ISIA-AF: Orchestrating Reproducible Attacks and Multi-Source Data Collection for OT Systems
Published in Euromicro Conference on Software Engineering and Advanced Applications (SEAA) 2026, 2026
Recommended citation: Stefan M. Haratzmüller, Thomas Rosenstatter, Olaf Saßnick, Dalibor Sain and Stefan Huber. "ISIA-AF: Orchestrating Reproducible Attacks and Multi-Source Data Collection for OT Systems," in 52nd Euromicro Conference on Software Engineering and Advanced Applications (SEAA) 2026, September 2026, accepted.
Operational Technology (OT) environments require realistic, reproducible security datasets, yet existing approaches often lack automation, multi-source data capture, and sufficient documentation for reuse. This paper presents ISIA-AF, a modular attack framework for orchestrating reproducible attack execution and automated dataset generation on industrial systems. The framework coordinates distributed attack clients, records network traffic and operational data, ultimately leading to a multi-source dataset. We derive functional and non-functional requirements from prior work and stakeholder discussions, and realise the framework following a design science research approach. A case study on the ISIA testbed, comprising a real industrial system and a simulated process, demonstrates how the framework supports centralised control, low communication overhead, and flexible deployment across network segments. The result is a practical basis for generating extensible, multi-source OT security datasets for intrusion detection research.
Download the article here.