{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T20:59:40Z","timestamp":1757451580169,"version":"3.40.3"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030123291"},{"type":"electronic","value":"9783030123307"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12330-7_8","type":"book-chapter","created":{"date-parts":[[2019,5,13]],"date-time":"2019-05-13T22:20:47Z","timestamp":1557786047000},"page":"161-179","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Improving Security in Industrial Internet of Things: A Distributed Intrusion Detection Methodology"],"prefix":"10.1007","author":[{"given":"Giuseppe","family":"Bernieri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Federica","family":"Pascucci","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,5,14]]},"reference":[{"key":"8_CR1","volume-title":"The art and science of computer security","author":"MA Bishop","year":"2002","unstructured":"Bishop MA (2002) The art and science of computer security. Addison-Wesley Longman Publishing Co., Inc., Boston"},{"key":"8_CR2","volume-title":"Practical SCADA for industry","author":"D Bailey","year":"2003","unstructured":"Bailey D, Wright E (2003) Practical SCADA for industry. Elsevier Ltd., Amsterdam"},{"key":"8_CR3","unstructured":"Markoff J (2009) Old trick threatens the newest weapons. The New York Times. \n http:\/\/www.nytimes.com\/2009\/10\/27\/science\/27trojan.html\n \n . Cited 22 Aug 2018"},{"key":"8_CR4","unstructured":"Slay J, Miller M (2008) Lessons learned from the maroochy water breach. In: Goetz E, Shenoi S (eds) Critical Infrastructure Protection, ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston"},{"key":"8_CR5","unstructured":"Langner R (2013) To kill a centrifuge: a technical analysis of what Stuxnet\u2019s creators tried to achieve. The Langner Group \n https:\/\/www.langner.com\/wp-content\/uploads\/2017\/03\/to-kill-a-centrifuge.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR6","unstructured":"Symantec (2011) W32.Duqu \u2013 the precursor to the next Stuxnet (Version 1.4) \n http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/w32_duqu_the_precursor_to_the_next_stuxnet.pdf\n \n Cited 22 Aug 2018"},{"key":"8_CR7","unstructured":"F-Secure Labs (2014) BlackEnergy & Quedagh: the convergence of crimeware and APT attacks. \n https:\/\/www.f-secure.com\/documents\/996508\/1030745\/blackenergy_whitepaper.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR8","unstructured":"E-ISAC (2016) Analysis of the cyber-attack on the Ukrainian power grid. \n https:\/\/ics.sans.org\/media\/E-ISAC_SANS_Ukraine_DUC_5.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR9","unstructured":"Stouffer K, Lightman S, Pillitter V, Abrams M, Hahn A (2015) Guide to Industrial Control System (ICS) security, Revision 2. NIST Special publication 800-82 \n https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-82r2.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR10","unstructured":"ISA (2007) ANSI\/ISA\u201362443-1-1 (99.01.01)\u20132007 security for industrial automation and control systems part 1: terminology, concepts, and models. Int Soc Autom"},{"key":"8_CR11","first-page":"152","volume-title":"Digitising Industry \u2013 Internet of Things Connecting the Physical","author":"JK Soldatos","year":"2016","unstructured":"Soldatos JK, Gusmeroli S, Mal\u00f3 P, Di Orio G (2016) Internet of Things applications in future manufacturing. In: Vermesan O, Friess P (eds) Digitising Industry \u2013 Internet of Things Connecting the Physical, Digital and Virtual Worlds. River Publishers, Aalborg, pp 152\u2013182"},{"key":"8_CR12","unstructured":"Groover MP (2001) Automation, production systems and computer integrated manufacturing. Prentice Hall, Englewood Cliffs"},{"issue":"4","key":"8_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2542049","volume":"46","author":"Robert Mitchell","year":"2014","unstructured":"Mitchell R, Ing-Ray C (2014) A survey of intrusion detection techniques for cyber-physical systems. ACM Comput Surv (CSUR) 46(4). \n https:\/\/doi.org\/10.1145\/2542049","journal-title":"ACM Computing Surveys"},{"issue":"4","key":"8_CR14","doi-asserted-by":"publisher","first-page":"1052","DOI":"10.1109\/JSYST.2013.2257594","volume":"8","author":"S