Difference between revisions of "Fieldbus traffic simulation logs"

From OpenScience
Jump to: navigation, search
(Created page with "=== Project Description === Benchmark collection for simulated fieldbus traffic. === Contact contributors === * Simeon Wiedenmann === Datasets === == KNX...")
 
(Publications)
 
(9 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
Benchmark collection for simulated fieldbus traffic.
 
Benchmark collection for simulated fieldbus traffic.
  
 
+
A modular, extendable, open test case collection to simulate attacks on field bus systems. Contribution welcome!
  
 
=== Contact contributors ===
 
=== Contact contributors ===
Line 21: Line 21:
 
|-
 
|-
 
|1
 
|1
|https://opsci.informatik.uni-rostock.de/repos/datasets/knx/normal.csv
+
|https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_csv.zip
 +
https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_json.zip
 
|1
 
|1
 
|[[User:sw674|Simeon Wiedenmann]]
 
|[[User:sw674|Simeon Wiedenmann]]
|A log of normal KNX traffic without any attacks
+
|A log of normal KNX traffic without any attacks in csv / json format
 +
Zip compressed CSV-file 14,3 MB (uncompressed 302,5 MB) CC BY-SA 4.0
 +
(CSV: Line Separator = LF, Enclosing Strings in = ", Field Separator = ; )
 +
 
 +
Zip compressed JSON-file 20,8 MB (uncompressed 817,7 MB) CC BY-SA 4.0
 +
 
 +
Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier.
 
|-
 
|-
 
|2
 
|2
|https://opsci.informatik.uni-rostock.de/repos/datasets/knx/normal.csv
+
|https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_csv.zip
 +
https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_json.zip
 
|1
 
|1
 
|[[User:sw674|Simeon Wiedenmann]]
 
|[[User:sw674|Simeon Wiedenmann]]
|A log of KNX traffic with artificially introduced attack telegrams  
+
|A log of KNX traffic with artificially introduced attack telegrams deduced from ID = 1 following this [https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/creationprocess_of_attacks_table_script.sql documentation and creation script]. Introduced attacks are documented at the bottom of that file and include manipulated hop_count values, new source_addresses, time shifted telegrams, replay attacks, negation attacks and the deletion of telegrams.
 +
Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier.
 +
|-
 +
|3
 +
|https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/replay_telegrams.zip
 +
https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/negation_telegrams.zip
 +
|2 and 1
 +
|[[User:sw674|Simeon Wiedenmann]]
 +
|These zip files contain csv and json versions of tables that contain certain telegrams that have been introduced into ID = 2 (attacks_with_seconds). In case one wants to match sequence_numbers of telegrams from attacks_with_seconds with those from attack_free_referencedataset_with_seconds, the following applies:
 +
-- For attacks of type 4: Table replay_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds.
 +
-- For attacks of type 5: Table negation_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds.
 +
|-
 
|}
 
|}
  
Line 38: Line 57:
  
 
=== Licence ===
 
=== Licence ===
All test cases of this benchmark collection are licensed under CC BY-SA 2.0 (see [https://creativecommons.org/licenses/] for more infos). When using individual test cases the test case author as well as this benchmark collection need to be named: e.g. Test Case by <author> published via []
+
All test cases of this benchmark collection are licensed under the Free Culture License CC BY-SA 4.0 (see [https://creativecommons.org/licenses/] for more infos). When using individual test cases the test case author as well as this benchmark collection need to be named: e.g. Test Case by <author> published via [https://opsci.informatik.uni-rostock.de/index.php/Fieldbus_traffic_simulation_logs]
 +
 
 +
<gallery mode="packed" widths=80px heights=80px>
 +
File:Cc.large.png|CC
 +
File:By.large.png|BY
 +
File:Sa.large.png|SA
 +
</gallery>
 +
 
 
=== Publications ===
 
=== Publications ===
 +
* [https://ieeexplore.ieee.org/document/8631474 Designing and Implementing a Benchmark Collection for Attack Simulation in Field bus Systems]

Latest revision as of 15:22, 22 July 2019

Project Description

Benchmark collection for simulated fieldbus traffic.

A modular, extendable, open test case collection to simulate attacks on field bus systems. Contribution welcome!

Contact contributors

Datasets

KNX

ID File Reference_ID Author E-Mail Notes
1 https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_csv.zip

https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_json.zip

1 Simeon Wiedenmann A log of normal KNX traffic without any attacks in csv / json format

Zip compressed CSV-file 14,3 MB (uncompressed 302,5 MB) CC BY-SA 4.0 (CSV: Line Separator = LF, Enclosing Strings in = ", Field Separator = ; )

Zip compressed JSON-file 20,8 MB (uncompressed 817,7 MB) CC BY-SA 4.0

Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier.

2 https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_csv.zip

https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_json.zip

1 Simeon Wiedenmann A log of KNX traffic with artificially introduced attack telegrams deduced from ID = 1 following this documentation and creation script. Introduced attacks are documented at the bottom of that file and include manipulated hop_count values, new source_addresses, time shifted telegrams, replay attacks, negation attacks and the deletion of telegrams.

Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier.

3 https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/replay_telegrams.zip

https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/negation_telegrams.zip

2 and 1 Simeon Wiedenmann These zip files contain csv and json versions of tables that contain certain telegrams that have been introduced into ID = 2 (attacks_with_seconds). In case one wants to match sequence_numbers of telegrams from attacks_with_seconds with those from attack_free_referencedataset_with_seconds, the following applies:

-- For attacks of type 4: Table replay_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds. -- For attacks of type 5: Table negation_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds.

Other Systems

Do you have any traffic for CAN, Profibus, Foundation Fieldbus, LON, EIA-485, RS-485 or any other fieldbus technology to offer, please contact Simeon Wiedenmann

Licence

All test cases of this benchmark collection are licensed under the Free Culture License CC BY-SA 4.0 (see [1] for more infos). When using individual test cases the test case author as well as this benchmark collection need to be named: e.g. Test Case by <author> published via [2]

Publications