Current ICS security research is hindered by monolithic simulation platforms, leading to poor generalizability of proposed security solutions. To address this, we propose Docker-based, configurable multi-architecture ICS simulation framework that enables flexible orchestration of components across all levels of the Purdue Model, thereby decoupling security evaluation from fixed, topology-specific platforms. The framework implements three heterogeneous virtual testbeds—solar-powered smart grid, bottled-water filling plant, and smart electronic device facility—each integrating mainstream ICS protocols and device emulators. It generates labeled network traffic datasets encompassing normal operational behaviors as well as diverse attack patterns (e.g., reconnaissance, command injection, denial-of-service). This framework significantly enhances reproducibility and comprehensiveness in ICS security evaluation, providing a standardized experimental foundation for training and validating generic intrusion detection systems (IDS).

Industrial Control Systems (ICSs) are complex interconnected systems used to manage process control within industrial environments, such as chemical processing plants and water treatment facilities. As the modern industrial environment moves towards Internet-facing services, ICSs face an increased risk of attacks that necessitates ICS-specific Intrusion Detection Systems (IDS). The development of such IDS relies significantly on a simulated testbed as it is unrealistic and sometimes hazardous to utilize an operational control system. Whilst some testbeds have been proposed, they often use a limited selection of virtual ICS simulations to test and verify cyber security solutions. There is a lack of investigation done on developing systems that can efficiently simulate multiple ICS architectures. Currently, the trend within research involves developing security solutions on just one ICS simulation, which can result in bias to its specific architecture. We present ICS-SimLab, an end-to-end software suite that utilizes Docker containerization technology to create a highly configurable ICS simulation environment. This software framework enables researchers to rapidly build and customize different ICS environments, facilitating the development of security solutions across different systems that adhere to the Purdue Enterprise Reference Architecture. To demonstrate its capability, we present three virtual ICS simulations: a solar panel smart grid, a water bottle filling facility, and a system of intelligent electronic devices. Furthermore, we run cyber-attacks on these simulations and construct a dataset of recorded malicious and benign network traffic to be used for IDS development.