-DIB-24.pdf},
doi = {10.1016/j.dib.2024.111153},
issn = {2352-3409},
year = {2024},
date = {2024-12-01},
journal = {Data in Brief},
volume = {57},
pages = {111153},
abstract = {The growing integration of Information and Communication Technology into Operational Technology environments in electrical substations exposes them to new cybersecurity threats. This paper presents a comprehensive dataset of substation traffic, aimed at improving the training and benchmarking of Intrusion Detection Systems (IDS) installed in these facilities that are based on machine learning techniques. The dataset includes raw network captures and flows from real substations, filtered and anonymized to ensure privacy. It covers the main protocols and standards used in substation environments: IEC61850, IEC104, NTP, and PTP. Additionally, the dataset includes traces obtained during several cyberattacks, which were simulated in a controlled laboratory environment, providing a rich resource for developing and testing machine learning models for cybersecurity applications in substations. A set of complementary tools for dataset creation and preprocessing are also included to standardize the methodology, ensuring consistency and reproducibility. In summary, the dataset addresses the critical need for high-quality, targeted data for tuning IDS at electrical substations and contributes to the advancement of secure and reliable power distribution networks.},
keywords = {critical infrastructure, cybersecurity, IEC104, IEC60870-5-104, IEC61850, testbed},
pubstate = {published},
tppubtype = {article}
}
The growing integration of Information and Communication Technology into Operational Technology environments in electrical substations exposes them to new cybersecurity threats. This paper presents a comprehensive dataset of substation traffic, aimed at improving the training and benchmarking of Intrusion Detection Systems (IDS) installed in these facilities that are based on machine learning techniques. The dataset includes raw network captures and flows from real substations, filtered and anonymized to ensure privacy. It covers the main protocols and standards used in substation environments: IEC61850, IEC104, NTP, and PTP. Additionally, the dataset includes traces obtained during several cyberattacks, which were simulated in a controlled laboratory environment, providing a rich resource for developing and testing machine learning models for cybersecurity applications in substations. A set of complementary tools for dataset creation and preprocessing are also included to standardize the methodology, ensuring consistency and reproducibility. In summary, the dataset addresses the critical need for high-quality, targeted data for tuning IDS at electrical substations and contributes to the advancement of secure and reliable power distribution networks.
Mlot, Esteban Damián Gutiérrez; Saldana, Jose; Rodrı́guez, Ricardo J.
Towards a Testbed for Critical Industrial Systems: SunSpec Protocol on DER Systems as a Case Study Proceedings Article
In: Proceedings of the 27th International Conference on Emerging Technologies and Factory Automation, pp. 1–4, IEEE, 2022.
Abstract | Links | BibTeX | Tags: critical infrastructure, cybersecurity, testbed
@inproceedings{GSR-ETFA-22,
title = {Towards a Testbed for Critical Industrial Systems: SunSpec Protocol on DER Systems as a Case Study},
author = {Esteban Damián Gutiérrez Mlot and Jose Saldana and Ricardo J. Rodrı́guez},
url = {http://webdiis.unizar.es/~ricardo/files/papers/GSR-ETFA-22.pdf},
doi = {10.1109/ETFA52439.2022.9921522},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
booktitle = {Proceedings of the 27th International Conference on Emerging Technologies and Factory Automation},
pages = {1--4},
publisher = {IEEE},
abstract = {Control systems in critical infrastructures have usually been considered safe as long as they were totally isolated from the outside world. However, today many of these systems are connected to the outside world and use open and standardized communication protocols designed with little or no security measures, such as Modbus or its variants such as SunSpec, widely used in distributed energy resources systems. This work-in-progress presents a testbed based on open source tools and docker containers to easily evaluate cybersecurity measures against cyberattacks on critical infrastructures without affecting their availability. This testbed is validated in a use case based on the SunSpec protocol in DER systems to detect person-in-the-middle attacks, and is implemented on a hardware-constrained appliance dubbed Energy Box.},
keywords = {critical infrastructure, cybersecurity, testbed},
pubstate = {published},
tppubtype = {inproceedings}
}
Control systems in critical infrastructures have usually been considered safe as long as they were totally isolated from the outside world. However, today many of these systems are connected to the outside world and use open and standardized communication protocols designed with little or no security measures, such as Modbus or its variants such as SunSpec, widely used in distributed energy resources systems. This work-in-progress presents a testbed based on open source tools and docker containers to easily evaluate cybersecurity measures against cyberattacks on critical infrastructures without affecting their availability. This testbed is validated in a use case based on the SunSpec protocol in DER systems to detect person-in-the-middle attacks, and is implemented on a hardware-constrained appliance dubbed Energy Box.
Hernández-Bejarano, Miguel; Rodríguez, Ricardo J; Merseguer, José
A Vision for Improving Business Continuity through Cyber-resilience Mechanisms and Frameworks Proceedings Article
In: Proceedings of the 16th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–5, 2021.
Abstract | Links | BibTeX | Tags: cyber-attacks, cybersecurity, menaces, resilience, vulnerabilities
@inproceedings{HRM-CISTI-21,
title = {A Vision for Improving Business Continuity through Cyber-resilience Mechanisms and Frameworks},
author = {Miguel Hernández-Bejarano and Ricardo J Rodríguez and José Merseguer},
url = {http://webdiis.unizar.es/~ricardo/files/papers/HRM-CISTI-21.pdf},
doi = {10.23919/CISTI52073.2021.9476324},
year = {2021},
date = {2021-01-01},
booktitle = {Proceedings of the 16th Iberian Conference on Information Systems and Technologies (CISTI)},
pages = {1--5},
abstract = {Nowadays, business organizations support daily operations using Information and Communication Technologies. They serve as a basis to have a con- trolled management of resources, services and business goals, aligned with the mission of the organization. In this paper, we review standards and frameworks for achieving cyber-resilience in organizations, such as the NIST framework, ENISA, or international standards as the ISO/IEC 27032. We then envision the need of a new cyber-resilience framework that leveraging machine learning techniques contributes to improve business continuity.},
keywords = {cyber-attacks, cybersecurity, menaces, resilience, vulnerabilities},
pubstate = {published},
tppubtype = {inproceedings}
}
Nowadays, business organizations support daily operations using Information and Communication Technologies. They serve as a basis to have a con- trolled management of resources, services and business goals, aligned with the mission of the organization. In this paper, we review standards and frameworks for achieving cyber-resilience in organizations, such as the NIST framework, ENISA, or international standards as the ISO/IEC 27032. We then envision the need of a new cyber-resilience framework that leveraging machine learning techniques contributes to improve business continuity.