Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset . 2025
License: CC BY
Data sources: ZENODO
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset . 2025
License: CC BY
Data sources: ZENODO
ZENODO
Dataset . 2025
License: CC BY
Data sources: Datacite
ZENODO
Dataset . 2025
License: CC BY
Data sources: Datacite
ZENODO
Dataset . 2025
License: CC BY
Data sources: Datacite
 View all 3 versions
Claim

Sherlock: A Dataset for Process-aware Intrusion Detection Research on Power Grid Networks

Research datakeyboard_double_arrow_right Dataset 10 Apr 2025 English Publisher:ACM
Authors: Wagner, Eric; Bader, Lennart; Wolsing, Konrad; Serror, Martin;

doi: 10.5281/zenodo.15260901 , 10.5281/zenodo.15168928 , 10.5281/zenodo.15168927

Sherlock: A Dataset for Process-aware Intrusion Detection Research on Power Grid Networks

Abstract

Sherlock is a dataset developed for research into, among others, process-aware intrusion detection in power grid networks. It is created with the power grid co-simulator Wattson. The dataset was initially presented in the ACM CODASPY'25 paper "Sherlock: A Dataset for Process-aware Intrusion Detection Research on Power Grid Networks" and a detailed documentation is available at https://sherlock.wattson.it/.Sherlock contains 3 scenarios, namely 01_Basic, 02_Semiurban, and 03_Rural. All scenarios are of realistically-sized networks, but 01_Basic is smaller and therefore recommended for initial prototyping. 01_Basic and 02_Semiurban contain a train set without attacks, and a test set with attacks. 03_Rural only contains a test set to motivate research into transferability of results into new networks.Each scenarios contains: network captures of primarily IEC 60870-5-104 from different vantage points accurate labels for attacks, recoveries from attacks, benign events, and normal operation ground truth data device logs captures transcibed into the Intrustrial Protocol Abstraction Layer (IPAL) format for easy processing Changelog: Version v2 - renamed train.n402.state.gz to test.n402.state.gz in 03-RuralVersion v1 - initial dataset

Related Organizations
Keywords

critical infrastructure, IEC 60870-5-104

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average