{"id":493,"date":"2022-11-27T21:31:04","date_gmt":"2022-11-27T21:31:04","guid":{"rendered":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/?p=493"},"modified":"2024-12-05T10:33:31","modified_gmt":"2024-12-05T10:33:31","slug":"isot-mil-std-1553-dataset","status":"publish","type":"post","link":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/2022\/11\/27\/isot-mil-std-1553-dataset\/","title":{"rendered":"ISOT Mil-STD-1553 Dataset"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.18.0″ _module_preset=”default” custom_margin=”||-620px|||” custom_padding=”7px||0px|||” global_colors_info=”{}”][et_pb_row _builder_version=”4.18.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.18.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.18.0″ _module_preset=”default” text_font=”|600|||||||” text_text_color=”#000000″ animation_style=”zoom” global_colors_info=”{}”]<\/p>\n

 <\/p>\n

Dataset Description<\/a><\/h4>\n

Click here to download the ISOT Mil-STD-1553 Dataset <\/a><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ width=”100%” custom_padding=”0px|||||” global_colors_info=”{}”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.18.0″ text_font=”|600|||||||” text_text_color=”#000000″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n

ISOT Mil-STD-1553 Dataset<\/span><\/p>\n

The dataset is a combination of datasets collected in a simulated environment consisting of normal activities and a series of attacks against the MIL-STD-1553 databus.<\/span><\/p>\n

The simulation was conducted using Abaco R15-USB-2M USB interface box and Abaco BUSTOOLS\/1553 GUI Software for MIL-STD-1553 bus analysis, simulation, and data logging.<\/span><\/p>\n

Figure 1 depicts the simulated bus components. The bus architecture used in the simulation consists of a bus monitor (BM) and five different avionic systems, including a flight control computer (FCC) as RT3, a mission computer (MC) as BC, an inertial reference unit (IRU) as RT1, a mission control keyboard (MCK) as RT4, and a multi-function display unit (MFD) as RT2. The MC serves as bus controller (BC), while the remaining components are remote terminals.<\/span><\/p>\n

\"\"<\/span><\/p>\n

Figure 1. <\/strong>Simulated MIL-STD-1553 bus components<\/span><\/p>\n

\u00a0<\/span><\/p>\n

The components were the only ones used to execute the normal activities. To simulate the attack, we added a rogue terminal as RT0.<\/span><\/p>\n

A baseline dataset consisting of normal activities was generated by running the simulation for 10 min. Subsequently, 6 different attack scenarios were run separately against the baseline architecture, by introducing RT0 as rogue terminal. Table 1 provides a summary of the different datasets and Table 2 shows the different fields involved in the raw data. The dataset is provided as separate CSV files.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Table 1. <\/strong>Outline of the collected MIL-STD-1553 datasets<\/span><\/p>\n

\u00a0<\/span><\/p>\n\n\n\n\n\n\n\n\n\n\n
Dataset<\/strong> #<\/strong><\/span><\/td>\nType of data<\/strong><\/span><\/td>\nAttack type<\/strong><\/span><\/td>\nAttack description<\/strong><\/span><\/td>\n\n

Number of<\/strong><\/span><\/p>\n

messages<\/strong><\/span><\/p>\n<\/td>\n

Simulation<\/strong> length<\/strong><\/span><\/td>\n<\/tr>\n
1<\/span><\/td>\nNormal<\/span><\/td>\nN\/A<\/span><\/td>\nN\/A<\/span><\/td>\n23,000<\/span><\/td>\n10 min<\/span><\/td>\n<\/tr>\n
2<\/span><\/td>\nMix normal\/malicious<\/span><\/td>\n\n

Targeted\/Basic DOS<\/span><\/p>\n

(Attack 1)<\/span><\/p>\n<\/td>\n

\n

rogue terminal (RT0) targets the FCC (RT3) by sending random<\/span><\/p>\n

words in a loop<\/span><\/p>\n<\/td>\n

148<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n
3<\/span><\/td>\nMix Normal\/malicious<\/span><\/td>\nMulti-target DOS (Attack 2)<\/span><\/td>\nRogue terminal (RT0) sends broadcast messages in a loop<\/span><\/td>\n373<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n
4<\/span><\/td>\nMix Normal\/malicious<\/span><\/td>\n\n

