SCADANet: A novel dataset for SCADA cybersecurity and intrusion detection

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2026-04-01 Epub Date: 2026-02-03 DOI:10.1016/j.comnet.2026.112087

Enes ALGUL , Ferdi DOĞAN , Ahmad Ayid Ahmad , Onur POLAT

{"title":"SCADANet: A novel dataset for SCADA cybersecurity and intrusion detection","authors":"Enes ALGUL , Ferdi DOĞAN , Ahmad Ayid Ahmad , Onur POLAT","doi":"10.1016/j.comnet.2026.112087","DOIUrl":null,"url":null,"abstract":"<div><div>This paper presents SCADANet, a new dataset tailored for cybersecurity research in Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are critical for automating essential infrastructure sectors, including energy, water, manufacturing, and transportation. However, their open network architectures, outdated software, and inadequate access controls expose them to cyber threats, risking service disruptions, physical damage, and threats to human safety and economic stability. To address these challenges, advanced cyber-physical security solutions are essential.</div><div>In this study, we generated a virtual SCADA network using the Modbus/TCP protocol and simulated both typical and SCADA-specific cyberattacks alongside normal network traffic. The resulting data was captured and analyzed using Wireshark, TShark, and JA4+ tools, then stored in a structured, multi-layered, labelled CSV format.</div><div>SCADANet was employed to train a deep learning-based intrusion detection system, utilizing proposed DeepNonLocalNN model, which achieved high accuracy by leveraging both local and global traffic patterns. With its comprehensive protocol coverage, realistic traffic scenarios, and open-access design, SCADANet serves as a valuable resource for advancing SCADA security research and makes a significant contribution to the field.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"278 ","pages":"Article 112087"},"PeriodicalIF":4.6000,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S138912862600099X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2026/2/3 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents SCADANet, a new dataset tailored for cybersecurity research in Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are critical for automating essential infrastructure sectors, including energy, water, manufacturing, and transportation. However, their open network architectures, outdated software, and inadequate access controls expose them to cyber threats, risking service disruptions, physical damage, and threats to human safety and economic stability. To address these challenges, advanced cyber-physical security solutions are essential.

In this study, we generated a virtual SCADA network using the Modbus/TCP protocol and simulated both typical and SCADA-specific cyberattacks alongside normal network traffic. The resulting data was captured and analyzed using Wireshark, TShark, and JA4+ tools, then stored in a structured, multi-layered, labelled CSV format.

SCADANet was employed to train a deep learning-based intrusion detection system, utilizing proposed DeepNonLocalNN model, which achieved high accuracy by leveraging both local and global traffic patterns. With its comprehensive protocol coverage, realistic traffic scenarios, and open-access design, SCADANet serves as a valuable resource for advancing SCADA security research and makes a significant contribution to the field.

查看原文本刊更多论文

SCADANet：一个用于SCADA网络安全和入侵检测的新数据集

本文介绍了SCADANet，一个为监控和数据采集（SCADA）系统的网络安全研究量身定制的新数据集。SCADA系统对于基础设施自动化至关重要，包括能源、水、制造和运输。然而，他们的开放式网络架构、过时的软件和不充分的访问控制使他们面临网络威胁，有可能导致服务中断、物理损坏以及对人类安全和经济稳定的威胁。为了应对这些挑战，先进的网络物理安全解决方案至关重要。在这项研究中，我们使用Modbus/TCP协议生成了一个虚拟的SCADA网络，并模拟了典型的和SCADA特定的网络攻击以及正常的网络流量。使用Wireshark、TShark和JA4+工具捕获和分析结果数据，然后以结构化、多层、标记的CSV格式存储。利用SCADANet训练基于深度学习的入侵检测系统，利用提出的DeepNonLocalNN模型，该模型通过利用本地和全局流量模式实现了较高的准确率。SCADANet以其全面的协议覆盖、真实的流量场景和开放访问设计，为推进SCADA安全研究提供了宝贵的资源，并为该领域做出了重大贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.