X-IIoTID: A Connectivity-Agnostic and Device-Agnostic Intrusion Data Set for Industrial Internet of Things

Abstract

Industrial Internet of Things (IIoT) is a high-value cyber target due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT’s co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems’ activities, connectivities, and attack behaviors. In addition, owing to their multiplatform connectivity protocols and multivendor devices, collecting and creating such data are also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion data set for an IIoT called X-IIoTID, a connectivity-agnostic and device-agnostic intrusion data set for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multiview features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with 18 intrusion data sets to verify its novelty.