{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T02:32:41Z","timestamp":1774319561584,"version":"3.50.1"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030935108","type":"print"},{"value":"9783030935115","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-93511-5_8","type":"book-chapter","created":{"date-parts":[[2022,1,4]],"date-time":"2022-01-04T07:02:42Z","timestamp":1641279762000},"page":"155-183","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Communications Validity Detector for SCADA Networks"],"prefix":"10.1007","author":[{"given":"Prashant","family":"Anantharaman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anmol","family":"Chachra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shikhar","family":"Sinha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Millian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bogdan","family":"Copos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean","family":"Smith","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Locasto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,1,4]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"F. Adelstein, Live forensics: Diagnosing your system without killing it first, Communications of the ACM, vol. 49(2), pp. 63\u201366, 2006.","DOI":"10.1145\/1113034.1113070"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"I. Ahmed, S. Obermeier, M. Naedele and G. Richard, SCADA systems: Challenges for forensics investigators, IEEE Computer, vol. 45(12), pp. 44\u201351, 2012.","DOI":"10.1109\/MC.2012.325"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"P. Anantharaman, V. Kothari, J. Brady, I. Jenkins, S. Ali, M. Millian, R. Koppel, J. Blythe, S. Bratus and S. Smith, Mismorphism: The heart of the weird machine, in Security Protocols XXVII, J. Anderson, F. Stajano, B. Christianson and V. Matyas (Eds.), Springer, Cham, Switzerland, pp. 113\u2013124, 2020.","DOI":"10.1007\/978-3-030-57043-9_11"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"P. Anantharaman, K. Palani, R. Brantley, G. Brown, S. Bratus and S. Smith, PhasorSec: Protocol security filters for wide-area measurement systems, Proceedings of the IEEE International Conference on Communications, Control and Computing Technologies for Smart Grids, 2018.","DOI":"10.1109\/SmartGridComm.2018.8587501"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"R. Berthier and W. Sanders, Specification-based intrusion detection for advanced metering infrastructures, Proceedings of the Seventeenth IEEE Pacific Rim International Symposium on Dependable Computing, pp. 184\u2013193, 2011.","DOI":"10.1109\/PRDC.2011.30"},{"key":"8_CR6","unstructured":"D. Bradbury, The \u201cair gap\u201d between IT and OT is disappearing, and we\u2019re not ready to manage the risk, Infosecurity Magazine, February 26, 2019."},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"S. Bratus, A. Crain, S. Hallberg, D. Hirsch, M. Patterson, M. Koo and S. Smith, Implementing a vertically-hardened DNP3 control stack for power applications, Proceedings of the Second Annual Industrial Control System Security Workshop, pp. 45\u201353, 2016.","DOI":"10.1145\/3018981.3018985"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"J. Brenner, Eyes wide shut: The growing threat of cyber attacks on industrial control systems, Bulletin of the Atomic Scientists, vol. 69(5), pp. 15\u201320, 2013.","DOI":"10.1177\/0096340213501372"},{"key":"8_CR9","unstructured":"E. Byers, Cyber security and the pipeline control system, Pipeline and Gas Journal, pp. 58\u201359, February 2009."},{"key":"8_CR10","unstructured":"L. Chang, T. Bryan, A. McKinnon and M. Hadley, Enabling situational awareness in operational technology environments through software-defined networking, Journal of Information Warfare, vol. 18(4), pp. 156\u2013166, 2019."},{"key":"8_CR11","unstructured":"A. Crain and C. Sistrunk, S4x14 Video: Crain\/Sistrunk \u2013 Project Robus, Master Serial Killer, Digital Bond, Sunrise, Florida (dale-peterson.com\/2014\/01\/23\/s4x14-video-crain-sistrunk-project-robus-master-serial-killer), 2014."},{"key":"8_CR12","unstructured":"denandz, fuzzotron: A TCP\/UDP Based Network Daemon Fuzzer, GitHub (github.com\/denandz\/fuzzotron), 2018."