Difference between revisions of "Fieldbus traffic simulation logs"
(→KNX: adding note about timestamp resolution of first test cases) |
(→Publications) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
Benchmark collection for simulated fieldbus traffic. | Benchmark collection for simulated fieldbus traffic. | ||
− | + | A modular, extendable, open test case collection to simulate attacks on field bus systems. Contribution welcome! | |
=== Contact contributors === | === Contact contributors === | ||
Line 21: | Line 21: | ||
|- | |- | ||
|1 | |1 | ||
− | |https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/ | + | |https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_csv.zip |
− | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/ | + | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_json.zip |
|1 | |1 | ||
|[[User:sw674|Simeon Wiedenmann]] | |[[User:sw674|Simeon Wiedenmann]] | ||
|A log of normal KNX traffic without any attacks in csv / json format | |A log of normal KNX traffic without any attacks in csv / json format | ||
− | Zip compressed CSV-file 14, | + | Zip compressed CSV-file 14,3 MB (uncompressed 302,5 MB) CC BY-SA 4.0 |
(CSV: Line Separator = LF, Enclosing Strings in = ", Field Separator = ; ) | (CSV: Line Separator = LF, Enclosing Strings in = ", Field Separator = ; ) | ||
− | Zip compressed JSON-file | + | Zip compressed JSON-file 20,8 MB (uncompressed 817,7 MB) CC BY-SA 4.0 |
− | Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. | + | Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier. |
|- | |- | ||
|2 | |2 | ||
− | |https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/ | + | |https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_csv.zip |
− | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/ | + | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_json.zip |
|1 | |1 | ||
|[[User:sw674|Simeon Wiedenmann]] | |[[User:sw674|Simeon Wiedenmann]] | ||
− | |A log of KNX traffic with artificially introduced attack telegrams | + | |A log of KNX traffic with artificially introduced attack telegrams deduced from ID = 1 following this [https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/creationprocess_of_attacks_table_script.sql documentation and creation script]. Introduced attacks are documented at the bottom of that file and include manipulated hop_count values, new source_addresses, time shifted telegrams, replay attacks, negation attacks and the deletion of telegrams. |
− | + | Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier. | |
− | Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. | + | |- |
− | + | |3 | |
+ | |https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/replay_telegrams.zip | ||
+ | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/negation_telegrams.zip | ||
+ | |2 and 1 | ||
+ | |[[User:sw674|Simeon Wiedenmann]] | ||
+ | |These zip files contain csv and json versions of tables that contain certain telegrams that have been introduced into ID = 2 (attacks_with_seconds). In case one wants to match sequence_numbers of telegrams from attacks_with_seconds with those from attack_free_referencedataset_with_seconds, the following applies: | ||
+ | -- For attacks of type 4: Table replay_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds. | ||
+ | -- For attacks of type 5: Table negation_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds. | ||
+ | |- | ||
|} | |} | ||
Line 58: | Line 66: | ||
=== Publications === | === Publications === | ||
+ | * [https://ieeexplore.ieee.org/document/8631474 Designing and Implementing a Benchmark Collection for Attack Simulation in Field bus Systems] |
Latest revision as of 15:22, 22 July 2019
Contents
Project Description
Benchmark collection for simulated fieldbus traffic.
A modular, extendable, open test case collection to simulate attacks on field bus systems. Contribution welcome!
Contact contributors
Datasets
KNX
ID | File | Reference_ID | Author E-Mail | Notes |
---|---|---|---|---|
1 | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attack_free_referencedataset_with_seconds_csv.zip | 1 | Simeon Wiedenmann | A log of normal KNX traffic without any attacks in csv / json format
Zip compressed CSV-file 14,3 MB (uncompressed 302,5 MB) CC BY-SA 4.0 (CSV: Line Separator = LF, Enclosing Strings in = ", Field Separator = ; ) Zip compressed JSON-file 20,8 MB (uncompressed 817,7 MB) CC BY-SA 4.0 Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier. |
2 | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/attacks_with_seconds_csv.zip | 1 | Simeon Wiedenmann | A log of KNX traffic with artificially introduced attack telegrams deduced from ID = 1 following this documentation and creation script. Introduced attacks are documented at the bottom of that file and include manipulated hop_count values, new source_addresses, time shifted telegrams, replay attacks, negation attacks and the deletion of telegrams.
Due to too low timestamp resolution in our log-mechanisms the time stamps are only accurate to the second, which is unfortunate. However the temporal order of the telegrams still can be determined by the correctly set sequence_number. For telegrams with identical timestamps, those with lower sequence_number happened earlier. |
3 | https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/replay_telegrams.zip
https://opsci.informatik.uni-rostock.de/repos/datasets/fieldbus-traffic/knx/negation_telegrams.zip |
2 and 1 | Simeon Wiedenmann | These zip files contain csv and json versions of tables that contain certain telegrams that have been introduced into ID = 2 (attacks_with_seconds). In case one wants to match sequence_numbers of telegrams from attacks_with_seconds with those from attack_free_referencedataset_with_seconds, the following applies:
-- For attacks of type 4: Table replay_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds. -- For attacks of type 5: Table negation_telegrams shows the same telegrams that have been introduced into attacks_with_seconds but with the original sequence_number as in attack_free_referencedataset_with_seconds. |
Other Systems
Do you have any traffic for CAN, Profibus, Foundation Fieldbus, LON, EIA-485, RS-485 or any other fieldbus technology to offer, please contact Simeon Wiedenmann
Licence
All test cases of this benchmark collection are licensed under the Free Culture License CC BY-SA 4.0 (see [1] for more infos). When using individual test cases the test case author as well as this benchmark collection need to be named: e.g. Test Case by <author> published via [2]