OT-ICS attacks dataset

This dataset contains network traffic features generated from a simulated OT/ICS attack scenario involving OpenPLC, ScadaBR/SCADA, a vulnerable web application, and Apache Tomcat. It covers both benign traffic and multiple attack stages, including active scanning, Log4Shell vulnerability discovery, Log4Shell exploitation, lateral movement, and command-and-control activity. The scenario is based on CVE-2021-44228 and CVE-2009-3548 and is intended to support cybersecurity research on OT/ICS attack detection, traffic analysis, and resilience evaluation.

Data og ressurser

normal_scan_features.csvCSV
Normal traffic
Utforsk
- Tilleggsinformasjon
- Nedlasting
attack_scan_features.csvCSV
Active scanning involves actively probing a network to discover systems,...
Utforsk
- Tilleggsinformasjon
- Nedlasting
Log4Shell vulnerability discoveryCSV
An attacker uses a scanner to detect the presence of the Log4Shell...
Utforsk
- Tilleggsinformasjon
Exploit Log4Shell vulnerability CSV
The goal of this step is for the attacker to gain initial access to the...
Utforsk
- Tilleggsinformasjon
- Nedlasting
Lateral mouvement CSV
Once inside the vulnerable web server machine, the attacker's goal is to move...
Utforsk
- Tilleggsinformasjon
- Nedlasting
C&C CSV
The attacker uses the MODBUS/TCP protocol, which typically operates on port...
Utforsk
- Tilleggsinformasjon
- Nedlasting
OT-ICS-attacks.zipZIP
Utforsk
- Tilleggsinformasjon
- Nedlasting

Tilleggsinformasjon

Felt	Verdi
Kilde	https://github.com/montimage-projects/OT-ICS-attacks
Forfatter	Montimage
Vedlikeholdes av	Montimage
Sist oppdatert	mars 31, 2026, 12:28 (UTC)
Opprettet	september 10, 2025, 11:36 (UTC)
attack_stages	reconnaissance; exploitation; lateral movement; command and control
domain	OT/ICS
protocols_or_systems	MODBUS/TCP; OpenPLC; ScadaBR; Tomcat