{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:12:28Z","timestamp":1758816748040,"version":"3.40.3"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031514753"},{"type":"electronic","value":"9783031514760"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51476-0_6","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:29Z","timestamp":1704870149000},"page":"102-122","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["One IDS Is Not Enough! Exploring Ensemble Learning for\u00a0Industrial Intrusion Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7571-0555","authenticated-orcid":false,"given":"Konrad","family":"Wolsing","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9375-9643","authenticated-orcid":false,"given":"Dominik","family":"Kus","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3211-1015","authenticated-orcid":false,"given":"Eric","family":"Wagner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0398-6904","authenticated-orcid":false,"given":"Jan","family":"Pennekamp","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7252-4186","authenticated-orcid":false,"given":"Klaus","family":"Wehrle","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8717-2523","authenticated-orcid":false,"given":"Martin","family":"Henze","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Ahmed, C., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: CySWATER (2017)","DOI":"10.1145\/3055366.3055375"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, C.M., Raman, M.R.G., Mathur, A.P.: Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In: ACM CPSS (2020)","DOI":"10.1145\/3384941.3409588"},{"key":"6_CR3","doi-asserted-by":"publisher","first-page":"83965","DOI":"10.1109\/ACCESS.2020.2992249","volume":"8","author":"A Al-Abassi","year":"2020","unstructured":"Al-Abassi, A., et al.: An ensemble deep learning-based cyber-attack detection in industrial control system. IEEE Access 8, 83965\u201383973 (2020)","journal-title":"IEEE Access"},{"key":"6_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.comcom.2020.03.007","volume":"155","author":"T Alladi","year":"2020","unstructured":"Alladi, T., Chamola, V., Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155, 1\u20138 (2020)","journal-title":"Comput. Commun."},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Aoudi, W., Iturbe, M., Almgren, M.: Truth will out: departure-based process-level detection of stealthy attacks on control systems. In: ACM CCS (2018)","DOI":"10.1145\/3243734.3243781"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Bader, L., et al.: Comprehensively analyzing the impact of cyberattacks on power grids. In: IEEE EuroS &P (2023)","DOI":"10.1109\/EuroSP57164.2023.00066"},{"key":"6_CR7","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-030-93200-8_2","volume-title":"Critical Information Infrastructures Security","author":"M Balaji","year":"2021","unstructured":"Balaji, M., et al.: Super detector: an ensemble approach for anomaly detection in industrial control systems. In: Percia David, D., Mermoud, A., Maillart, T. (eds.) CRITIS. LNCS, vol. 13139, pp. 24\u201343. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-93200-8_2"},{"issue":"3","key":"6_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1\u201358 (2009)","journal-title":"ACM Comput. Surv."},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Chen, X., et al.: Ensemble learning methods for power system cyber-attack detection. In: IEEE ICCCBDA (2018)","DOI":"10.1109\/ICCCBDA.2018.8386588"},{"issue":"4","key":"6_CR10","doi-asserted-by":"publisher","first-page":"2248","DOI":"10.1109\/COMST.2021.3094360","volume":"23","author":"M Conti","year":"2021","unstructured":"Conti, M., Donadel, D., Turrin, F.: A survey on industrial control system testbeds and datasets for security research. IEEE Commun. Surv. Tutor. 23(4), 2248\u20132294 (2021)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"6_CR11","doi-asserted-by":"publisher","first-page":"1674","DOI":"10.1016\/j.neucom.2017.10.009","volume":"275","author":"D Ding","year":"2018","unstructured":"Ding, D., et al.: A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275, 1674\u20131683 (2018)","journal-title":"Neurocomputing"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Erba, A., Tippenhauer, N.O.: Assessing model-free anomaly detection in industrial control systems against generic concealment attacks. In: ACSAC (2022)","DOI":"10.1145\/3564625.3564633"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Etalle, S.: From intrusion detection to software design. In: ESORICS, vol. 10492 (2017)","DOI":"10.1007\/978-3-319-66402-6_1"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Feng, C., et al.: A systematic framework to generate invariants for anomaly detection in industrial control systems. