Signals and Symptoms: ICS Attack Dataset From Railway Cyber Range

• URL: http://arxiv.org/abs/2507.01768v1
• Date: Wed, 02 Jul 2025 14:47:31 GMT
• Title: Signals and Symptoms: ICS Attack Dataset From Railway Cyber Range
• Authors: Anis Yusof, Yuancheng Liu, Niklaus Kang, Choon Meng Seah, Zhenkai Liang, Ee-Chien Chang,
• Abstract summary: We conduct two ICS cyberattack simulations to showcase the impact of trending ICS cyberattacks on a railway cyber range that resembles the railway infrastructure.<n>The resulting evidence is collected as datasets, serving as an essential resource for cyberattack analysis.
• Score: 8.612455964786049
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The prevalence of cyberattacks on Industrial Control Systems (ICS) has highlighted the necessity for robust security measures and incident response to protect critical infrastructure. This is prominent when Operational Technology (OT) systems undergo digital transformation by integrating with Information Technology (IT) systems to enhance operational efficiency, adaptability, and safety. To support analysts in staying abreast of emerging attack patterns, there is a need for ICS datasets that reflect indicators representative of contemporary cyber threats. To address this, we conduct two ICS cyberattack simulations to showcase the impact of trending ICS cyberattacks on a railway cyber range that resembles the railway infrastructure. The attack scenario is designed to blend trending attack trends with attack patterns observed from historical ICS incidents. The resulting evidence is collected as datasets, serving as an essential resource for cyberattack analysis. This captures key indicators that are relevant to the current threat landscape, augmenting the effectiveness of security systems and analysts to protect against ICS cyber threats.

Related papers

• Autonomous AI-based Cybersecurity Framework for Critical Infrastructure: Real-Time Threat Mitigation [1.4999444543328293]
  We propose a hybrid AI-driven cybersecurity framework to enhance real-time vulnerability detection, threat modelling, and automated remediation.<n>Our findings provide actionable insights to strengthen the security and resilience of critical infrastructure systems against emerging cyber threats.
  arXiv  Detail & Related papers  (2025-07-10T04:17:29Z)
• CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
  Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
  arXiv  Detail & Related papers  (2025-06-12T12:22:45Z)
• Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies [49.57278643040602]
  Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure.<n>This paper offers a comprehensive survey of emerging DDoS attacks and detection strategies over the past decade.
  arXiv  Detail & Related papers  (2025-02-27T11:22:25Z)
• Simulation of Multi-Stage Attack and Defense Mechanisms in Smart Grids [2.0766068042442174]
  We introduce a simulation environment that replicates the power grid's infrastructure and communication dynamics.<n>The framework generates diverse, realistic attack data to train machine learning algorithms for detecting and mitigating cyber threats.<n>It also provides a controlled, flexible platform to evaluate emerging security technologies, including advanced decision support systems.
  arXiv  Detail & Related papers  (2024-12-09T07:07:17Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• CARACAS: vehiCular ArchitectuRe for detAiled Can Attacks Simulation [37.89720165358964]
  This paper showcases CARACAS, a vehicular model, including component control via CAN messages and attack injection capabilities. CarACAS showcases the efficacy of this methodology, including a Battery Electric Vehicle (BEV) model, and focuses on attacks targeting torque control in two distinct scenarios.
  arXiv  Detail & Related papers  (2024-06-11T10:16:55Z)
• Use of Graph Neural Networks in Aiding Defensive Cyber Operations [2.1874189959020427]
  Graph Neural Networks have emerged as a promising approach for enhancing the effectiveness of defensive measures. We look into the application of GNNs in aiding to break each stage of one of the most renowned attack life cycles, the Lockheed Martin Cyber Kill Chain.
  arXiv  Detail & Related papers  (2024-01-11T05:56:29Z)
• Vulnerability Assessment of Industrial Control System with an Improved CVSS [3.9596068699962323]
  This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) Results show the physical system levels of ICS have the highest severity once cyberattacked.
  arXiv  Detail & Related papers  (2023-06-14T16:48:06Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI [3.871148938060281]
  LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale. We present several use cases to demonstrate the application of LADDER in real-world scenarios.
  arXiv  Detail & Related papers  (2022-11-01T12:16:30Z)
• Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
  We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
  arXiv  Detail & Related papers  (2021-11-23T23:42:16Z)
• Reinforcement Learning for Feedback-Enabled Cyber Resilience [24.92055101652206]
  Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism ( CRM) adapts to the known or zero-day threats and uncertainties in real-time. We review the literature on RL for cyber resiliency and discuss the cyber-resilient defenses against three major types of vulnerabilities.
  arXiv  Detail & Related papers  (2021-07-02T01:08:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.