{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T14:26:22Z","timestamp":1769351182549,"version":"3.49.0"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030935108","type":"print"},{"value":"9783030935115","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-93511-5_4","type":"book-chapter","created":{"date-parts":[[2022,1,4]],"date-time":"2022-01-04T07:02:42Z","timestamp":1641279762000},"page":"73-95","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Attacking the IEC 61131 Logic Engine in Programmable Logic Controllers"],"prefix":"10.1007","author":[{"given":"Syed Ali","family":"Qasim","sequence":"first","affiliation":[]},{"given":"Adeen","family":"Ayub","sequence":"additional","affiliation":[]},{"given":"Jordan","family":"Johnson","sequence":"additional","affiliation":[]},{"given":"Irfan","family":"Ahmed","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,4]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"H. Adjei, T. Shunhua, G. Agordzo, Y. Li, G. Peprah and E. Gyarteng, SSL stripping technique (DHCP snooping and ARP spoofing inspection), Proceedings of the Twenty-Third International Conference on Advanced Communications Technology, pp. 187\u2013193, 2021.","DOI":"10.23919\/ICACT51234.2021.9370460"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"I. Ahmed, S. Obermeier, M. Naedele and G. Richard III, SCADA systems: Challenges for forensic investigators, IEEE Computer, vol. 45(12), pp. 44\u201351, 2012.","DOI":"10.1109\/MC.2012.325"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"I. Ahmed, S. Obermeier, S. Sudhakaran and V. Roussev, Programmable logic controller forensics, IEEE Security and Privacy, vol. 15(6), pp. 18\u201324, 2017.","DOI":"10.1109\/MSP.2017.4251102"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"I. Ahmed, V. Roussev, W. Johnson, S. Senthivel and S. Sudhakaran, A SCADA system testbed for cybersecurity and forensic research and pedagogy, Proceedings of the Second Annual Industrial Control System Security Workshop, pp. 1\u20139, 2016.","DOI":"10.1145\/3018981.3018984"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"A. Ayub, H. Yoo and I. Ahmed, Empirical study of PLC authentication protocols in industrial control systems, Proceedings of the IEEE Security and Privacy Workshops, pp. 383\u2013397, 2021.","DOI":"10.1109\/SPW53761.2021.00058"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"S. Bhatia, S. Behal and I. Ahmed, Distributed denial-of-service attacks and defense mechanisms: Current landscape and future directions, in Versatile Cybersecurity, M. Conti, G. Somani and R. Poovendran (Eds.), Springer, Cham, Switzerland, pp. 55\u201397, 2018.","DOI":"10.1007\/978-3-319-97643-3_3"},{"key":"4_CR7","doi-asserted-by":"crossref","unstructured":"T. Chen and S. Abu-Nimeh, Lessons from Stuxnet, IEEE Computer, vol. 44(4), pp. 91\u201393, 2011.","DOI":"10.1109\/MC.2011.115"},{"key":"4_CR8","unstructured":"Ettercap Project, Ettercap (www.ettercap-project.org), 2021."},{"key":"4_CR9","unstructured":"N. Falliere, L. O\u2019Murchu and E. Chien, W32.Stuxnet Dossier, Version 1.4, Symantec, Mountain View, California, 2011."},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"L. Garcia, F. Brasser, M. Cintuglu, A. Sadeghi, O. Mohammed and S. Zonouz, Hey, my malware knows physics! Attacking PLCs with a physical-model-aware rootkit, Proceedings of the Twenty-Fourth Annual Network and Distributed System Security Symposium, 2017.","DOI":"10.14722\/ndss.2017.23313"},{"key":"4_CR11","unstructured":"N. Govil, A. Agrawai and N. Tippenhauer, On ladder logic bombs in industrial control systems, in Computer Security, S. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, C. Kalloniatis, J. Mylopoulos, A. Anton and S. Gritzalis (Eds.), Springer, Cham, Switzerland, pp. 110\u2013126, 2018."},{"key":"4_CR12","unstructured":"R. Johnson, Survey of SCADA security challenges and potential attack vectors, Proceedings of the International Conference on Internet Technology and Secured Transactions, 2010."},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"S. Kalle, N. Ameen, H. Yoo and I. Ahmed, CLIK on PLCs! Attacking control logic with decompilation and virtual PLCs, Proceedings of the Network and Distributed System Security Symposium Workshop on Binary Analysis Research, 2019.","DOI":"10.14722\/bar.2019.23074"},{"key":"4_CR14","unstructured":"N. Kush, E. Foo, E. Ahmed, I. Ahmed and A. Clark, Gap analysis of intrusion detection in smart grids, Proceedings of the Second International Cyber Resilience Conference, pp. 38\u201346, 2011."