},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"P. Eden, A. Blyth, P. Burnap, Y. Cherdantseva, K. Jones and H. Soulsby, A forensic taxonomy of SCADA systems and approach to incident response, Proceedings of the Third International Symposium on ICS and SCADA Cyber Security Research, pp. 42\u201351, 2015.","DOI":"10.14236\/ewic\/ICS2015.5"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"M. Ehrlich, D. Krummacker, C. Fischer, R. Guillaume, S. Perez Olaya, A. Frimpong, H. de Meer, M. Wollschlaeger, H. Schotten and J. Jasperneite, Software-defined networking as an enabler for future industrial network management, Proceedings of the Twenty-Third IEEE International Conference on Emerging Technologies and Factory Automation, pp. 1109\u20131112, 2018.","DOI":"10.1109\/ETFA.2018.8502561"},{"key":"8_CR15","unstructured":"Electricity Information Sharing and Analysis Center, Analysis of the Cyber Attack on the Ukrainian Power Grid, Washington, DC, 2016."},{"key":"8_CR16","unstructured":"N. Falliere, L. O\u2019Murchu and E. Chien, W32.Stuxnet Dossier, Version 1.4, Symantec, Mountain View, California, 2011."},{"key":"8_CR17","unstructured":"A. Fioraldi, D. Maier, H. Eissfeldt and M. Heuse, AFL++: Combining incremental steps of fuzzing research, Proceedings of the Fourteenth USENIX Workshop on Offensive Technologies, 2020."},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"D. Formby, P. Srinivasan, A. Leonard, J. Rogers and R. Beyah, Who\u2019s in control of your control system? Device fingerprinting for cyber-physical systems, Proceedings of the Twenty-Third Annual Network Distributed System Security Symposium, 2016.","DOI":"10.14722\/ndss.2016.23142"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"J. Hong, C. Liu and M. Govindarasu, Integrated anomaly detection for cyber security of substations, IEEE Transactions on Smart Grid, vol. 5(4), pp. 1643\u20131653, 2014.","DOI":"10.1109\/TSG.2013.2294473"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"A. Kalra, D. Dolezilek, J. Mathew, R. Raju, R. Meine and D. Pawar, Using software-defined networking to build modern, secure IEC 61850 based substation automation systems, Proceedings of the Fifteenth International Conference on Developments in Power System Protection, 2020.","DOI":"10.1049\/cp.2020.0128"},{"key":"8_CR21","unstructured":"D. Lee, H. Kim, K. Kim and P. Yoo, Simulated attack on the DNP3 protocol in SCADA systems, Proceedings of the Thirty-First Symposium on Cryptography and Information Security, 2014."},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"L. Maglaras and J. Jiang, Intrusion detection in SCADA systems using machine learning techniques, Proceedings of the Science and Information Conference, pp. 626\u2013631, 2014.","DOI":"10.1109\/SAI.2014.6918252"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"M. Millian, P. Anantharaman, S. Bratus, S. Smith and M. Locasto, Converting an electric power utility network to defend against crafted inputs, in Critical Infrastructure Protection XIII, J. Staggs and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 73\u201385, 2019.","DOI":"10.1007\/978-3-030-34647-8_4"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"M. Naedele, Addressing IT security for critical control systems, Proceedings of the Fortieth Annual Hawaii International Conference on System Sciences, 2007.","DOI":"10.1109\/HICSS.2007.48"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"V. Narayanan and R. Bobba, Learning-based anomaly detection for industrial arm applications, Proceedings of the Workshop on Cyber-Physical Systems Security and Privacy, pp. 13\u201323, 2018.","DOI":"10.1145\/3264888.3264894"},{"key":"8_CR26","unstructured":"National Institute of Standards and Technology, CVE-2020-10613 Detail, National Vulnerability Database, Gathersburg, Maryland (nvd.nist.gov\/vuln\/detail\/CVE-2020-10613), April 22, 2020."},{"key":"8_CR27","unstructured":"Y. Pats, pythonfuzz: Coverage-Guided Fuzz Testing for Python, GitLab (gitlab.com\/gitlab-org\/security-products\/analyzers\/fuzzers\/pythonfuzz), 2020."