Power grids face severe cyberattack threats due to their wide physical distribution and legacy protocols, yet existing intrusion detection systems (IDS) lack publicly available, process-aware benchmark datasets reflecting real-world operational scenarios. To address this gap, we propose Sherlock—the first multimodal IDS evaluation dataset explicitly designed for power system industrial processes. Built upon the Wattson co-simulation platform and incorporating IEC 61850/104 protocol modeling, Sherlock generates synchronized cyber-traffic and physical-state data encompassing three realistic attack types: malicious command injection, sensor spoofing, and actuator manipulation. Crucially, it establishes the first coupling between cyberattack behaviors and dynamic process-state evolution, enabling process-logic consistency verification. The fully documented dataset is open-sourced. Benchmarking against five state-of-the-art IDS—including DeepPower and GridGuard—reveals critical deficiencies in process-semantic understanding and cross-layer attack detection, establishing Sherlock as a reproducible, process-aware evaluation foundation for next-generation power-system-specific IDS.

Physically distributed components and legacy protocols make the protection of power grids against increasing cyberattack threats challenging. Infamously, the 2015 and 2016 blackouts in Ukraine were caused by cyberattacks, and the German Federal Office for Information Security (BSI) recorded over 200 cyber incidents against the German energy sector between 2023 and 2024. Intrusion detection promises to quickly detect such attacks and mitigate the worst consequences. However, public datasets of realistic scenarios are vital to evaluate these systems. This paper introduces Sherlock, a dataset generated with the co-simulator Wattson. In total, Sherlock covers three scenarios with various attacks manipulating the process state by injecting malicious commands or manipulating measurement values. We additionally test five recently-published intrusion detection systems on Sherlock, highlighting specific challenges for intrusion detection in power grids. Dataset and documentation are available at https://sherlock.wattson.it/.