AUTOMOTIVE ETHERNET INTRUSION DATASET
This dataset contains benign Audio Video Transport Protocol (AVTP) packet captures from our physical automotive Ethernet testbed. Also, we demonstrate a replay attack on the automotive Ethernet to achieve the intrusion dataset.
We suppose that an attacker injects arbitrary stream AVTP data units (AVTPDUs) into the IVN. The goal of the attacker is to output a single video frame, at a terminal application connected to the AVB listener, by injecting previously generated AVTPDUs during a certain period. To demonstrate the attack, we extract 36 continuous stream AVTPDUs (single-MPEG-frame.pcap) from one of our AVB datasets; the extracted AVTPDUs constitute one video frame. Then, the attacker performs a replay attack by sending the 36 stream AVTPDUs repeatedly. Check *_injected.pcap files for the result of the replay attack.
The following devices are connected to our automotive Ethernet testbed:
a RAD-Galaxy: BroadR-Reach switch
two neoECU AVB/TSN (AVB/TSN Endpoint Simulation): configured as an AVB talker and an AVB listener, respectively
a RAD-Moon: a media converter (between BroadR-Reach and Ethernet)
an USB Camera connected to the AVB talker
The dataset contains four benign (attack-free) packet captures.
driving_01_original.pcap (about 10 min)
driving_02_original.pcap (about 16 min)
indoors_01_original.pcap (about 24 min)
indoors_02_original.pcap (about 21 min)
Labeling the dataset
If you are willing to do some research for intrusion detection, you need to label packets in *_injected.pcap files. You can make packet-by-packet labels through the examination whether entire frame of each packet in *_injected.pcap is in single-MPEG-frame.pcap. Otherwise, you may want to refer to our example code in Jupyter Notebook (link). Thank you for your consideration.
To analyze the packet captures, we recommend researchers use Wireshark and the following plug-ins:
Dissector for IEEE1722 (AVTP) IEC61883/IIDC Subtype MPEG2-TS: https://gist.github.com/oro350/8321451
(Optional) MPEG video parser https://wiki.wireshark.org/mpeg_dump.lua
Download the dataset
You can access the dataset via IEEE DataPort https://dx.doi.org/10.21227/1yr3-q009.
Seonghoon Jeong, Boosun Jeon, Boheung Chung, and Huy Kang Kim, "Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks," Vehicular Communications, DOI: 10.1016/j.vehcom.2021.100338.