SUTDlogo itrust logo

Datasets

Overview
Impact
Terms of usage
Summary of available datasets
Dataset characteristics
Please select

Critical Infrastructure Security Showdown (CISS)

 

CISS, which was originally named the SUTD Security Showdown (S3), has enabled researchers and practitioners to assess the effectiveness of methods and products aimed at detecting cyber attacks launched in real-time on SWaT.

 

S317
Data was collected during the 2017 run of S3, named S317. More details of S317 can be found here.

Characteristics of dataset
  1. Network ‘pcap’ files for three days
  2. Historian data for three days
  3. Attack scenarios performed by the participants

 

 

CISS 2019

 

CISS2019.A1

On 27-30 Aug 2019, iTrust conducted the annual Critical Infrastructure Security Showdown (CISS 2019) exercise in SUTD. 4-days of data were collected during CISS 2019 from the SWaT testbed. On each day, the plant was running for 8 hours, from 0900 – 1300hrs and 1400 – 1800hrs (on the last day, the plant was only running from 0900 – 1300hrs). During this time, red teams launched attacks on the SWaT testbed. The CISS 2019 data consists of a total of 136,805 rows of state information. Each row contains measurements from 28 sensors as recorded in the SWaT Historian sampled at 1-second intervals. Two sets of data are available, one with attack information and one without.

 

CISS 2020-OL

The time-stamped dataset, containing one row every second, consists of two sets of Excel files. One set of files is labelled “Target-x” and the other as “CISS2020_OL-y.” There are three target files and 18 CISS_OL files. Each Target file contains approximately one hour of data collected while running SWaT under normal operating conditions. Each CISS_OL file contains data collected during approximately a 4-hour run during which a red team launched attacks on SWaT.

 

Each Target data file contains 82 columns where each column corresponds to one state variable of SWaT. Each CISS2020_OL data file contains 97 columns. In addition to the SWaT state, as in Target files, the dataset contains attack information. Specifically, the following information is available: attack launch (AL), attack update (AU), attack target, attack type (IT, OT, or both), attack intent, attack mode, attack outcome (Success, Fail), attacker ID (anonymised), attack ID, and attack sub-ID.