Datasets of RT spoofing attacks on MIL-STD-1553 communication traffic
Ran Yahalom,
David Barishev,
Alon Steren,
Yonatan Nameri,
Maxim Roytman,
Angel Porgador,
Yuval Elovici
Affiliations
Ran Yahalom
Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel; Cyber@Ben-Gurion University of the Negev (CBG) & Telekom Innovation Labs, Be'er Sheva 84105, P.O. Box 653, Israel; Corresponding author. Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel.
David Barishev
Cyber@Ben-Gurion University of the Negev (CBG) & Telekom Innovation Labs, Be'er Sheva 84105, P.O. Box 653, Israel
Alon Steren
Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel; Cyber@Ben-Gurion University of the Negev (CBG) & Telekom Innovation Labs, Be'er Sheva 84105, P.O. Box 653, Israel
Yonatan Nameri
Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel; Cyber@Ben-Gurion University of the Negev (CBG) & Telekom Innovation Labs, Be'er Sheva 84105, P.O. Box 653, Israel
Maxim Roytman
Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel; Cyber@Ben-Gurion University of the Negev (CBG) & Telekom Innovation Labs, Be'er Sheva 84105, P.O. Box 653, Israel
Angel Porgador
The Shraga Segal Department of Microbiology, Immunology and Genetics, Faculty of Health Sciences, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel
Yuval Elovici
Department of Software and Information System Engineering, Ben-Gurion University of the Negev, Be'er Sheva 84105, P.O. Box 653, Israel
The datasets in this article are produced to evaluate the ability of MIL-STD-1553 intrusion detection systems to detect attacks that emulate normal non-periodical messages, at differing attack occurrence rates. And different data representations. We present three streams of simulated MIL-STD-1553 traffic containing both normal and attack messages corresponding to packets that were injected into the bus by a malicious remote terminal. The implemented attacks emulate normal non-periodical communication so detecting them with a low false positive rate is non-trivial. Each stream is separated into a training set of normal messages and a test set of both normal and attack messages. The test sets differ by the occurrence rate of attack messages (0.01%, 0.10%, and 1.00%). Each stream is also preprocessed into a dataset of message sequences so that it can be used for sequential anomaly detection analysis. The sequential test sets differ by the occurrence rate of attack sequences (0.14%, 1.26%, and 11.01%). All dataset files can be found in Mendeley Data, doi:10.17632/jvgdrmjvs3.3.
