Secure Water Treatment (SWaT) Dataset
Intrusion detection for Cyber Physical Systems (CPS) suffer from accurate evaluation and benchmarking comparisons. This is mainly due to the lack of datasets in this research area. Majority of the intrusion detection datasets currently available focus on network traffic which is inadequate for CPS intrusion detection. Thus, researchers resort to simulating CPS data that are often suboptimal. As cyber-attacks can cause the behaviour of the CPS to change drastically, it is necessary to generate a dataset that reflects the complexity of system through the evolution of the intrusions.
The SWaT Dataset was systematically generated from the Secure Water Treatment Testbed to address this need. The data collected from the testbed consists of 11 days of continuous operation. 7 days’ worth of data was collected under normal operation while 4 days’ worth of data was collected with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected.
The goal for this dataset is to assist various researchers in designing solutions, testing, evaluation, and comparison purposes for CPSs research.
Characteristics of dataset:
- Network Traffic and Cyber Physical Properties: The dataset contains all the network traffic captured during this time. The dataset also consists of all the values obtained from all the 51 sensors and actuators available in SWaT.
- Labelled: All the data acquired during this process are labelled according to normal and abnormal behaviours
- Attack Scenarios: The attacks generated for this dataset were derived through the attack models developed by our research team. The attack model considers the intent space of a CPS as an attack model. 36 attacks were launched during the 4 days and are described in the PDF.
To request the following datasets, please contact email@example.com for login details.
SWaT Normal Data (7 Days)
SWaT with Attack Data (4 days)
SWaT Network Traffic (11 days)
Technical information of SWaT can be found here.