Dataset of SCADA traffic captures from a medical waste incinerator with injected cyberattacks

Outlet Title

Data in Brief

Authors

Basheer A. Al-Duwairi, Jordan University of Science and Technology
Ahmed Shatnawi, Jordan University of Science and Technology
Ahmad T. Al-Hammouri, Dakota State UniversityFollow
Mohammad Ababneh, Jordan University of Science and Technology

Document Type

Article

Publication Date

2025

Abstract

This paper presents network traffic captures from a Supervisory Control and Data Acquisition (SCADA) system installed in a medical waste incinerator. The dataset comprises 14 daily packet capture files (day01.pcap to day14.pcap), collected over a two-week period from a Siemens S7–1500/ET200MP-based SCADA system. The total number of packets in all files is over 19 million packets. The traffic was captured using Wireshark on the Human-Machine Interface (HMI) terminal directly connected to the Programmable Logic Controller (PLC), recording network communication via the OPC and PROFINET protocols. In addition, eight traffic captures were generated by injecting relevant synthetic cyber-attack traffic into selected daily captures to simulate real-life attack scenarios, including Man-in-the-Middle (MITM), Replay, Packet Fuzzing, Command Flooding, Data Spoofing, Protocol Exploitation, Stealthy Command Injection, and SYN Flooding. Each attack-injected files contains approximately 20,000 attack packets. This dataset is invaluable to support cybersecurity research in industrial control systems (ICS), and it provides a comprehensive resource for analyzing normal SCADA behavior and for evaluating intrusion detection systems (IDS) under various common attack conditions.

Recommended Citation

Basheer Al-Duwairi, Ahmed Shatnawi, Ahmad Al-Hammouri, and Mohammad Ababneh. Dataset of scada traffic captures from a medical waste incinerator with injected cyberattacks. Data in Brief, 63:112294, 2025.