Han","year":"2014","unstructured":"Han S, Xie M, Chen H, Ling Y (2014) Intrusion detection in cyber-physical systems: techniques and challenges. IEEE Syst J 8(4):1052\u20131062. \n https:\/\/doi.org\/10.1109\/JSYST.2013.2257594","journal-title":"IEEE Syst J"},{"key":"8_CR15","volume-title":"Handbook of information and communication Security","author":"A Mahmood","year":"2010","unstructured":"Mahmood A, Leckie C, Hu J, Tari Z, Atiquzzaman M (2010) Network traffic analysis and SCADA security. In: Stavroulakis P, Stamp M (eds) Handbook of information and communication Security. Springer, Berlin\/Heidelberg"},{"issue":"4","key":"8_CR16","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1109\/TCOM.1980.1094702","volume":"28","author":"B Zimmermann","year":"1980","unstructured":"Zimmermann B (1980) OSI reference model \u2013 the ISO model of architecture for open systems interconnection. IEEE Trans Commun 28(4):425\u2013432. \n https:\/\/doi.org\/10.1109\/TCOM.1980.1094702","journal-title":"IEEE Trans Commun"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Rossi D, Sottile E (2009) Sherlock: a framework for P2P traffic analyis. In: IEEE Ninth International Conference on Peer-to-Peer Computing, Seattle, pp 321\u2013330. \n https:\/\/doi.org\/10.1109\/P2P.2009.5284490","DOI":"10.1109\/P2P.2009.5284490"},{"key":"8_CR18","unstructured":"Boschi E, Mark L, Quittek J, Stiemerling M, Aitken P (2008) RFC 5153: IP flow information export (IPFIX) implementation guidelines. IETF. \n https:\/\/tools.ietf.org\/html\/rfc5153\n \n . Cited 22 Aug 2018"},{"key":"8_CR19","unstructured":"L. Huawei Technologies (2012) NetStream (integrated) technology white paper. \n http:\/\/e.huawei.com\/au\/marketing-material\/onLineView?MaterialID=%7B7B805301-E381-4690-823A-4E73A0411E29%7D\n \n . Cited 22 Aug 2018"},{"key":"8_CR20","unstructured":"Juniper Networks, Flow monitoring feature guide. \n https:\/\/www.juniper.net\/documentation\/en_US\/junos\/information-products\/pathway-pages\/solutions\/flow-monitoring\/flow-monitoring.html\n \n . Cited 22 Aug 2018"},{"key":"8_CR21","first-page":"229","volume-title":"Proceedings of the 13th USENIX Conference on System Administration (LISA \u201999)","author":"M Roesch","year":"1999","unstructured":"Roesch M (1999) Snort \u2013 lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration (LISA \u201999). USENIX Association, Berkeley, pp 229\u2013238"},{"key":"8_CR22","unstructured":"Suricata (2018) Suricata user guide. \n https:\/\/suricata.readthedocs.io\/en\/suricata-4.0.5\/#suricata-user-guide\n \n . Cited 22 Aug 2018"},{"key":"8_CR23","unstructured":"Bro, Bro manual. \n https:\/\/www.bro.org\/sphinx\/index.html\n \n . Cited 22 Aug 2018"},{"key":"8_CR24","unstructured":"Ayuso PN (2006) Netfilter\u2019s connection tracking system. USENIX magazine. \n http:\/\/people.netfilter.org\/pablo\/docs\/login.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR25","unstructured":"ntop (2013) nDPI \u2013 quick start guide. \n https:\/\/www.ntop.org\/wp-content\/uploads\/2013\/12\/nDPI_QuickStartGuide.pdf\n \n . Cited 22 Aug 2018"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Kohnen C, Uberall C, Adamsky F, Rakocevic V, Rajarajan M, Jager R (2010) Enhancements to Statistical Protocol IDentification (SPID) for self-organised QoS in LANs. In: International Conference on Computer Communications and Networks (ICCCN), Zurich","DOI":"10.1109\/ICCCN.2010.5560139"},{"key":"8_CR27","series-title":"Advances in Industrial Control","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4471-4799-2","volume-title":"Model-Based Fault Diagnosis Techniques","author":"Steven X. Ding","year":"2013","unstructured":"Ding SX (2013) Model-based fault diagnosis techniques. Advances in industrial control. Springer, London. \n https:\/\/doi.org\/10.1007\/978-1-4471-4799-2"},{"issue":"6","key":"8_CR28","doi-asserted-by":"publisher","first-page":"1850","DOI":"10.1109\/TAC.2017.2753466","volume":"63","author":"LW An","year":"2018","unstructured":"An LW, Yang GH (2018) Data-driven coordinated attack policy design based on adaptive L2-gain optimal theory. IEEE Trans Autom Control 63(6):1850\u20131856. \n https:\/\/doi.org\/10.1109\/TAC.2017.2753466","journal-title":"IEEE Trans Autom