PowerDuck: A GOOSE Data Set of Cyberattacks in Substations

TL;DR

PowerDuck is a new publicly available dataset of real GOOSE communication network traffic in substations, including attack scenarios, to aid cybersecurity research and improve power grid protection.

Contribution

It introduces PowerDuck, a comprehensive, real-world dataset of GOOSE network traffic with attack labels, filling a gap in existing synthetic data sets for power grid cybersecurity.

Findings

Contains diverse attack scenarios with labeled attacker packets

Enhances existing datasets by providing real network traffic data

Aims to improve security measures for power grid infrastructure

Abstract

Power grids worldwide are increasingly victims of cyberattacks, where attackers can cause immense damage to critical infrastructure. The growing digitalization and networking in power grids combined with insufficient protection against cyberattacks further exacerbate this trend. Hence, security engineers and researchers must counter these new risks by continuously improving security measures. Data sets of real network traffic during cyberattacks play a decisive role in analyzing and understanding such attacks. Therefore, this paper presents PowerDuck, a publicly available security data set containing network traces of GOOSE communication in a physical substation testbed. The data set includes recordings of various scenarios with and without the presence of attacks. Furthermore, all network packets originating from the attacker are clearly labeled to facilitate their identification. We thus envision PowerDuck improving and complementing existing data sets of substations, which are often generated synthetically, thus enhancing the security of power grids.