{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T23:20:30Z","timestamp":1773098430671,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030376697","type":"print"},{"value":"9783030376703","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,12,20]],"date-time":"2019-12-20T00:00:00Z","timestamp":1576800000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-37670-3_10","type":"book-chapter","created":{"date-parts":[[2019,12,19]],"date-time":"2019-12-19T18:03:40Z","timestamp":1576778620000},"page":"122-133","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Using Datasets from Industrial Control Systems for Cyber Security Research and Education"],"prefix":"10.1007","author":[{"given":"Qin","family":"Lin","sequence":"first","affiliation":[]},{"given":"Sicco","family":"Verwer","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Kooij","sequence":"additional","affiliation":[]},{"given":"Aditya","family":"Mathur","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,12,20]]},"reference":[{"key":"10_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-030-05849-4_17","volume-title":"Critical Information Infrastructures Security","author":"M Almgren","year":"2019","unstructured":"Almgren, M., et al.: RICS-el: building a national testbed for research and training on SCADA security (short paper). In: Luiijf, E., \u017dutautait\u0117, I., H\u00e4mmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 219\u2013225. Springer, Cham (2019). \nhttps:\/\/doi.org\/10.1007\/978-3-030-05849-4_17"},{"key":"10_CR2","unstructured":"Anderson, R., et al.: Measuring the cost of cybercrime. In: Proceedings of the 11th Workshop on Economics of Information Security (2012)"},{"key":"10_CR3","unstructured":"Balaganski, A., Derwisch, S.: Big data and information security. KuppingerCole and BARC Joint Study, Report No.: 7400 (2016)"},{"key":"10_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/978-3-030-05849-4_12","volume-title":"Critical Information Infrastructures Security","author":"S Choi","year":"2019","unstructured":"Choi, S., Yun, J.-H., Kim, S.-K.: A comparison of ICS datasets for security research based on attack paths. In: Luiijf, E., \u017dutautait\u0117, I., H\u00e4mmerli, B.M. (eds.) CRITIS 2018. LNCS, vol. 11260, pp. 154\u2013166. Springer, Cham (2019). \nhttps:\/\/doi.org\/10.1007\/978-3-030-05849-4_12"},{"key":"10_CR5","unstructured":"Council of the European Union: European council, council directive 2016\/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the union (2016). \nhttps:\/\/eur-lex.europa.eu\/eli\/dir\/2016\/1148\/oj"},{"key":"10_CR6","unstructured":"Digitalbond: S4x15 ICS village CTF dataset (2015). \nhttps:\/\/www.digitalbond.com\/blog\/2015\/03\/16\/s4x15-ctf-ics-village-page\/"},{"key":"10_CR7","unstructured":"G8: G8 principles for protecting critical information infrastructures (2003). \nhttp:\/\/www.cybersecuritycooperation.org\/documents\/G8_CIIP_Principles.pdf"},{"key":"10_CR8","unstructured":"GFCE: global forum on cyber expertise (2015). \nhttps:\/\/www.thegfce.com\/about"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140\u2013145. IEEE (2017)","DOI":"10.1109\/HASE.2017.36"},{"key":"10_CR10","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/978-3-319-26502-5_2","volume-title":"Secure IT Systems","author":"H Holm","year":"2015","unstructured":"Holm, H., Karresand, M., Vidstr\u00f6m, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems, vol. 9417, pp. 11\u201326. Springer, Cham (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-319-26502-5_2"},{"key":"10_CR11","unstructured":"ICS-CERT: Cyber-attack against Ukrainian critical infrastructure (2016). \nhttps:\/\/ics-cert.us-cert.gov\/alerts\/IR-ALERT-H-16-056-01"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058\u20131065. IEEE (2017)","DOI":"10.1109\/ICDMW.2017.149"},{"key":"10_CR13","unstructured":"iTrust: Centre for Research in Cyber Security (2015). \nhttps:\/\/itrust.sutd.edu.sg\/"},{"key":"10_CR14","unstructured":"iTrust: Secure Water Treatment (SWaT) Testbed (2015). \nhttps:\/\/itrust.sutd.edu.sg\/research\/dataset\/"},{"key":"10_CR15","unstructured":"Lemay, A., Fernandez, J.M.: Providing $$\\{$$SCADA$$\\}$$ network data sets for intrusion detection research. In: 2016 9th Workshop on Cyber Security Experimentation and Test ($$\\{$$CSET$$\\}$$) (2016)"},{"key":"10_CR16","unstructured":"Lewis, J.A.: Economic impact of cybercrime-no slowing down (2018). \nhttps:\/\/www.csis.org\/analysis\/economic-impact-cybercrime"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: a graphical model-based approach for anomaly detection in Industrial Control Systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525\u2013536. ACM (2018)","DOI":"10.1145\/3196494.3196546"},{"issue":"1\/2","key":"10_CR18","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1504\/IJCIS.2013.051608","volume":"9","author":"E Luiijf","year":"2013","unstructured":"Luiijf, E., Besseling, K., De Graaf, P.: Nineteen national cyber security strategies. Int. J. Crit. Infrastruct. (IJCIS) 9(1\/2), 3\u201331 (2013)","journal-title":"Int. J. Crit. Infrastruct. (IJCIS)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Mathur, A.P., Tippenhauer, N.: SWaT: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31\u201336. IEEE, USA, April 2016","DOI":"10.1109\/CySWater.2016.7469060"},{"issue":"5","key":"10_CR20","doi-asserted-by":"publisher","first-page":"1039","DOI":"10.1109\/JPROC.2015.2512235","volume":"104","author":"S McLaughlin","year":"2016","unstructured":"McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039\u20131057 (2016)","journal-title":"Proc. IEEE"},{"key":"10_CR21","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-662-45355-1_5","volume-title":"Critical Infrastructure Protection VIII","author":"T Morris","year":"2014","unstructured":"Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IAICT, vol. 441, pp. 65\u201378. Springer, Heidelberg (2014). \nhttps:\/\/doi.org\/10.1007\/978-3-662-45355-1_5"},{"issue":"2","key":"10_CR22","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.ijcip.2011.06.005","volume":"4","author":"T Morris","year":"2011","unstructured":"Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4(2), 88\u2013103 (2011)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"10_CR23","unstructured":"Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In: 7th Annual Southeastern Cyber Security Summit, pp. 3\u20134 (2015)"},{"key":"10_CR24","unstructured":"Morris, T.: Industrial control system (ICS) cyber attack datasets (2015). \nhttps:\/\/sites.google.com\/a\/uah.edu\/tommy-morris-uah\/ics-data-sets"},{"key":"10_CR25","unstructured":"NRF: Singapore, national cybersecurity R&D programme (2013). \nhttps:\/\/www.nrf.gov.sg\/programmes\/national-cybersecurity-r-d-programme"},{"issue":"5","key":"10_CR26","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1061\/(ASCE)WR.1943-5452.0000191","volume":"138","author":"A Ostfeld","year":"2012","unstructured":"Ostfeld, A., et al.: Battle of the water calibration networks. J. Water Resour. Plan. Manag. 138(5), 523\u2013532 (2012)","journal-title":"J. Water Resour. Plan. Manag."},{"issue":"6","key":"10_CR27","doi-asserted-by":"publisher","first-page":"3104","DOI":"10.1109\/TSG.2015.2409775","volume":"6","author":"S Pan","year":"2015","unstructured":"Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104\u20133113 (2015)","journal-title":"IEEE Trans. Smart Grid"},{"key":"10_CR28","unstructured":"Rossman, L.A.: EPANET 2: User Manual (2000)"},{"key":"10_CR29","unstructured":"Symantec: Norton cyber security insights report, global results (2017). \nhttps:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/about\/2017-ncsir-global-results-en.pdf"},{"issue":"5","key":"10_CR30","doi-asserted-by":"publisher","first-page":"04017009","DOI":"10.1061\/(ASCE)WR.1943-5452.0000749","volume":"143","author":"R Taormina","year":"2017","unstructured":"Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Characterizing cyber-physical attacks on water distribution systems. J. Water Resour. Plan. Manag. 143(5), 04017009 (2017)","journal-title":"J. Water Resour. Plan. Manag."},{"issue":"8","key":"10_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1061\/(ASCE)WR.1943-5452.0000969","volume":"144","author":"R Taormina","year":"2018","unstructured":"Taormina, R., et al.: The battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8), 1\u201311 (2018)","journal-title":"J. Water Resour. Plan. Manag."},{"key":"10_CR32","unstructured":"UC Irvine: Machine learning repository (2007). \nhttps:\/\/archive.ics.uci.edu\/ml\/index.php"},{"key":"10_CR33","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1038\/474142a","volume":"174","author":"S Weinberger","year":"2011","unstructured":"Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142\u2013145 (2011)","journal-title":"Nature"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-37670-3_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,4]],"date-time":"2020-09-04T12:15:41Z","timestamp":1599221741000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-37670-3_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,20]]},"ISBN":["9783030376697","9783030376703"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-37670-3_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,12,20]]},"assertion":[{"value":"20 December 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Link\u00f6ping","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/critis2019.on.liu.se\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}