{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T11:26:23Z","timestamp":1777893983974,"version":"3.51.4"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030954833","type":"print"},{"value":"9783030954840","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-95484-0_29","type":"book-chapter","created":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:05:46Z","timestamp":1644228346000},"page":"496-511","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["The Rise of ICS Malware: A Comparative Analysis"],"prefix":"10.1007","author":[{"given":"Yassine","family":"Mekdad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giuseppe","family":"Bernieri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdeslam","family":"El Fergougui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,8]]},"reference":[{"key":"29_CR1","unstructured":"Malware in Modern ICS: Understanding Impact While Avoiding Hype. https:\/\/www.powermag.com\/malware-in-modern-ics-understanding-impact-while-avoiding-hype\/"},{"key":"29_CR2","series-title":"Advanced Sciences and Technologies for Security Applications","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-030-00024-0_11","volume-title":"Critical Infrastructure Security and Resilience","author":"C Alcaraz","year":"2019","unstructured":"Alcaraz, C.: Secure interconnection of IT-OT networks in industry 4.0. In: Gritzalis, D., Theocharidou, M., Stergiopoulos, G. (eds.) Critical Infrastructure Security and Resilience. ASTSA, pp. 201\u2013217. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-00024-0_11"},{"key":"29_CR3","volume-title":"Mitre ATT&Ck\u00ae for Industrial Control Systems: Design and Philosophy","author":"O Alexander","year":"2020","unstructured":"Alexander, O., Belisle, M., Steele, J.: Mitre ATT&Ck\u00ae for Industrial Control Systems: Design and Philosophy. The MITRE Corporation, Bedford (2020)"},{"key":"29_CR4","doi-asserted-by":"crossref","unstructured":"Alladi, T., Chamola, V., Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155, 1\u20138 (2020)","DOI":"10.1016\/j.comcom.2020.03.007"},{"issue":"1","key":"29_CR5","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1080\/23742917.2016.1252211","volume":"1","author":"UPD Ani","year":"2017","unstructured":"Ani, U.P.D., He, H.M., Tiwari, A.: Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. J. Cyber Secur. Technol. 1(1), 32\u201374 (2017). https:\/\/doi.org\/10.1080\/23742917.2016.1252211. https:\/\/www.tandfonline.com\/doi\/abs\/10.1080\/23742917.2016.1252211","journal-title":"J. Cyber Secur. Technol."},{"key":"29_CR6","unstructured":"Assante, M., Lee, R.: Information Security Reading Room The Industrial Control System Cyber Kill Chain. Sans Institute, pp. 1\u201322 (2015). www.lockheedmartin.com\/content\/dam\/lockheed\/data\/corporate\/documents\/LM-White-Paper-Intel-Driven-Defense.pdf"},{"key":"29_CR7","unstructured":"Bremer, J.: Cuckoo Sandbox - open source automated malware analysis (2013). https:\/\/media.blackhat.com\/us-13\/US-13-Bremer-Mo-Malware-Mo-Problems-Cuckoo-Sandbox-WP.pdf"},{"key":"29_CR8","unstructured":"Byrum, S.: InfoSec Reading Room the Impact of the Sarbanes Oxley Act on IT (2003). https:\/\/www.sans.org\/reading-room\/whitepapers\/casestudies\/impact-sarbanes-oxley-act-security-1344"},{"issue":"4","key":"29_CR9","doi-asserted-by":"publisher","first-page":"472","DOI":"10.4006\/1.3626801","volume":"24","author":"ME De Souza","year":"2011","unstructured":"De Souza, M.E.: An alternative to the variation of the fine structure constant. Phys. Essays 24(4), 472\u2013474 (2011)","journal-title":"Phys. Essays"},{"key":"29_CR10","unstructured":"Dragos: The ICS Landscape and Threat Activity Groups, pp. 11\u201345 (2020), https:\/\/dragos.com\/wp-content\/uploads\/The-ICS-Threat-Landscape.pdf"},{"key":"29_CR11","unstructured":"Dragos Inc.: CRASHOVERRIDE: Analysis of the Threat to Electric Grid Operations. Technical report (2017). https:\/\/www.dragos.com\/wp-content\/uploads\/CrashOverride-01.pdf"},{"key":"29_CR12","unstructured":"Dragos Inc.: TRISIS Malware-Analysis of Safety System Targeted Malware. Dragos, pp. 1\u201319 (2017). https:\/\/www.energy.senate.gov\/public\/index.cfm\/files\/serve?File_id=40B2ED59-D34E-47C3-B9E2-1E8D030C5748"},{"key":"29_CR13","doi-asserted-by":"publisher","unstructured":"Drias, Z., Serhrouchni, A., Vogel, O.: Analysis of cyber security for industrial control systems. In: 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2015 - Proceedings (2015). https:\/\/doi.org\/10.1109\/SSIC.2015.7245330. https:\/\/ieeexplore.ieee.org\/abstract\/document\/7245330\/","DOI":"10.1109\/SSIC.2015.7245330"},{"key":"29_CR14","unstructured":"Fabro, M.: Control Systems Cyber Security: Defense-in- Depth Strategies Control. Idaho National Laboratory, USA, pp. 1\u201330, May 2007. https:\/\/www.osti.gov\/biblio\/923499"},{"key":"29_CR15","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32. Stuxnet Dossier, Symantec Security Response, Version 1.4, February 2011. Symantec Security Response 4 February, pp. 1\u201369 (2011), 20 September 