ISOT Mil-STD-1553 Dataset
The dataset is a combination of datasets collected in a simulated environment consisting of normal activities and a series of attacks against the MIL-STD-1553 databus.
The simulation was conducted using Abaco R15-USB-2M USB interface box and Abaco BUSTOOLS/1553 GUI Software for MIL-STD-1553 bus analysis, simulation, and data logging.
Figure 1 depicts the simulated bus components. The bus architecture used in the simulation consists of a bus monitor (BM) and five different avionic systems, including a flight control computer (FCC) as RT3, a mission computer (MC) as BC, an inertial reference unit (IRU) as RT1, a mission control keyboard (MCK) as RT4, and a multi-function display unit (MFD) as RT2. The MC serves as bus controller (BC), while the remaining components are remote terminals.
Figure 1. Simulated MIL-STD-1553 bus components
The components were the only ones used to execute the normal activities. To simulate the attack, we added a rogue terminal as RT0.
A baseline dataset consisting of normal activities was generated by running the simulation for 10 min. Subsequently, 6 different attack scenarios were run separately against the baseline architecture, by introducing RT0 as rogue terminal. Table 1 provides a summary of the different datasets and Table 2 shows the different fields involved in the raw data. The dataset is provided as separate CSV files.
Table 1. Outline of the collected MIL-STD-1553 datasets
Dataset # | Type of data | Attack type | Attack description |
Number of messages |
Simulation length |
1 | Normal | N/A | N/A | 23,000 | 10 min |
2 | Mix normal/malicious |
Targeted/Basic DOS (Attack 1) |
rogue terminal (RT0) targets the FCC (RT3) by sending random words in a loop |
148 | 30 sec |
3 | Mix Normal/malicious | Multi-target DOS (Attack 2) | Rogue terminal (RT0) sends broadcast messages in a loop | 373 | 30 sec |
4 | Mix Normal/malicious |
Subtle Fake data injection (Attack 3) |
rogue terminal (RT0) replicates one of the messages sent by one of the legitimate RTs by slightly altering one of the data items |
970 | 30 sec |
5 | Mix Normal/malicious |
Noisy fake data injection (Attack 4) |
similar to the above attack, except that in this case fake data is randomly generated. |
970 | 30 sec |
6 | Mix Normal/malicious | Logic attack (Attack 5) |
a rogue RT broadcast mode code value 4 (0x04), which corresponds to the Transmitter Shutdown, which is unusual |
981 | 30 sec |
7 | Mix Normal/malicious | Hybrid Logic/fake data injection (Attack 6) | Combination of the attacks in datasets 5 and 6 | 1004 | 30 sec |
Table 2. Raw dataset format
Fields | Description |
msgID | Sequence number associated with the message by the simulator |
timestamp | Message timestamp in seconds |
error | Indicate whether the error bit of the status word related to the message is set; contains TRUE/FALSE accordingly. |
modeCode | Indicate whether the message is a mode command message; contains TRUE/FALSE accordingly. |
channel | Channel associated with the message |
connType | Communication type |
sa | Address of sending RT |
ssa | Sub-address of the sending subsystem from the sending RT |
da | Address of receiving RT |
dsa | Sub-address of the receiving subsystem at the receiving RT |
wc | Word count: number of data words included in the message |
modeCode value | Mode code value when applicable |
txRsp | Transmit command response time in ms |
txSts | Transmit status word |
rxRsp | Receive command response time in ms |
rxSts | Receive status word |
dw0 … dw31 | Values of the data word included in the message ranging from dw0 to dw31; N/A is used when there is no data words for a field. |
Malicious | Indication of whether the message is malicious: contains TRUE/FALSE accordingly. |
injected |
Indication of whether part of the data included in the message is injected: contains TRUE/FALSE accordingly. |
gap | Inter-message gap time in ms |
msgTime | Message time in ms |
To cite this dataset use:
Hadeer Saad, Issa Traore, Paulo Quinan, Karim Ganame, Oussama Boudar, “A Collection of Datasets for Intrusion Detection in MIL-STD-1553 Platforms”, in Artificial Intelligencefor Cyber- Physical Systems Hardening, I. Traoré, I. Woungang, and S. Saad, Eds. Springer, 2022, Chapter 4.