},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"S. McLaughlin and P. McDaniel, SABOT: Specification-based payload generation for programmable logic controllers, Proceedings of the ACM Conference on Computer and Communications Security, pp. 439\u2013449, 2012.","DOI":"10.1145\/2382196.2382244"},{"key":"4_CR16","unstructured":"MITRE Corporation, ATT&CK for Industrial Control Systems, Bedford, Massachusetts (collaborate.mitre.org\/attackics\/index.php\/Main_Page), 2021."},{"key":"4_CR17","unstructured":"Office of Electricity Delivery and Energy Reliability, exe-GUARD, DOE\/OE-0009, U.S. Department of Energy, Washington, DC (www.energy.gov\/sites\/prod\/files\/2017\/04\/f34\/SEL_Exe-guard_FactSheet.pdf), 2012."},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"S. Qasim, J. Lopez and I. Ahmed, Automated reconstruction of control logic for programmable logic controller forensics, in Information Security, Z. Lin, C. Papamanthou and M. Polychronakis (Eds.), Springer, Cham, Switzerland, pp. 402\u2013422, 2019.","DOI":"10.1007\/978-3-030-30215-3_20"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"S. Qasim, J. Smith and I. Ahmed, Control logic forensics framework using a built-in decompiler of engineering software in industrial control systems, Forensic Science International: Digital Investigation, vol. 33(S), article no. 301013, 2020.","DOI":"10.1016\/j.fsidi.2020.301013"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"M. Rais, R. Awad, J. Lopez and I. Ahmed, JTAG-based PLC memory acquisition framework for industrial control systems, Forensic Science International: Digital Investigation, vol. 37(S), article no. 301196, 2021.","DOI":"10.1016\/j.fsidi.2021.301196"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"M. Rais, Y. Li and I. Ahmed, Spatiotemporal G-code modeling for secure FDM-based 3D printing, Proceedings of the Twelfth ACM\/IEEE International Conference on Cyber-Physical Systems, pp. 177\u2013186, 2021.","DOI":"10.1145\/3450267.3450545"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"C. Schuett, J. Butts and S. Dunlap, An evaluation of modification attacks on programmable logic controllers, International Journal of Critical Infrastructure Protection, vol. 7(1), pp. 61\u201368, 2014.","DOI":"10.1016\/j.ijcip.2014.01.004"},{"key":"4_CR23","unstructured":"Schweitzer Engineering Laboratories, SEL-3505\/SEL-3505-3 Real-Time Automation Controller (RTAC), Pullman, Washington (selinc.com\/products\/3505), 2021."},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"S. Senthivel, I. Ahmed and V. Roussev, SCADA network forensics of the PCCC protocol, Digital Investigation, vol. 22(S), pp. S57\u2013S65, 2017.","DOI":"10.1016\/j.diin.2017.06.012"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"S. Senthivel, S. Dhungana, H. Yoo, I. Ahmed and V. Roussev, Denial of engineering operations attacks on industrial control systems, Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 319\u2013329, 2018.","DOI":"10.1145\/3176258.3176319"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"R. Sun, A. Mera, L. Lu and D. Choffnes, SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses, arxiv.org\/abs\/2006.04806, 2020.","DOI":"10.1109\/EuroSP51992.2021.00034"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"H. Yoo and I. Ahmed, Control logic injection attacks on industrial control systems, in ICT Systems Security and Privacy Protection, G. Dhillon, F. Karlsson, K. Hedstrom and A. Zuquete (Eds.), Springer, Cham, Switzerland, pp. 33\u201348, 2019.","DOI":"10.1007\/978-3-030-22312-0_3"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"H. Yoo, S. Kalle, J. Smith and I. Ahmed, Overshadow PLC to detect remote control logic injection attacks, in Detection of Intrusions and Malware, and Vulnerability Assessment, R. Perdisci, C. Maurice, G. Giacinto and M. Almgren (Eds.), Springer, Cham, Switzerland, pp. 109\u2013132, 2019.","DOI":"10.1007\/978-3-030-22038-9_6"}],"container-title":["IFIP Advances in Information and Communication Technology","Critical Infrastructure Protection XV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-93511-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T01:02:18Z","timestamp":1767488538000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-93511-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030935108","9783030935115"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-93511-5_4","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"4 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Infrastructure Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccip2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip1110.org\/Conferences\/2021conferenceinformation.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}