Open Resource

Our team has released the following tools / data sets for open access:

IEC61850 GOOSE Protocol Parser

GOOSE is a communication protocol defined in the IEC61850 standard. It is used by Intelligent Electronic Devices (IEDs) in electrical substations to facilitate information exchange between devices. A GOOSE parser has been developed to enable detailed analysis of the transmitted data and allow rule-based identification of anomalies related to cybersecurity attacks. It is compatible with an older instance of Zeek Network Security Monitor (v2.6).

IEC61850 Security Dataset

We have developed a synthesized dataset focusing on IEC 61850 GOOSE communication that is essential for automation and protection in smart grid. The dataset is intended to facilitate the research community to study the cybersecurity of substations. We present the physical system of a typical distribution level substation and several of its critical electrical protection operation scenarios under different disturbances, followed by several cyber-attack scenarios. We have generated a dataset with multiple traces that correspond to these scenarios and demonstrated how the dataset can be used to support substation cybersecurity research.

Network Trace of Smart Grid Honeypot

We conducted an empirical study with 6-month network traces collected in low-interaction smart grid honeypot systems deployed in geographically different regions on Amazon cloud platform. In particular, we discuss actual attack patterns observed as well as insights from the data-driven study on access/attack patterns, correlations among different locations, and dynamics in access sources, some of which are considered effective when configuring security mechanisms such as firewall and intrusion detection systems.

An Attack-Trace Generating Toolchain

we developed a toolchain that aims to enable users (e.g., power grid operators) to easily create customized datasets for the validation of cybersecurity solutions for IEC 61850 communication-based substations. Our toolchain consists of a set of modular software tools that work together to handle different inputs (e.g., substation configurations, attack configurations, and simulation settings) and carry out the necessary processing steps needed for generating the customized datasets.