{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T20:18:57Z","timestamp":1777407537669,"version":"3.51.4"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030127855","type":"print"},{"value":"9783030127862","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12786-2_1","type":"book-chapter","created":{"date-parts":[[2019,1,31]],"date-time":"2019-01-31T05:31:20Z","timestamp":1548912680000},"page":"3-19","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5195-8193","authenticated-orcid":false,"given":"Hanan","family":"Hindy","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9677-1445","authenticated-orcid":false,"given":"David","family":"Brosset","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1853-2921","authenticated-orcid":false,"given":"Ethan","family":"Bayne","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8393-3214","authenticated-orcid":false,"given":"Amar","family":"Seeam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1849-5788","authenticated-orcid":false,"given":"Xavier","family":"Bellekens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,1,31]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 449\u2013460. ACM (2016)","DOI":"10.1145\/2897845.2897855"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S.: A SCADA system testbed for cybersecurity and forensic research and pedagogy. In: Proceedings of the 2nd Annual Industrial Control System Security Workshop, pp. 1\u20139. ACM (2016)","DOI":"10.1145\/3018981.3018984"},{"issue":"5","key":"1_CR3","doi-asserted-by":"publisher","first-page":"1679","DOI":"10.1109\/TCST.2012.2211874","volume":"21","author":"S Amin","year":"2013","unstructured":"Amin, S., Litrico, X., Sastry, S.S., Bayen, A.M.: Cyber security of water scada systems-part ii: attack detection using enhanced hydrodynamic models. IEEE Trans. Control. Syst. Technol. 21(5), 1679\u20131693 (2013)","journal-title":"IEEE Trans. Control. Syst. Technol."},{"issue":"5","key":"1_CR4","doi-asserted-by":"publisher","first-page":"1963","DOI":"10.1109\/TCST.2012.2211873","volume":"21","author":"S Amin","year":"2013","unstructured":"Amin, S., Litrico, X., Sastry, S., Bayen, A.M.: Cyber security of water scada systems-part i: analysis and experimentation of stealthy deception attacks. IEEE Trans. Control. Syst. Technol. 21(5), 1963\u20131970 (2013)","journal-title":"IEEE Trans. Control. Syst. Technol."},{"key":"1_CR5","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511804779","volume-title":"Bayesian Reasoning and Machine Learning","author":"D Barber","year":"2012","unstructured":"Barber, D.: Bayesian Reasoning and Machine Learning. Cambridge University Press, Cambridge (2012)"},{"key":"1_CR6","unstructured":"Bellekens, X., et al.: Cyber-physical-security model for safety-critical IoT infrastructures. In: Wireless World Research Forum Meeting, vol. 35 (2015)"},{"issue":"5","key":"1_CR7","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1177\/0096340213501372","volume":"69","author":"JF Brenner","year":"2013","unstructured":"Brenner, J.F.: Eyes wide shut: the growing threat of cyber attacks on industrial control systems. Bull. At. Sci. 69(5), 15\u201320 (2013). https:\/\/doi.org\/10.1177\/0096340213501372","journal-title":"Bull. At. Sci."},{"issue":"1","key":"1_CR8","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/s11036-017-0835-8","volume":"23","author":"A Bujari","year":"2018","unstructured":"Bujari, A., Furini, M., Mandreoli, F., Martoglia, R., Montangero, M., Ronzani, D.: Standards, security and business models: key challenges for the iot scenario. Mob. Netw. Appl. 23(1), 147\u2013154 (2018)","journal-title":"Mob. Netw. Appl."},{"issue":"2","key":"1_CR9","doi-asserted-by":"publisher","first-page":"23","DOI":"10.3390\/jsan7020023","volume":"7","author":"Antonio Calder\u00f3n Godoy","year":"2018","unstructured":"Calder\u00f3n Godoy, A.J., Gonz\u00e1lez P\u00e9rez, I.: Integration of sensor and actuator networks and the scada system to promote the migration of the legacy flexible manufacturing system towards the industry 4.0 concept. J. Sens. Actuator Netw. 7(2), 23 (2018)","journal-title":"Journal of Sensor and Actuator Networks"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"C\u00e1rdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355\u2013366. ACM (2011)","DOI":"10.1145\/1966913.1966959"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Cheng, L., Tian, K., Yao, D.D.: Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 315\u2013326. ACM (2017)","DOI":"10.1145\/3134600.3134640"},{"issue":"9-10","key":"1_CR12","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/s12243-017-0607-2","volume":"72","author":"B. B. Gupta","year":"2017","unstructured":"Gupta, B., Agrawal, D.P., Yamaguchi, S., Arachchilage, N.A., Veluru, S.: Editorial security, privacy, and forensics in the critical infrastructure: advances and future directions (2017)","journal-title":"Annals of Telecommunications"},{"key":"1_CR13","unstructured":"Hindy, H., et al.