research-article

Open access

PowerDuck: A GOOSE Data Set of Cyberattacks in Substations

Authors:

Immanuel Hacker,

Konrad Wolsing,

Martin SerrorAuthors Info & Claims

CSET '22: Proceedings of the 15th Workshop on Cyber Security Experimentation and Test

Pages 49 - 53

https://doi.org/10.1145/3546096.3546102

Published: 08 August 2022 Publication History

All formats PDF

Abstract

Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids.

References

[1]

Chuadhry Mujeeb Ahmed and Nandha Kumar Kandasamy. 2021. A Comprehensive Dataset from a Smart Grid Testbed for Machine Learning Based CPS Security Research. In CPS4CIP. Springer Int’l Pub., Cham.

[2]

Partha P. Biswas, Heng Chuan Tan, Qingbo Zhu, 2019. A Synthesized Dataset for Cybersecurity Study of IEC 61850 based Substation. In IEEE SmartGridComm.

[3]

Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2017. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In Critical Information Infrastructures Security. Springer Int’l Pub., Cham.

[4]

Tim Krause, Raphael Ernst, Benedikt Klaer, 2021. Cybersecurity in Power Grids: Challenges and Opportunities. Sensors 21, 18 (2021).

[5]

Ralph Langner. 2011. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy 9, 3 (2011).

Digital Library

[6]

Dan Li, Dacheng Chen, Baihong Jin, 2019. MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks. In International Conference on Artificial Neural Networks. Springer, Cham.

[7]

Chih-Yuan Lin, August Fundin, Erik Westring, 2021. RICSel21 Data Collection: Attacks in a Virtual Power Network. In IEEE SmartGridComm.

[8]

Ramin Moghaddass and Jianhui Wang. 2018. A Hierarchical Framework for Smart Grid Anomaly Detection Using Large-Scale Smart Meter Data. IEEE Transactions on Smart Grid 9, 6 (2018).

[9]

Ángel Luis Perales Gómez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, 2019. On the Generation of Anomaly Detection Datasets in Industrial Control Systems. IEEE Access 7(2019).

[10]

Martin Serror, Sacha Hack, Martin Henze, Marko Schuba, and Klaus Wehrle. 2021. Challenges and Opportunities in Securing the Industrial Internet of Things. IEEE Transactions on Industrial Informatics 17, 5 (2021).

[11]

Mustafizur R. Shahid, Gregory Blanc, Houda Jmila, 2020. Generative Deep Learning for Internet of Things Network Traffic Generation. In IEEE Pacific Rim International Symposium on Dependable Computing.

[12]

Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun, and HyoungChun Kim. 2020. HAI 1.0: HIL-based Augmented ICS Security Dataset. In USENIX Workshop on Cyber Security Experimentation and Test (CSET ’20).

[13]

David E. Whitehead, Kevin Owens, Dennis Gammel, and Jess Smith. 2017. Ukraine Cyber-Induced Power Outage: Analysis and Practical Mitigation Strategies. In IEEE Conference for Protective Relay Engineers.

[14]

Konrad Wolsing, Eric Wagner, Antoine Saillard, and Martin Henze. 2022. IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID ’22).

Digital Library

[15]

Tarun Yadav and Arvind Mallari Rao. 2015. Technical Aspects of Cyber Kill Chain. In Security in Computing and Communications. Springer Int’l Pub., Cham.

Cited By

Tabish NChaur-Luh T(2024)Maritime Autonomous Surface Ships: A Review of Cybersecurity Challenges, Countermeasures, and Future PerspectivesIEEE Access10.1109/ACCESS.2024.335708212(17114-17136)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3357082
Roa OBotero JGutierrez-Betancur STobar-Rosero O(2023)GOOSEAttacker: Synthetic Attack Generation Tool for IEC618502023 IEEE Latin-American Conference on Communications (LATINCOM)10.1109/LATINCOM59467.2023.10361897(1-6)Online publication date: 15-Nov-2023
https://doi.org/10.1109/LATINCOM59467.2023.10361897
Bader LSerror MLamberts OSen Övan der Velde DHacker IFilter JPadilla EHenze M(2023)Comprehensively Analyzing the Impact of Cyberattacks on Power Grids2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00066(1065-1081)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00066
Show More Cited By

Index Terms

PowerDuck: A GOOSE Data Set of Cyberattacks in Substations

Recommendations

Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Smart grid brings various advantages such as increased automation in decision making, tighter coupling between production and consumption, and increased digitalization. Because of the many changes that the smart grid inflicts on the power grid as ...
Cyberattacks: Economic Impacts and Risk Management Strategies
Abstract
The widespread adoption of emerging information and communication networks has increased organizations’ vulnerability to cyberattacks. These attacks – including data breaches, ransomware, and other cyber threats – pose significant economic risks ...
E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric

Distributed denial-of-service DDoS attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP Internet Protocol ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CSET '22: Proceedings of the 15th Workshop on Cyber Security Experimentation and Test

August 2022

150 pages

ISBN:9781450396844

DOI:10.1145/3546096

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 August 2022

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Bundesministerium für Wirtschaft und Klimaschutz

Conference

CSET 2022

CSET 2022: Cyber Security Experimentation and Test Workshop

August 8, 2022

CA, Virtual, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
1,214
Total Downloads

Downloads (Last 12 months)421
Downloads (Last 6 weeks)53

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tabish NChaur-Luh T(2024)Maritime Autonomous Surface Ships: A Review of Cybersecurity Challenges, Countermeasures, and Future PerspectivesIEEE Access10.1109/ACCESS.2024.335708212(17114-17136)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3357082
Roa OBotero JGutierrez-Betancur STobar-Rosero O(2023)GOOSEAttacker: Synthetic Attack Generation Tool for IEC618502023 IEEE Latin-American Conference on Communications (LATINCOM)10.1109/LATINCOM59467.2023.10361897(1-6)Online publication date: 15-Nov-2023
https://doi.org/10.1109/LATINCOM59467.2023.10361897
Bader LSerror MLamberts OSen Övan der Velde DHacker IFilter JPadilla EHenze M(2023)Comprehensively Analyzing the Impact of Cyberattacks on Power Grids2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00066(1065-1081)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00066
Elrawy MHadjidemetriou LLaoudias CMichael M(2023)Modelling and Analysing Security Threats Targeting Protective Relay Operations in Digital Substations2023 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR57506.2023.10224964(523-529)Online publication date: 31-Jul-2023
https://doi.org/10.1109/CSR57506.2023.10224964
Gaspar JCruz TLam CSimões P(2023)Smart Substation Communications and Cybersecurity: A Comprehensive SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.330546825:4(2456-2493)Online publication date: 15-Aug-2023
https://dl.acm.org/doi/10.1109/COMST.2023.3305468
Tobar Rosero OPérez González EBotero Vega JZapata Madrigal GRoa OCandelo-Becerra JGarcía Sierra R(2023)Digital Substations and Cybersecurity in the Transformation of the Electricity Sector2023 IEEE Colombian Caribbean Conference (C3)10.1109/C358072.2023.10436315(1-6)Online publication date: 22-Nov-2023
https://doi.org/10.1109/C358072.2023.10436315
Boeding MHempel MSharif HLopez JPerumalla K(2023)A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSEInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2023.10061842:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.ijcip.2023.100618

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten