A Novel Dataset for Experimentation With Intrusion Detection Systems in SCADA Networks Using IEC 60870-5-104 Standard

Supervisory Control and Data Acquisition (SCADA) systems, particularly Remote Terminal Units (RTUs), are vulnerable to cyber-attacks due to their limited computing resources. This study addresses the need for a reliable, publicly available dataset for comprehensive attack detection experiments in SCADA networks. We developed a dataset for SCADA systems operating under the IEC 60870-5-104 protocol in an electricity distribution network. Using a hybrid virtual-physical testbed that simulates SCADA communications, we generated normal and attack scenarios, including port scans, brute force attacks, ICMP floods, SYN floods, Xmas scans, and IEC 104 floods. Snort and Suricata verified the integrity of the dataset. We then evaluated six Intrusion Detection System (IDS) models using different machine learning algorithms, i.e.: Artificial Neural Network, Categorical Naïve Bayes, Decision Tree, K-Nearest Neighbors, Gradient Boosting, and Random Forest. The Decision Tree and Random Forest models achieved the highest accuracy of 93.66%. This dataset aims to support further research and development of robust IDS solutions for SCADA systems.