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517 (2018)"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Hindy, H., Hodo, E., Bayne, E., Seeam, A., Atkinson, R., Bellekens, X.: A taxonomy of malicious traffic for intrusion detection systems. In: Proceedings of the Cyber SA 2018. IEEE, June 2018","DOI":"10.1109\/CyberSA.2018.8551386"},{"key":"1_CR15","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.ijcip.2008.08.003","volume":"1","author":"P Huitsing","year":"2008","unstructured":"Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the modbus protocols. Int. J. Crit. Infrastruct. Prot. 1, 37\u201344 (2008)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"1_CR16","first-page":"207","volume":"38","author":"ET Jensen","year":"2002","unstructured":"Jensen, E.T.: Computer attacks on critical national infrastructure: a use of force invoking the right of self-defense. Stanf. J. Int. Law 38, 207 (2002)","journal-title":"Stanf. J. Int. Law"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Jiang, N., Lin, H., Yin, Z., Xi, C.: Research of paired industrial firewalls in defense-in-depth architecture of integrated manufacturing or production system. In: 2017 IEEE International Conference on Information and Automation (ICIA), pp. 523\u2013526. IEEE (2017)","DOI":"10.1109\/ICInfA.2017.8078963"},{"key":"1_CR18","doi-asserted-by":"publisher","DOI":"10.1002\/9781118548387","volume-title":"Applied Logistic Regression","author":"DW Hosmer Jr","year":"2013","unstructured":"Hosmer Jr., D.W., Lemeshow, S., Sturdivant, R.X.: Applied Logistic Regression, vol. 398. Wiley, Hoboken (2013)"},{"issue":"3","key":"1_CR19","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49\u201351 (2011). https:\/\/doi.org\/10.1109\/MSP.2011.67","journal-title":"IEEE Secur. Priv."},{"key":"1_CR20","doi-asserted-by":"crossref","DOI":"10.1002\/9781118874059","volume-title":"Discovering Knowledge in Data: An Introduction to Data Mining","author":"DT Larose","year":"2014","unstructured":"Larose, D.T., Larose, C.D.: Discovering Knowledge in Data: An Introduction to Data Mining. Wiley, Hoboken (2014)"},{"key":"1_CR21","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1016\/j.dib.2017.07.038","volume":"14","author":"Pedro Merino Laso","year":"2017","unstructured":"Laso, P.M., Brosset, D., Puentes, J.: Dataset of anomalies and malicious acts in a cyber-physical subsystem (2017). https:\/\/doi.org\/10.1016\/j.dib.2017.07.038 , http:\/\/www.sciencedirect.com\/science\/article\/pii\/S2352340917303402 , iD: 311593","journal-title":"Data in Brief"},{"key":"1_CR22","unstructured":"Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack on the Ukrainian power grid. SANS ICS Report (2016)"},{"key":"1_CR23","volume-title":"Data Mining with Decision Trees: Theory and Applications","author":"R Lior","year":"2014","unstructured":"Lior, R.: Data Mining with Decision Trees: Theory and Applications, vol. 81. World Scientific, Singapore (2014)"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Mathur, A.: On the limits of detecting process anomalies in critical infrastructure. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, p. 1. ACM (2018)","DOI":"10.1145\/3198458.3198466"},{"issue":"4","key":"1_CR25","doi-asserted-by":"publisher","first-page":"55:1","DOI":"10.1145\/2542049","volume":"46","author":"R Mitchell","year":"2014","unstructured":"Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 55:1\u201355:29 (2014). https:\/\/doi.org\/10.1145\/2542049","journal-title":"ACM Comput. Surv."},{"key":"1_CR26","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77242-4","volume-title":"Support Vector Machines","author":"I Steinwart","year":"2008","unstructured":"Steinwart, I., Christmann, A.: Support Vector Machines. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-0-387-77242-4"},{"key":"1_CR27","unstructured":"Tan, E.E.: Cyber Deterrence in Singapore: Framework & Recommendations, RSIS Working Paper, No. 309. Nanyang Technological University, Singapore (2018)"},{"issue":"4","key":"1_CR28","doi-asserted-by":"publisher","first-page":"853","DOI":"10.1109\/TSMCA.2010.2048028","volume":"40","author":"CW Ten","year":"2010","unstructured":"Ten, C.W., Manimaran, G., Liu, C.C.: Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum. 40(4), 853\u2013865 (2010)","journal-title":"IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum."},{"key":"1_CR29","volume-title":"Python Data Science Handbook: Essential Tools for Working with Data","author":"J VanderPlas","year":"2016","unstructured":"VanderPlas, J.: Python Data Science Handbook: Essential Tools for Working with Data. O\u2019 Reilly Media, Inc., Sebastopol (2016)"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12786-2_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,13]],"date-time":"2023-09-13T09:12:25Z","timestamp":1694596345000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12786-2_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030127855","9783030127862"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12786-2_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"31 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SECPRE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security and Privacy Requirements Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"secpre2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/samosweb.aegean.gr\/secpre2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"11","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"5","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"45% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}