Power grids worldwide are increasingly victims of cyberattacks, where
attackers can cause immense damage to critical infrastructure. The growing
digitalization and networking in power grids combined with insufficient
protection against cyberattacks further exacerbate this trend. Hence, security
engineers and researchers must counter these new risks by continuously
improving security measures. Data sets of real network traffic during
cyberattacks play a decisive role in analyzing and understanding such attacks.
Therefore, this paper presents PowerDuck, a publicly available security data
set containing network traces of GOOSE communication in a physical substation
testbed. The data set includes recordings of various scenarios with and without
the presence of attacks. Furthermore, all network packets originating from the
attacker are clearly labeled to facilitate their identification. We thus
envision PowerDuck improving and complementing existing data sets of
substations, which are often generated synthetically, thus enhancing the
security of power grids