Control"},{"issue":"12","key":"8_CR29","doi-asserted-by":"publisher","first-page":"6641","DOI":"10.1109\/TAC.2017.2714903","volume":"62","author":"CZ Bai","year":"2017","unstructured":"Bai CZ, Gupta V, Pasqualetti F (2017) On Kalman filtering with compromised sensors: attack stealthiness and performance bounds. IEEE Trans Autom Control 62(12):6641\u20136648. \n https:\/\/doi.org\/10.1109\/TAC.2017.2714903","journal-title":"IEEE Trans Autom Control"},{"key":"8_CR30","unstructured":"Mo Y, Sinopoli B (2010) False data injection attacks in control systems. In: First Workshop on Secure Control Systems, CPS Week"},{"issue":"1","key":"8_CR31","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1109\/TCNS.2016.2573039","volume":"4","author":"F Miao","year":"2017","unstructured":"Miao F, Zhu Q, Pajic M, Pappas GJ (2017) Coding schemes for securing cyber-physical systems against stealthy data injection attacks. IEEE Trans Control Netw Syst 4(1):106\u2013117. \n https:\/\/doi.org\/10.1109\/TCNS.2016.2573039","journal-title":"IEEE Trans Control Netw Syst"},{"key":"8_CR32","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1016\/j.automatica.2017.04.047","volume":"82","author":"CZ Bai","year":"2017","unstructured":"Bai CZ, Gupta V, Pasqualetti F (2017) Data-injection attacks in stochastic control systems: detectability and performance tradeoffs. Automatica 82:251\u2013260. \n https:\/\/doi.org\/10.1016\/j.automatica.2017.04.047","journal-title":"Automatica"},{"issue":"5","key":"8_CR33","doi-asserted-by":"publisher","first-page":"779","DOI":"10.1109\/TSMC.2016.2616544","volume":"48","author":"D Ding","year":"2018","unstructured":"Ding D, Wang Z, Han QL, Wei G (2018) Security control for discrete-time stochastic nonlinear systems subject to deception attacks. IEEE Trans Syst Man Cybern: Syst 48(5):779\u2013789. \n https:\/\/doi.org\/10.1109\/TSMC.2016.2616544","journal-title":"IEEE Trans Syst Man Cybern: Syst"},{"issue":"8","key":"8_CR34","doi-asserted-by":"publisher","first-page":"1826","DOI":"10.1109\/TSMC.2016.2551200","volume":"47","author":"D Zhang","year":"2017","unstructured":"Zhang D, Song H, Yu L (2017) Robust fuzzy-model-based filtering for nonlinear cyber-physical systems with multiple stochastic incomplete measurements. IEEE Trans Syst Man Cybern: Syst 47(8):1826\u20131838. \n https:\/\/doi.org\/10.1109\/TSMC.2016.2551200","journal-title":"IEEE Trans Syst Man Cybern: Syst"},{"issue":"3","key":"8_CR35","doi-asserted-by":"publisher","first-page":"846","DOI":"10.1109\/TCNS.2017.2648508","volume":"5","author":"Yuzhe Li","year":"2018","unstructured":"Li Y, Shi L, Chen T (2017) Detection against linear deception attacks on multi-sensor remote state estimation. IEEE Trans Control Netw Syst. \n https:\/\/doi.org\/10.1109\/TCNS.2017.2648508","journal-title":"IEEE Transactions on Control of Network Systems"},{"key":"8_CR36","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1016\/j.automatica.2014.10.067","volume":"51","author":"A Teixeira","year":"2015","unstructured":"Teixeira A, Shames I, Sandbergand H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135\u2013148. \n https:\/\/doi.org\/10.1016\/j.automatica.2014.10.067","journal-title":"Automatica"},{"issue":"3","key":"8_CR37","doi-asserted-by":"publisher","first-page":"804","DOI":"10.1109\/TAC.2013.2279896","volume":"59","author":"M Zhu","year":"2014","unstructured":"Zhu M, Martinez S (2014) On the performance analysis of resilient networked control systems under replay attacks. IEEE Trans Autom Control 59(3):804\u2013808. \n https:\/\/doi.org\/10.1109\/TAC.2013.2279896","journal-title":"IEEE Trans Autom Control"},{"issue":"6","key":"8_CR38","doi-asserted-by":"publisher","first-page":"1862","DOI":"10.1109\/TCYB.2017.2716115","volume":"4","author":"B Chen","year":"2018","unstructured":"Chen B, Ho DW, Hu G, Yu L (2018) Secure fusion estimation for bandwidth constrained cyber-physical systems under replay attacks. IEEE Trans Cybern 4(6):1862\u20131876. \n https:\/\/doi.org\/10.1109\/TCYB.2017.2716115","journal-title":"IEEE Trans Cybern"},{"issue":"4","key":"8_CR39","doi-asserted-by":"publisher","first-page":"1396","DOI":"10.1109\/TCST.2013.2280899","volume":"22","author":"Y Mo","year":"2014","unstructured":"Mo Y, Chabukswar R, Sinopoli B (2014) Detecting integrity attacks