2015"},{"key":"29_CR16","doi-asserted-by":"publisher","unstructured":"Geiger, M., Bauer, J., Masuch, M., Franke, J.: An analysis of black energy 3, Crashoverride, and Trisis, three malware approaches targeting operational technology systems. In: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA 2020, September, pp. 1537\u20131543 (2020). https:\/\/doi.org\/10.1109\/ETFA46521.2020.9212128","DOI":"10.1109\/ETFA46521.2020.9212128"},{"key":"29_CR17","unstructured":"Ginter, A.: The Top 20 Cyber Attacks Against Industrial Control Systems. Waterfall, stronger than firewalls, May, p. 3 (2018). https:\/\/waterfall-security.com\/20-attacks\/"},{"key":"29_CR18","doi-asserted-by":"crossref","unstructured":"Hemsley, K.E., Fisher, E.: History of Industrial Control System Cyber Incidents. INL\/CON-18-44411-Revision-2, December, pp. 1\u201337 (2018). https:\/\/www.osti.gov\/servlets\/purl\/1505628","DOI":"10.2172\/1505628"},{"key":"29_CR19","unstructured":"Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: 6th International Conference on Information Warfare and Security, ICIW 2011, July 2005, pp. 113\u2013125 (2011)"},{"key":"29_CR20","unstructured":"Kaspersky Lab: Threat Landscape for Industrial Automation Systems in H1 2020. ICS Cert, pp. 1\u201327 (2020). https:\/\/ics-cert.kaspersky.com\/reports\/2020\/09\/24\/threat-landscape-for-industrial-automation-systems-h1-2020\/#_Toc49782409"},{"key":"29_CR21","unstructured":"Lab, K.: Threat landscape for industrial automation systems in the second half of 2020. AO Kaspersky Lab, 1997\u20132017, pp. 1\u201312 (2021). https:\/\/ics-cert.kaspersky.com\/wp-content\/uploads\/sites\/6\/2017\/03\/KL-ICS-CERT_H2-2016_report_FINAL_EN.pdf"},{"key":"29_CR22","doi-asserted-by":"crossref","unstructured":"Mekdad, Y., Bernieri, G., Conti, M., Fergougui, A.E.: A threat model method for ICS malware: the TRISIS case. In: Proceedings of the 18th ACM International Conference on Computing Frontiers, pp. 221\u2013228 (2021)","DOI":"10.1145\/3457388.3458868"},{"key":"29_CR23","first-page":"1","volume":"1","author":"L Obregon","year":"2020","unstructured":"Obregon, L.: Information security reading room secure architecture for industrial control systems. SANS Instit. InfoSec GIAC (GSEC) Gold Certification 1, 1\u201327 (2020)","journal-title":"SANS Instit. InfoSec GIAC (GSEC) Gold Certification"},{"issue":"5","key":"29_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3329786","volume":"52","author":"O Or-Meir","year":"2019","unstructured":"Or-Meir, O., Nissim, N., Elovici, Y., Rokach, L.: Dynamic malware analysis in the modern era\u2013a state of the art survey. ACM Comput. Surv. 52(5), 1\u201348 (2019). https:\/\/doi.org\/10.1145\/3329786","journal-title":"ACM Comput. Surv."},{"key":"29_CR25","unstructured":"Rrushi, J., Farhangi, H., Howey, C., Carmichael, K., Dabell, J.: A Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin, December 2015. https:\/\/pdfs.semanticscholar.org\/18df\/43ef1690b0fae15a36f770001160aefbc6c5.pdf"},{"key":"29_CR26","unstructured":"Shrivastava, S.: Analysis Report BlackEnergy-Malware for Cyber-Physical Attacks Malware for Cyber-Physical Attacks, May 2016. http:\/\/itrust.sutd.edu.sg"},{"key":"29_CR27","unstructured":"Slowik, J.: Anatomy of an attack: Detecting and defeating Crashoverride. Virus Bulletin 2018 Montreal, June 2017, pp. 1\u201323 (2018). https:\/\/www.virusbulletin.com\/uploads\/pdf\/magazine\/2018\/VB2018-Slowik.pdf"},{"key":"29_CR28","unstructured":"Slowik, J.: Evolution of ICS Attacks and the Prospects for Future Disruptive Events. Ph.D. thesis (2019). https:\/\/www.dragos.com\/resource\/evolution-of-ics-attacks-and-the-prospects-for-future-disruptive-events\/"},{"issue":"2\u20133","key":"29_CR29","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1016\/0166-3615(94)90017-5","volume":"24","author":"TJ Williams","year":"1994","unstructured":"Williams, T.J.: The Purdue enterprise reference architecture. Comput. Ind. 24(2\u20133), 141\u2013158 (1994). https:\/\/doi.org\/10.1016\/0166-3615(94)90017-5","journal-title":"Comput. Ind."},{"key":"29_CR30","volume-title":"Countdown to Zero Day: Stuxnet and the Launch of the World\u2019s First Digital Weapon","author":"K Zetter","year":"2014","unstructured":"Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World\u2019s First Digital Weapon. Broadway Books, New York (2014)"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2021 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-95484-0_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:09:58Z","timestamp":1644228598000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-95484-0_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030954833","9783030954840"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-95484-0_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2021.athene-center.de\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"351","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.07","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6.06","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}