Subtle Fake data injection<\/span><\/p>\n

(Attack 3)<\/span><\/p>\n<\/td>\n

\n

rogue terminal (RT0) replicates one of the messages sent by one of the legitimate RTs by slightly<\/span><\/p>\n

altering one of the data items<\/span><\/p>\n<\/td>\n

970<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n
5<\/span><\/td>\nMix Normal\/malicious<\/span><\/td>\n\n

Noisy fake data injection<\/span><\/p>\n

(Attack 4)<\/span><\/p>\n<\/td>\n

\n

similar to the above attack, except that in this case fake data<\/span><\/p>\n

is randomly generated.<\/span><\/p>\n<\/td>\n

970<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n
6<\/span><\/td>\nMix Normal\/malicious<\/span><\/td>\nLogic attack (Attack 5)<\/span><\/td>\n\n

a rogue RT broadcast mode code value 4 (0x04), which corresponds to the Transmitter<\/span><\/p>\n

Shutdown, which is unusual<\/span><\/p>\n<\/td>\n

981<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n
7<\/span><\/td>\nMix Normal\/malicious<\/span><\/td>\nHybrid Logic\/fake data injection (Attack 6)<\/span><\/td>\nCombination of the attacks in datasets 5 and 6<\/span><\/td>\n1004<\/span><\/td>\n30 sec<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/span><\/p>\n

Table 2. <\/strong>Raw dataset format<\/span><\/p>\n

\u00a0<\/span><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Fields<\/strong><\/span><\/td>\nDescription<\/strong><\/span><\/td>\n<\/tr>\n
msgID<\/span><\/td>\nSequence number associated with the message by the simulator<\/span><\/td>\n<\/tr>\n
timestamp<\/span><\/td>\nMessage timestamp in seconds<\/span><\/td>\n<\/tr>\n
error<\/span><\/td>\nIndicate whether the error bit of the status word related to the message is set; contains TRUE\/FALSE accordingly.<\/span><\/td>\n<\/tr>\n
modeCode<\/span><\/td>\nIndicate whether the message is a mode command message; contains TRUE\/FALSE accordingly.<\/span><\/td>\n<\/tr>\n
channel<\/span><\/td>\nChannel associated with the message<\/span><\/td>\n<\/tr>\n
connType<\/span><\/td>\nCommunication type<\/span><\/td>\n<\/tr>\n
sa<\/span><\/td>\nAddress of sending RT<\/span><\/td>\n<\/tr>\n
ssa<\/span><\/td>\nSub-address of the sending subsystem from the sending RT<\/span><\/td>\n<\/tr>\n
da<\/span><\/td>\nAddress of receiving RT<\/span><\/td>\n<\/tr>\n
dsa<\/span><\/td>\nSub-address of the receiving subsystem at the receiving RT<\/span><\/td>\n<\/tr>\n
wc<\/span><\/td>\nWord count: number of data words included in the message<\/span><\/td>\n<\/tr>\n
modeCode value<\/span><\/td>\nMode code value when applicable<\/span><\/td>\n<\/tr>\n
txRsp<\/span><\/td>\nTransmit command response time in ms<\/span><\/td>\n<\/tr>\n
txSts<\/span><\/td>\nTransmit status word<\/span><\/td>\n<\/tr>\n
rxRsp<\/span><\/td>\nReceive command response time in ms<\/span><\/td>\n<\/tr>\n
rxSts<\/span><\/td>\nReceive status word<\/span><\/td>\n<\/tr>\n
dw0 \u2026 dw31<\/span><\/td>\nValues of the data word included in the message ranging from dw0 to dw31; N\/A is used when there is no data words for a field.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/span><\/p>\n\n\n\n\n\n\n
Malicious<\/span><\/td>\nIndication of whether the message is malicious: contains TRUE\/FALSE accordingly.<\/span><\/td>\n<\/tr>\n
injected<\/span><\/td>\n\n

Indication of whether part of the data included in the message is injected:<\/span><\/p>\n

contains TRUE\/FALSE accordingly.<\/span><\/p>\n<\/td>\n<\/tr>\n

gap<\/span><\/td>\nInter-message gap time in ms<\/span><\/td>\n<\/tr>\n
msgTime<\/span><\/td>\nMessage time in ms<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