on scada systems. IEEE Trans Control Syst Technol 22(4):1396\u20131407. \n https:\/\/doi.org\/10.1109\/TCST.2013.2280899","journal-title":"IEEE Trans Control Syst Technol"},{"key":"8_CR40","doi-asserted-by":"publisher","unstructured":"Miao F, Pajic M, Pappas GJ (2013) Stochastic game approach for replay attack detection. In: 52nd IEEE Conference on Decision and Control, Florence, pp 1854\u20131859. \n https:\/\/doi.org\/10.1109\/CDC.2013.6760152","DOI":"10.1109\/CDC.2013.6760152"},{"key":"8_CR41","doi-asserted-by":"publisher","unstructured":"Gazis V, Leonardi A, Mathioudakis K, Sasloglou K, Kikiras P, Sudhaakar R (2015) Components of fog computing in an industrial Internet of Things context. In: 12th Annual IEEE International Conference on Sensing, Communication, and Networking \u2013 Workshops (SECON Workshops), Seattle, WA, pp 1\u20136. \n https:\/\/doi.org\/10.1109\/SECONW.2015.7328144","DOI":"10.1109\/SECONW.2015.7328144"},{"key":"8_CR42","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1016\/j.mfglet.2018.01.005","volume":"15","author":"Peter O'Donovan","year":"2018","unstructured":"O\u2019Donovan P, Gallagher C, Bruton, K, O\u2019Sullivan DTJ (2018) A fog computing industrial cyber-physical system for embedded low-latency machine learning Industry 4.0 applications. Manuf Lett 15(part B):139\u2013142. \n https:\/\/doi.org\/10.1016\/j.mfglet.2018.01.005","journal-title":"Manufacturing Letters"},{"key":"8_CR43","unstructured":"Bernieri G, Pascucci F, Lopez J (2017) Network anomaly detection in critical infrastructure based on mininet network simulator. In: ITASEC"},{"issue":"4","key":"8_CR44","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/MDAT.2017.2682223","volume":"34","author":"E Etchev\u00e9s Miciolino","year":"2017","unstructured":"Etchev\u00e9s Miciolino E, Setola R, Bernieri G, Panzieri S, Pascucci F, Polycarpou MM (2017) Fault diagnosis and network anomaly detection in water infrastructures. IEEE Des Test 34(4):44\u201351. \n https:\/\/doi.org\/10.1109\/MDAT.2017.2682223","journal-title":"IEEE Des Test"},{"key":"8_CR45","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1016\/j.compeleceng.2017.02.010","volume":"59","author":"E Etchev\u00e9s Miciolino","year":"2017","unstructured":"Etchev\u00e9s Miciolino E, Bernieri G, Pascucci F, Setola R (2017) Monitoring system reaction in cyber-physical testbed under cyber-attacks. Comput Electr Eng 59:86\u201398. \n https:\/\/doi.org\/10.1016\/j.compeleceng.2017.02.010","journal-title":"Comput Electr Eng"},{"issue":"1","key":"8_CR46","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1109\/TAC.1979.1101943","volume":"24","author":"L Ljung","year":"1979","unstructured":"Ljung L (1979) Asymptotic behavior of the extended Kalman filter as a parameter estimator for linear systems. IEEE Trans Autom Control 24(1):36\u201350. \n https:\/\/doi.org\/10.1109\/TAC.1979.1101943","journal-title":"IEEE Trans Autom Control"},{"key":"8_CR47","doi-asserted-by":"publisher","unstructured":"Bernieri G, Del Moro F, Faramondi L, Pascucci F (2016) A testbed for integrated fault diagnosis and cyber security investigation. In: International Conference on Control, Decision and Information Technologies (CoDIT), St. Julian\u2019s, pp 454\u2013459. \n https:\/\/doi.org\/10.1109\/CoDIT.2016.7593605","DOI":"10.1109\/CoDIT.2016.7593605"},{"key":"8_CR48","unstructured":"Offensive Security (2018) Introduction to Kali Linux. \n https:\/\/docs.kali.org\/category\/introduction\n \n . Cited 22 Aug 2018"}],"container-title":["Advanced Sciences and Technologies for Security Applications","Security and Privacy Trends in the Industrial Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12330-7_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,16]],"date-time":"2019-07-16T05:32:38Z","timestamp":1563255158000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12330-7_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030123291","9783030123307"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12330-7_8","relation":{},"ISSN":["1613-5113","2363-9466"],"issn-type":[{"type":"print","value":"1613-5113"},{"type":"electronic","value":"2363-9466"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"14 May 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}