R
RadMah AIDOCS
Sign In

ICS Security Simulator

Ground-truth labelled ICS attack datasets mapped to MITRE ATT&CK for ICS. Build training data for IDS, SIEM, SOC, and red/blue-team exercises without touching a real plant.

How it works

ICS Security runs as an overlay on a Virtual-SCADA simulation. You describe the plant in natural language and flag the attack campaign you want injected. The engine produces the clean-and-attack telemetry side-by-side with ground-truth labels mapped to MITRE ATT&CK for ICS technique ids — the exact data shape IDS / SIEM training pipelines need.

MITRE ATT&CK for ICS v15 coverage

Every injected event carries a first-class v15 technique ID, the tactic chain leading to it, and cross-references to CWE and CAPEC identifiers. Attack graphs are STIX-2.1 shaped. ICS Security v15 additions covered:

  • T0807 Command-Line Interface
  • T0814 Denial of Service
  • T0830 Adversary-in-the-Middle (was: Man-in-the-Middle)
  • T0831 Manipulation of Control
  • T0832 Manipulation of View
  • T0836 Modify Parameter
  • T0838 Modify Alarm Settings
  • T0842 Network Sniffing
  • T0843 Program Download
  • T0855 Unauthorized Command Message
  • T0856 Spoof Reporting Message
  • T0858 Change Operating Mode
  • T0859 Valid Accounts
  • T0866 Exploitation of Remote Services
  • T0869 Standard Application Protocol
  • T0872 Indicator Removal on Host
  • T0878 Alarm Suppression
  • T0881 Service Stop
  • T0883 Internet Accessible Device
  • T0889 Modify Program

Stage-2 bundle additions

Alongside the classic seven artefacts, Stage-2 / Stage-2.1 runs ship several additional sealed deliverables:

  • privacy_evidence.json — source_provenance, ε/δ budget ledger, DP mechanism, per-site receipts (federated runs only).
  • baseline_detector_receipt.json — hash-pinned IsolationForest fit (training rows SHA, estimator params, feature names, tree thresholds SHA). Consumers re-fit deterministically from the receipt alone.
  • federation_receipts.json (federated only) — per-site DPHE receipts + aggregated summary + aggregation backend (mpc_additive_v1, tee_sgx_v1, trusted_v1).
  • unknown_physics_composition.json— composer output when the plant doesn't match a Tier-1/Tier-2 archetype. Includes the species graph, mass-balance invariants, and any DimensionChecker violations surfaced during composition.

Live attack streaming

Attack events stream over the same SSE endpoint as benign telemetry: GET /v1/client/runs/{run_id}/stream. Attack-window slices are also written to a traffic.pcapng segment index in the sealed bundle. Every injected event is Merkle-chained into a hash-chained operator journal — re-ordering, insertion, or deletion breaks the chain.

Deep-dive references

  • MITRE ATT&CK ICS techniques — every technique the platform supports, grouped by the effect on the control loop (write-side manipulation vs read-side manipulation) and supply chain.
  • Bundle contents — the labelled artifacts (scada_telemetry, commands, alarms, ics_security, traffic_pcapng) the customer receives.
  • Validation Gate — the four-dimensional gate specifically penalises attack runs that produce zero anomaly labels.

Quickstart

from radmah_sdk import RadMah

sdk = RadMah(api_key="...", base_url="https://api.radmah.ai")

job = sdk.jobs.create(
    kind="simulate",
    engine="virtual_scada",
    seed=42,
    options={
        "description": (
            "Hospital HVAC plant with one chiller, two AHUs, three zone "
            "valves. Spoof a zone-temperature sensor (T0856)."
        ),
        "total_seconds": 120,
        "protocols": ["bacnet", "modbus"],
        "ics_security_enabled": True,
    },
)