Abstract With the growing interconnectedness of industrial control systems (ICS), the need for coordinated integration of functional capabilities and information security has become increasingly pronounced, creating an urgent demand for high‐quality, multi‐source data to support ICS security research in the petrochemical sector. To this end, this study constructs the TE‐CUP‐SEC dataset. Leveraging the Tennessee Eastman (TE) process model and integrating industrial networking devices, controllers, and communication protocols, the dataset systematically enables virtual–physical fused modelling of three selected layers of the ISA‐95 architecture, including the physical process layer (Level 0), the basic control layer (Level 1), and the supervisory and network layer (Level 2). By emulating a variety of representative threat scenarios including malicious command injection, physical process disturbances, false data injection, and denial‐of‐service (DoS) attacks, the dataset collects synchronized physical measurements and network traffic data, capturing key features across the physical, control, and network layers. Experimental results indicate that TE‐CUP‐SEC exhibits strong multi‐layer feature representation and robust attack characterization capabilities under complex adversarial conditions, thereby providing essential data support for advancing ICS security technologies in the petrochemical industry.
Wang et al. (Sun,) studied this question.