},{"key":"8_CR28","unstructured":"M. Patterson, Hammer, GitLab (gitlab.special-circumstanc.es\/hammer\/hammer), 2020."},{"key":"8_CR29","unstructured":"N. Perlroth and C. Krauss, A cyberattack in Saudi Arabia had a deadly goal. Experts fear another try, New York Times, March 15, 2018."},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"W. Ren, T. Yardley and K. Nahrstedt, EDMAND: Edge-based multilevel anomaly detection for SCADA networks, Proceedings of the IEEE International Conference on Communications, Control and Computing Technologies for Smart Grids, 2018.","DOI":"10.1109\/SmartGridComm.2018.8587533"},{"key":"8_CR31","unstructured":"Step Function I\/O, Aegis Fuzzer, Bend, Oregon (stepfunc.io\/products\/aegis-fuzzer), 2021."},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"F. Tacliad, T. Nguyen and M. Gondree, DoS exploitation of Allen-Bradley\u2019s legacy protocol through fuzz testing, Proceedings of the Third Annual Industrial Control System Security Workshop, pp. 24\u201331, 2017.","DOI":"10.1145\/3174776.3174780"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"D. Urbina, J. Giraldo, A. Cardenas, N. Tippenhauer, J. Valente, M. Faisal, J. Ruths, R. Candell and H. Sandberg, Limiting the impact of stealthy attacks on industrial control systems, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1092\u20131105, 2016.","DOI":"10.1145\/2976749.2978388"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"V. Urias, W. Stout and B. Van Leeuwen, On the feasibility of generating deception environments for industrial control systems, presented at the IEEE International Symposium on Technologies for Homeland Security, 2018.","DOI":"10.1109\/THS.2018.8574141"},{"key":"8_CR35","unstructured":"C. Valli, SCADA forensics with Snort IDS, Proceedings of the International Conference on Security and Management, pp. 618\u2013621, 2009."},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"R. van der Knijff, Control systems\/SCADA forensics, what\u2019s the difference? Digital Investigation, vol. 11(3), pp. 160\u2013174, 2014.","DOI":"10.1016\/j.diin.2014.06.007"},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"J. Verba and M. Milvich, Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS), Proceedings of the IEEE Conference on Technologies for Homeland Security, pp. 469\u2013473, 2008.","DOI":"10.1109\/THS.2008.4534498"},{"key":"8_CR38","unstructured":"C. Wright, Forensics management, in Handbook of SCADA\/Control Systems Security, R. Radvanovsky and J. Brodsky (Eds.), CRC Press, Boca Raton, Florida, pp. 169\u2013200, 2016."},{"key":"8_CR39","unstructured":"T. Yardley, Building a physical testbed for black start restoration, presented at the ICS Village at DEF CON Safe Mode, 2020."},{"key":"8_CR40","doi-asserted-by":"crossref","unstructured":"B. Zhu, A. Joseph and S. Sastry, A taxonomy of cyber attacks on SCADA systems, Proceedings of the International Conference on Internet of Things and Fourth International Conference on Cyber, Physical and Social Computing, pp. 380\u2013388, 2011.","DOI":"10.1109\/iThings\/CPSCom.2011.34"},{"key":"8_CR41","unstructured":"B. Zhu and S. Sastry, SCADA-specific intrusion detection\/prevention systems: A survey and taxonomy, Proceedings of the First Workshop on Secure Control Systems, 2010."}],"container-title":["IFIP Advances in Information and Communication Technology","Critical Infrastructure Protection XV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-93511-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T01:02:20Z","timestamp":1767488540000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-93511-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030935108","9783030935115"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-93511-5_8","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"4 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Infrastructure Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 March 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 March 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccip2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip1110.org\/Conferences\/2021conferenceinformation.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}