{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T02:51:34Z","timestamp":1767495094528,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030302146"},{"type":"electronic","value":"9783030302153"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-30215-3_20","type":"book-chapter","created":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T19:02:43Z","timestamp":1567364563000},"page":"402-422","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics"],"prefix":"10.1007","author":[{"given":"Syed Ali","family":"Qasim","sequence":"first","affiliation":[]},{"suffix":"Jr.","given":"Juan","family":"Lopez","sequence":"additional","affiliation":[]},{"given":"Irfan","family":"Ahmed","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,2]]},"reference":[{"issue":"12","key":"20_CR1","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/MC.2012.325","volume":"45","author":"I Ahmed","year":"2012","unstructured":"Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G.: SCADA systems: challenges for forensic investigators. Computer 45(12), 44\u201351 (2012)","journal-title":"Computer"},{"issue":"6","key":"20_CR2","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MSP.2017.4251102","volume":"15","author":"I Ahmed","year":"2017","unstructured":"Ahmed, I., Obermeier, S., Sudhakaran, S., Roussev, V.: Programmable logic controller forensics. IEEE Secur. Priv. 15(6), 18\u201324 (2017)","journal-title":"IEEE Secur. Priv."},{"key":"20_CR3","doi-asserted-by":"crossref","unstructured":"Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S.: A SCADA system testbed for cybersecurity and forensic research and pedagogy. In: Proceedings of the 2nd Annual Industrial Control System Security Workshop (ICSS) (2016)","DOI":"10.1145\/3018981.3018984"},{"key":"20_CR4","unstructured":"Allen-Bradley: User manual. \n                      https:\/\/literature.rockwellautomation.com\/idc\/groups\/literature\/documents\/um\/1763-um001_-en-p.pdf"},{"key":"20_CR5","unstructured":"Beresford, D.: Exploiting Siemens Simatic S7 PLCs (2011)"},{"issue":"4","key":"20_CR6","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1109\/MC.2011.115","volume":"44","author":"TM Chen","year":"2011","unstructured":"Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. Computer 44(4), 91\u201393 (2011)","journal-title":"Computer"},{"key":"20_CR7","unstructured":"Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium, Miami Beach, Florida, January 2007"},{"key":"20_CR8","unstructured":"diflib. \n                      https:\/\/docs.python.org\/3\/library\/difflib.html"},{"key":"20_CR9","unstructured":"IEC: IEC 61131-3. \n                      https:\/\/www.sis.se\/api\/document\/preview\/562735\/"},{"key":"20_CR10","doi-asserted-by":"crossref","unstructured":"Kalle, S., Ameen, N., Yoo, H., Ahmed, I.: CLIK on PLCs! Attacking control logic with decompilation and virtual PLC. In: Proceeding of the 2019 NDSS Workshop on Binary Analysis Research (BAR) (2019)","DOI":"10.14722\/bar.2019.23074"},{"key":"20_CR11","doi-asserted-by":"crossref","unstructured":"Kottler, S., Khayamy, M., Hasan, S.R., Elkeelany, O.: Formal verification of ladder logic programs using NuSMV. In: SoutheastCon 2017, pp. 1\u20135 (2017)","DOI":"10.1109\/SECON.2017.7925390"},{"key":"20_CR12","unstructured":"Modicon: SoMachine Basic - Generic Functions Library Guide. \n                      https:\/\/www.schneider-electric.com\/en\/download\/document\/EIO0000001474\/"},{"issue":"7","key":"20_CR13","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/1538788.1538820","volume":"52","author":"SC Patel","year":"2009","unstructured":"Patel, S.C., Bhatt, G.D., Graham, J.H.: Improving the cyber security of SCADA communication networks. Commun. ACM 52(7), 139\u2013142 (2009)","journal-title":"Commun. ACM"},{"key":"20_CR14","unstructured":"Scapy. \n                      https:\/\/scapy.net\/"},{"issue":"S","key":"20_CR15","doi-asserted-by":"publisher","first-page":"S57","DOI":"10.1016\/j.diin.2017.06.012","volume":"22","author":"S Senthivel","year":"2017","unstructured":"Senthivel, S., Ahmed, I., Roussev, V.: SCADA network forensics of the PCCC protocol. Digit. Investig. 22(S), S57\u2013S65 (2017)","journal-title":"Digit. Investig."},{"key":"20_CR16","doi-asserted-by":"crossref","unstructured":"Senthivel, S., Dhungana, S., Yoo, H., Ahmed, I., Roussev, V.: Denial of engineering operations attacks in industrial control systems. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, CODASPY 2018, pp. 319\u2013329. ACM, New York (2018)","DOI":"10.1145\/3176258.3176319"},{"key":"20_CR17","doi-asserted-by":"publisher","unstructured":"Valentine, S., Farkas, C.: Software security: application-level vulnerabilities in SCADA systems. In: 2011 IEEE International Conference on Information Reuse Integration, pp. 498\u2013499, August 2011. \n                      https:\/\/doi.org\/10.1109\/IRI.2011.6009603","DOI":"10.1109\/IRI.2011.6009603"},{"key":"20_CR18","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-22312-0_3","volume-title":"ICT Systems Security and Privacy Protection","author":"H Yoo","year":"2019","unstructured":"Yoo, H., Ahmed, I.: Control logic injection attacks on industrial control systems. In: Dhillon, G., Karlsson, F., Hedstr\u00f6m, K., Z\u00faquete, A. (eds.) SEC 2019. IFIPAICT, vol. 562, pp. 33\u201348. Springer, Cham (2019). \n                      https:\/\/doi.org\/10.1007\/978-3-030-22312-0_3"},{"key":"20_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-030-22038-9_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"H Yoo","year":"2019","unstructured":"Yoo, H., Kalle, S., Smith, J., Ahmed, I.: Overshadow PLC to detect remote control-logic injection attacks. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 109\u2013132. Springer, Cham (2019). \n                      https:\/\/doi.org\/10.1007\/978-3-030-22038-9_6"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-30215-3_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,29]],"date-time":"2020-01-29T11:06:18Z","timestamp":1580295978000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-30215-3_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030302146","9783030302153"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-30215-3_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"2 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York City, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc2019.cs.stonybrook.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"86","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5-7","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}