{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T13:32:03Z","timestamp":1780493523014,"version":"3.54.1"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031092336","type":"print"},{"value":"9783031092343","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-09234-3_18","type":"book-chapter","created":{"date-parts":[[2022,6,17]],"date-time":"2022-06-17T07:23:45Z","timestamp":1655450625000},"page":"356-375","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["IPSpex: Enabling Efficient Fuzzing via\u00a0Specification Extraction on\u00a0ICS Protocol"],"prefix":"10.1007","author":[{"given":"Yue","family":"Sun","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shichao","family":"Lv","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jianzhou","family":"You","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuyan","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xin","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yaowen","family":"Zheng","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,6,18]]},"reference":[{"key":"18_CR1","unstructured":"Things you need to know about industrial ethernet. https:\/\/www.fluke.com\/en-us\/learn\/blog\/electrical\/industrial-ethernet"},{"key":"18_CR2","unstructured":"Analysis of the cyber attack on the Ukrainian power grid. https:\/\/ics.sans.org\/media\/E-ISAC_SANS_Ukraine_DUC_5.pdf"},{"key":"18_CR3","unstructured":"Attackers deploy new ICS attack framework \u201ctriton\u201d and cause operational disruption to critical infrastructure. https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/12\/attackers-deploy-new-ics-attack-framework-triton.html"},{"key":"18_CR4","unstructured":"Boofuzz: network protocol fuzzing for humans. https:\/\/boofuzz.readthedocs.io\/en\/stable\/"},{"key":"18_CR5","unstructured":"Customize your PLC applications using CODESYS . https:\/\/www.deif.us\/blog\/posts\/2019\/11\/customise-your-plc-applications-using-codesys?sgm=marine+and+offshore"},{"key":"18_CR6","unstructured":"Disclosed vulnerabilities. https:\/\/talosintelligence.com\/vulnerability_info"},{"key":"18_CR7","unstructured":"Doors of Durin: the veiled gate to Siemens S7 silicon. https:\/\/www.blackhat.com\/eu-19\/briefings\/schedule\/#doors-of-durin-the-veiled-gate-to-siemens-s-silicon-18023"},{"key":"18_CR8","unstructured":"ICS\/SCADA protocol vulnerabilities: CIP (common industrial protocol). https:\/\/www.cyberbit.com\/blog\/ot-security\/scada-vulnerabilities-cip-protocol\/"},{"key":"18_CR9","unstructured":"Industroyer: biggest malware threat to critical infrastructure since Stuxnet. https:\/\/www.eset.com\/int\/industroyer\/"},{"key":"18_CR10","unstructured":"PLC security risk: controller operating systems. https:\/\/www.tofinosecurity.com\/blog\/plc-security-risk-controller-operating-systems"},{"key":"18_CR11","unstructured":"W32.Stuxnet Dossier. https:\/\/en.wikipedia.org\/wiki\/Stuxnet"},{"key":"18_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-030-78375-4_2","volume-title":"Applied Cryptography and Network Security","author":"S Bai","year":"2021","unstructured":"Bai, S., Wen, H., Fang, D., Sun, Y., Liu, P., Sun, L.: DSS: discrepancy-aware seed selection method for ICS protocol fuzzing. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12727, pp. 27\u201348. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78375-4_2"},{"key":"18_CR13","unstructured":"Bies, L.: LibFINS - multi platform MIT licensed FINS library in C. https:\/\/github.com\/lammertb\/libfins"},{"key":"18_CR14","unstructured":"Biham, E., Bitan, S., Carmel, A., Dankner, A., Malin, U., Wool, A.: Rogue 7: Rogue engineering-station attacks on S7 Simatic PLCs. In: Black Hat USA (2019)"},{"key":"18_CR15","doi-asserted-by":"crossref","unstructured":"Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, New York, NY, USA, pp. 621\u2013634. Association for Computing Machinery (2009)","DOI":"10.1145\/1653662.1653737"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, New York, NY, USA, pp. 317\u2013329. Association for Computing Machinery (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"18_CR17","doi-asserted-by":"publisher","unstructured":"Chang, Y., Choi, S., Yun, J.H., Kim, S.: One step more: automatic ICS protocol field analysis. In: D\u2019Agostino, G., Scala, A. (eds.) Critical Information Infrastructures Security, CRITIS 2017. LNCS, vol. 10707. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-99843-5_22","DOI":"10.1007\/978-3-319-99843-5_22"},{"key":"18_CR18","doi-asserted-by":"crossref","unstructured":"Chen, J.: IoTFUZZER: discovering memory corruptions in IoT through app-based fuzzing. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18\u201321 February 2018 (2018)","DOI":"10.14722\/ndss.2018.23159"},{"key":"18_CR19","unstructured":"Clements, A.A., et al.: HALucinator: firmware re-hosting through abstraction layer emulation. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1201\u20131218. USENIX Association (August 2020)"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, New York, NY, USA, pp. 391\u2013402. Association for Computing Machinery (2008)","DOI":"10.1145\/1455770.1455820"},{"key":"18_CR21","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1007\/978-3-319-28865-9_18","volume-title":"Security and Privacy in Communication Networks","author":"H Gascon","year":"2015","unstructured":"Gascon, H., Wressnegger, C., Yamaguchi, F., Arp, D., Rieck, K.: Pulsar: stateful black-box fuzzing of proprietary network protocols. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 330\u2013347. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-28865-9_18"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Gonzalez, D., Alhenaki, F., Mirakhorli, M.: Architectural security weaknesses in industrial control systems (ICS) an empirical study based on disclosed software vulnerabilities. In: IEEE International Conference on Software Architecture, ICSA 2019, Hamburg, Germany, 25\u201329 March 2019, pp. 31\u201340. IEEE (2019)","DOI":"10.1109\/ICSA.2019.00012"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Grandgenett, R., Mahoney, W., Gandhi, R.: Authentication bypass and remote escalated i\/o command attacks. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, CISR 2015, New York, NY, USA. Association for Computing Machinery (2015)","DOI":"10.1145\/2746266.2746268"},{"key":"18_CR24","unstructured":"Gustafson, E., et al.: Toward the analysis of embedded firmware through automated re-hosting. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019, Chaoyang District, Beijing, September 2019, pp. 135\u2013150. USENIX Association (2019)"},{"key":"18_CR25","doi-asserted-by":"crossref","unstructured":"Hu, Z., Shi, J., Huang, Y., Xiong, J., Bu, X.: GANFuzz: A GAN-based industrial network protocol fuzzing framework. In: Proceedings of the 15th ACM International Conference on Computing Frontiers, CF 2018, New York, NY, USA, pp. 138\u2013145. Association for Computing Machinery (2018)","DOI":"10.1145\/3203217.3203241"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Irvene, C., Shekari, T., Formby, D., Beyah, R.: If i knew then what i know now: on reevaluating DNP3 security using power substation traffic. In: Proceedings of the 5th Annual Industrial Control System Security (ICSS) Workshop, ICSS, New York, NY, USA, pp. 48\u201359 (2019)","DOI":"10.1145\/3372318.3372324"},{"key":"18_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/978-3-030-01950-1_32","volume-title":"Information and Communications Security","author":"C Kai","year":"2018","unstructured":"Kai, C., Ning, Z., Liming, W., Zhen, X.: Automatic identification of industrial control network protocol field boundary using memory propagation tree. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 551\u2013565. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-01950-1_32"},{"key":"18_CR28","doi-asserted-by":"publisher","first-page":"4434","DOI":"10.1007\/s11227-017-1980-3","volume":"74","author":"S Kim","year":"2017","unstructured":"Kim, S., Shon, T.: Field classification-based novel fuzzing case generation for ICS protocols. J. Supercomput. 74, 4434\u20134450 (2017)","journal-title":"J. Supercomput."},{"issue":"5s","key":"18_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3358227","volume":"18","author":"Z Luo","year":"2019","unstructured":"Luo, Z., Zuo, F., Jiang, Yu., Gao, J., Jiao, X., Sun, J.: Polar: function code aware fuzz testing of ICS protocol. ACM Trans. Embed. Comput. Syst. 18(5s), 1\u201322 (2019)","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Luo, Z., Zuo, F., Shen, Y., Jiao, X., Chang, W., Jiang, Y.: ICS protocol fuzzing: coverage guided packet crack and generation. In: 2020 57th ACM\/IEEE Design Automation Conference (DAC), pp. 1\u20136 (2020)","DOI":"10.1109\/DAC18072.2020.9218603"},{"issue":"11","key":"18_CR31","doi-asserted-by":"publisher","first-page":"2312","DOI":"10.1109\/TSE.2019.2946563","volume":"47","author":"VM Manes","year":"2021","unstructured":"Manes, V.M., et al.: The art, science, and engineering of fuzzing: a survey. IEEE Trans. Softw. Eng. 47(11), 2312\u20132331 (2021)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"18_CR32","unstructured":"Yang, S., Cheng, M.: Taking apart and taking over ICS-SCADA ecosystems a case study of Mitsubishi electric. In: DEF CON 29 (2021)"},{"key":"18_CR33","unstructured":"Nardella, D.: Step7 open source ethernet communication suite. http:\/\/snap7.sourceforge.net\/"},{"key":"18_CR34","unstructured":"Niedermaier, M., Fischer, F., von Bodisco, A.: PropFuzz - an IT-security fuzzing framework for proprietary ICS protocols. CoRR, abs\/1910.07883 (2019)"},{"key":"18_CR35","unstructured":"Raimbault, S.: A groovy Modbus library. https:\/\/github.com\/stephane\/libmodbus"},{"key":"18_CR36","unstructured":"Rebert, A., et al.: Optimizing seed selection for fuzzing. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, USA, pp. 861\u2013875. USENIX Association (2014)"},{"key":"18_CR37","doi-asserted-by":"crossref","unstructured":"Redini, N., et al.: Diane: identifying fuzzing triggers in apps to generate under-constrained inputs for IoT devices. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 484\u2013500 (2021)","DOI":"10.1109\/SP40001.2021.00066"},{"key":"18_CR38","doi-asserted-by":"publisher","first-page":"e2126","DOI":"10.1002\/nem.2126","volume":"30","author":"K-S Shim","year":"2020","unstructured":"Shim, K.-S., Goo, Y.-H., Lee, M.-S., Kim, M.-S.: Clustering method in protocol reverse engineering for industrial protocols. Int. J. Netw. Manage. 30, e2126 (2020)","journal-title":"Int. J. Netw. Manage."},{"key":"18_CR39","doi-asserted-by":"crossref","unstructured":"Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security (2015)","DOI":"10.6028\/NIST.SP.800-82r2"},{"key":"18_CR40","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1109\/COMST.2018.2872114","volume":"21","author":"A Volkova","year":"2019","unstructured":"Volkova, A., Niedermeier, M., Basmadjian, R., de Meer, H.: Security challenges in control network protocols: a survey. IEEE Commun. Surv. Tut. 21, 619\u2013639 (2019)","journal-title":"IEEE Commun. Surv. Tut."},{"issue":"1","key":"18_CR41","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1109\/COMST.2018.2872114","volume":"21","author":"A Volkova","year":"2019","unstructured":"Volkova, A., Niedermeier, M., Basmadjian, R., de Meer, H.: Security challenges in control network protocols: a survey. IEEE Commun. Surv. Tut. 21(1), 619\u2013639 (2019)","journal-title":"IEEE Commun. Surv. Tut."},{"key":"18_CR42","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1080\/17445760.2019.1655740","volume":"35","author":"X Wang","year":"2020","unstructured":"Wang, X., Lv, K., Li, B.: IPART: an automatic protocol reverse engineering tool based on global voting expert for industrial protocols. Int. J. Parallel Emergent Distrib. Syst. 35, 376\u2013395 (2020)","journal-title":"Int. J. Parallel Emergent Distrib. Syst."},{"key":"18_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/978-3-642-04444-1_13","volume-title":"Computer Security \u2013 ESORICS 2009","author":"Z Wang","year":"2009","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: automatic reverse engineering of encrypted messages. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 200\u2013215. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04444-1_13"},{"key":"18_CR44","doi-asserted-by":"crossref","unstructured":"Ye, Y., Zhang, Z., Wang, F., Zhang, X., Xu, D.: NetPlier: probabilistic network protocol reverse engineering from message traces. In: 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, 21\u201325 February 2021. The Internet Society (2021)","DOI":"10.14722\/ndss.2021.24531"},{"key":"18_CR45","unstructured":"Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: FIRM-AFL: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: 28th USENIX Security Symposium, USENIX Security 19, Santa Clara, CA, August 2019, pp. 1099\u20131114. USENIX Association (2019)"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-09234-3_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,19]],"date-time":"2022-12-19T19:40:30Z","timestamp":1671478830000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-09234-3_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031092336","9783031092343"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-09234-3_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"18 June 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 June 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.google.com\/di.uniroma1.it\/acns2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"185","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.7","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"For the Workshops, 52 papers were submitted, from which 31 were accepted. Additionally they include 5 posters.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}