Abstract
In the context of Industry 4.0, Industrial Control Systems (ICSs) are undergoing a significant transition from physical isolation to partial openness. While this shift enhances operational efficiency and integration, it also exposes ICSs to increasing network attacks. Effective intrusion detection methods rely on high-quality ICS datasets, yet existing options remain limited in scope, diversity, and realism. To address this gap, we introduce ICS-NAD, a dataset collected in real-world ICS scenarios with three well-known ICS brands. It contains two attack traffic sample patterns and covers 20 common ICS attack types. Through feature extraction and labeling, the ICS-NAD dataset provides 60 features with complete labels. We validate its utility using 10 machine learning and deep learning classification models. The dataset comprises 245.96 GB data files, including raw ICS network traffic (in PCAP format) and extracted features with labels (in CSV format). It is publicly available on the website to support ICS network attack detection research in academic and engineering contexts.