To cite this dataset use:<\/strong><\/span><\/p>\n

Hadeer Saad, Issa Traore, Paulo Quinan, Karim Ganame, Oussama Boudar, \u201cA Collection of Datasets for Intrusion Detection in MIL-STD-1553 Platforms\u201d, in Artificial Intelligencefor Cyber- Physical Systems Hardening, I. Traor\u00e9, I. Woungang, and S. Saad, Eds. Springer, 2022, Chapter 4.<\/span><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

  Dataset Description Click here to download the ISOT Mil-STD-1553 Dataset ISOT Mil-STD-1553 Dataset The dataset is a combination of datasets collected in a simulated environment consisting of normal activities and a series of attacks against the MIL-STD-1553 databus. The simulation was conducted using Abaco R15-USB-2M USB interface box and Abaco BUSTOOLS\/1553 GUI Software for […]<\/p>\n","protected":false},"author":17669,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"ISOT Mil-STD-1553 Dataset\r\n\r\nThe dataset is a combination of datasets collected in a simulated environment consisting of normal activities and a series of attacks against the MIL-STD-1553 databus.\r\n\r\nThe simulation was conducted using Abaco R15-USB-2M USB interface box and Abaco BUSTOOLS\/1553 GUI Software for MIL-STD-1553 bus analysis, simulation, and data logging.\r\n\r\nFigure 1 depicts the simulated bus components. The bus architecture used in the simulation consists of a bus monitor (BM) and five different avionic systems, including a flight control computer (FCC) as RT3, a mission computer (MC) as BC, an inertial reference unit (IRU) as RT1, a mission control keyboard (MCK) as RT4, and a multi-function display unit (MFD) as RT2. The MC serves as bus controller (BC), while the remaining components are remote terminals.\r\n\r\n\"\"\r\n\r\nFigure 1. <\/strong>Simulated MIL-STD-1553 bus components\r\n\r\n\u00a0\r\n\r\nThe components were the only ones used to execute the normal activities. To simulate the attack, we added a rogue terminal as RT0.\r\n\r\nA baseline dataset consisting of normal activities was generated by running the simulation for 10 min. Subsequently, 6 different attack scenarios were run separately against the baseline architecture, by introducing RT0 as rogue terminal. Table 1 provides a summary of the different datasets and Table 2 shows the different fields involved in the raw data. The dataset is provided as separate CSV files.\r\n\r\n\u00a0\r\n\r\n\u00a0\r\n\r\nTable 1. <\/strong>Outline of the collected MIL-STD-1553 datasets\r\n\r\n\u00a0\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
Dataset<\/strong> #<\/strong><\/td>\r\nType of data<\/strong><\/td>\r\nAttack type<\/strong><\/td>\r\nAttack description<\/strong><\/td>\r\nNumber of<\/strong>\r\n\r\nmessages<\/strong><\/td>\r\nSimulation<\/strong> length<\/strong><\/td>\r\n<\/tr>\r\n
1<\/td>\r\nNormal<\/td>\r\nN\/A<\/td>\r\nN\/A<\/td>\r\n23,000<\/td>\r\n10 min<\/td>\r\n<\/tr>\r\n
2<\/td>\r\nMix normal\/malicious<\/td>\r\nTargeted\/Basic DOS\r\n\r\n(Attack 1)<\/td>\r\nrogue terminal (RT0) targets the FCC (RT3) by sending random\r\n\r\nwords in a loop<\/td>\r\n148<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n
3<\/td>\r\nMix Normal\/malicious<\/td>\r\nMulti-target DOS (Attack 2)<\/td>\r\nRogue terminal (RT0) sends broadcast messages in a loop<\/td>\r\n373<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n
4<\/td>\r\nMix Normal\/malicious<\/td>\r\nSubtle Fake data injection\r\n\r\n(Attack 3)<\/td>\r\nrogue terminal (RT0) replicates one of the messages sent by one of the legitimate RTs by slightly\r\n\r\naltering one of the data items<\/td>\r\n970<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n
5<\/td>\r\nMix Normal\/malicious<\/td>\r\nNoisy fake data injection\r\n\r\n(Attack 4)<\/td>\r\nsimilar to the above attack, except that in this case fake data\r\n\r\nis randomly generated.<\/td>\r\n970<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n
