Abstract

In recent decades, Industrial Control Systems (ICS) have been affected by heterogeneous cyberattacks that have a huge impact on the physical world and the people's safety. Nowadays, the techniques achieving the best performance in the detection of cyber anomalies are based on Machine Learning and, more recently, Deep Learning. Due to the incipient stage of cybersecurity research in ICS, the availability of datasets enabling the evaluation of anomaly detection techniques is insufficient. In this paper, we propose a methodology to generate reliable anomaly detection datasets in ICS that consists of four steps: attacks selection, attacks deployment, traffic capture and features computation. The proposed methodology has been used to generate the Electra Dataset, whose main goal is the evaluation of cybersecurity techniques in an electric traction substation used in the railway industry. Using the Electra dataset, we train several Machine Learning and Deep Learning models to detect anomalies in ICS and the performed experiments show that the models have high precision and, therefore, demonstrate the suitability of our dataset for use in production systems.