OT-ICS attacks dataset

This dataset contains network traffic features generated from a simulated OT/ICS attack scenario involving OpenPLC, ScadaBR/SCADA, a vulnerable web application, and Apache Tomcat. It covers both benign traffic and multiple attack stages, including active scanning, Log4Shell vulnerability discovery, Log4Shell exploitation, lateral movement, and command-and-control activity. The scenario is based on CVE-2021-44228 and CVE-2009-3548 and is intended to support cybersecurity research on OT/ICS attack detection, traffic analysis, and resilience evaluation.

Data and Resources

normal_scan_features.csvCSV
Normal traffic
Explore
- More information
- Download
attack_scan_features.csvCSV
Active scanning involves actively probing a network to discover systems,...
Explore
- More information
- Download
Log4Shell vulnerability discoveryCSV
An attacker uses a scanner to detect the presence of the Log4Shell...
Explore
- More information
Exploit Log4Shell vulnerability CSV
The goal of this step is for the attacker to gain initial access to the...
Explore
- More information
- Download
Lateral mouvement CSV
Once inside the vulnerable web server machine, the attacker's goal is to move...
Explore
- More information
- Download
C&C CSV
The attacker uses the MODBUS/TCP protocol, which typically operates on port...
Explore
- More information
- Download
OT-ICS-attacks.zipZIP
Explore
- More information
- Download

Additional Info

Field	Value
Source	https://github.com/montimage-projects/OT-ICS-attacks
Author	Montimage
Maintainer	Montimage
Last Updated	مارس 31, 2026, 12:28 (UTC)
Created	سپتامبر 10, 2025, 11:36 (UTC)
attack_stages	reconnaissance; exploitation; lateral movement; command and control
domain	OT/ICS
protocols_or_systems	MODBUS/TCP; OpenPLC; ScadaBR; Tomcat