6<\/td>\r\nMix Normal\/malicious<\/td>\r\nLogic attack (Attack 5)<\/td>\r\na rogue RT broadcast mode code value 4 (0x04), which corresponds to the Transmitter\r\n\r\nShutdown, which is unusual<\/td>\r\n981<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n
7<\/td>\r\nMix Normal\/malicious<\/td>\r\nHybrid Logic\/fake data injection (Attack 6)<\/td>\r\nCombination of the attacks in datasets 5 and 6<\/td>\r\n1004<\/td>\r\n30 sec<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\u00a0\r\n\r\nTable 2. <\/strong>Raw dataset format\r\n\r\n\u00a0\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
Fields<\/strong><\/td>\r\nDescription<\/strong><\/td>\r\n<\/tr>\r\n
msgID<\/td>\r\nSequence number associated with the message by the simulator<\/td>\r\n<\/tr>\r\n
timestamp<\/td>\r\nMessage timestamp in seconds<\/td>\r\n<\/tr>\r\n
error<\/td>\r\nIndicate whether the error bit of the status word related to the message is set; contains TRUE\/FALSE accordingly.<\/td>\r\n<\/tr>\r\n
modeCode<\/td>\r\nIndicate whether the message is a mode command message; contains TRUE\/FALSE accordingly.<\/td>\r\n<\/tr>\r\n
channel<\/td>\r\nChannel associated with the message<\/td>\r\n<\/tr>\r\n
connType<\/td>\r\nCommunication type<\/td>\r\n<\/tr>\r\n
sa<\/td>\r\nAddress of sending RT<\/td>\r\n<\/tr>\r\n
ssa<\/td>\r\nSub-address of the sending subsystem from the sending RT<\/td>\r\n<\/tr>\r\n
da<\/td>\r\nAddress of receiving RT<\/td>\r\n<\/tr>\r\n
dsa<\/td>\r\nSub-address of the receiving subsystem at the receiving RT<\/td>\r\n<\/tr>\r\n
wc<\/td>\r\nWord count: number of data words included in the message<\/td>\r\n<\/tr>\r\n
modeCode value<\/td>\r\nMode code value when applicable<\/td>\r\n<\/tr>\r\n
txRsp<\/td>\r\nTransmit command response time in ms<\/td>\r\n<\/tr>\r\n
txSts<\/td>\r\nTransmit status word<\/td>\r\n<\/tr>\r\n
rxRsp<\/td>\r\nReceive command response time in ms<\/td>\r\n<\/tr>\r\n
rxSts<\/td>\r\nReceive status word<\/td>\r\n<\/tr>\r\n
dw0 \u2026 dw31<\/td>\r\nValues of the data word included in the message ranging from dw0 to dw31; N\/A is used when there is no data words for a field.<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\u00a0\r\n\r\n\r\n\r\n\r\n\r\n\r\n
Malicious<\/td>\r\nIndication of whether the message is malicious: contains TRUE\/FALSE accordingly.<\/td>\r\n<\/tr>\r\n
injected<\/td>\r\nIndication of whether part of the data included in the message is injected:\r\n\r\ncontains TRUE\/FALSE accordingly.<\/td>\r\n<\/tr>\r\n
gap<\/td>\r\nInter-message gap time in ms<\/td>\r\n<\/tr>\r\n
msgTime<\/td>\r\nMessage time in ms<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\u00a0\r\n\r\n\u00a0\r\n\r\n\u00a0\r\n\r\n\u00a0\r\n\r\nTo cite this dataset use:<\/strong>\r\n\r\nHadeer Saad, Issa Traore, Paulo Quinan, Karim Ganame, Oussama Boudar, \u201cA Collection of Datasets for Intrusion Detection in MIL-STD-1553 Platforms\u201d, in Artificial Intelligencefor Cyber- Physical Systems Hardening, I. Traor\u00e9, I. Woungang, and S. Saad, Eds. Springer, 2022, Chapter 4.","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11],"tags":[],"class_list":["post-493","post","type-post","status-publish","format-standard","hentry","category-datasets"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/users\/17669"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/comments?post=493"}],"version-history":[{"count":12,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/493\/revisions"}],"predecessor-version":[{"id":1372,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/posts\/493\/revisions\/1372"}],"wp:attachment":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/media?parent=493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/categories?post=493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/isot\/wp-json\/wp\/v2\/tags?post=493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}