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23265"},{"key":"6_CR15","unstructured":"Fraunhofer FKIE-CAD: IPAL - Industrial Intrusion Detection Framework. https:\/\/github.com\/fkie-cad\/ipal_ids_framework (2021)"},{"issue":"2","key":"6_CR16","doi-asserted-by":"publisher","first-page":"951","DOI":"10.1109\/JIOT.2020.3009180","volume":"8","author":"J Gao","year":"2021","unstructured":"Gao, J., et al.: Omni SCADA intrusion detection using deep learning algorithms. IEEE Internet Things J. 8(2), 951\u2013961 (2021)","journal-title":"IEEE Internet Things J."},{"key":"6_CR17","unstructured":"Gensler, A., Sick, B.: Novel criteria to measure performance of time series segmentation techniques. In: KDML (2014)"},{"issue":"4","key":"6_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3203245","volume":"51","author":"J Giraldo","year":"2018","unstructured":"Giraldo, J., et al.: A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51(4), 1\u201336 (2018)","journal-title":"ACM Comput. Surv."},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Goh, J., et al.: A dataset to support research in the design of secure water treatment systems. In: CRITIS (2016)","DOI":"10.1007\/978-3-319-71368-7_8"},{"key":"6_CR20","doi-asserted-by":"crossref","unstructured":"Hwang, W.S., et al.: Do you know existing accuracy metrics overrate time-series anomaly detections?. In: ACM SAC (2022)","DOI":"10.1145\/3477314.3507024"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Kavallieratos, G., Katsikas, S.K., Gkioulos, V.: Towards a cyber-physical range. In: CPSS (2019)","DOI":"10.1145\/3327961.3329532"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Kim, J., Yun, J.H., Kim, H.C.: Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In: CyberICPS (2020)","DOI":"10.1007\/978-3-030-42048-2_1"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Kumar, A., Saxena, N., Choi, B.J.: Machine learning algorithm for detection of false data injection attack in power system. In: ICOIN (2021)","DOI":"10.1109\/ICOIN50884.2021.9333913"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Kus, D., et al.: A false sense of security? revisiting the state of machine learning-based industrial intrusion detection. In: ACM CPSS (2022)","DOI":"10.1145\/3494107.3522773"},{"key":"6_CR25","unstructured":"Kus, D., et al.: Poster: ensemble learning for industrial intrusion detection. Technical report, RWTH-2022-10809, RWTH Aachen University (2022)"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Lee, J.J., et al.: AdaBoost for text detection in natural scene. In: ICDAR (2011)","DOI":"10.1109\/ICDAR.2011.93"},{"key":"6_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.energy.2020.119505","volume":"218","author":"Y Li","year":"2021","unstructured":"Li, Y., et al.: Intrusion detection of cyber physical energy system based on multivariate ensemble classification. Energy 218, 119505 (2021)","journal-title":"Energy"},{"key":"6_CR28","unstructured":"Liaw, R., et al.: Tune: a research platform for distributed model selection and training. arXiv:1807.05118 (2018)"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Lin, Q., et al.: TABOR: a graphical model-based approach for anomaly detection in industrial control systems. In: ACM ASIACCS (2018)","DOI":"10.1145\/3196494.3196546"},{"issue":"4","key":"6_CR30","doi-asserted-by":"publisher","first-page":"72","DOI":"10.3390\/bdcc5040072","volume":"5","author":"MHL Louk","year":"2021","unstructured":"Louk, M.H.L., Tama, B.A.: Exploring ensemble-based class imbalance learners for intrusion detection in industrial control networks. Big Data Cogn. Comput. 5(4), 72 (2021)","journal-title":"Big Data Cogn. Comput."},{"key":"6_CR31","first-page":"15","volume":"30","author":"LA Maglaras","year":"2016","unstructured":"Maglaras, L.A., Jiang, J., Cruz, T.J.: Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems. J. Inf. Secur. 30, 15\u201326 (2016)","journal-title":"J. Inf. Secur."},{"issue":"1","key":"6_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2379776.2379786","volume":"45","author":"J Mendes-Moreira","year":"2012","unstructured":"Mendes-Moreira, J., et al.: Ensemble approaches for regression: a survey. ACM Comput. Surv. 45(1), 1\u201340 (2012)","journal-title":"ACM Comput. Surv."},{"issue":"4","key":"6_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2542049","volume":"46","author":"R Mitchell","year":"2014","unstructured":"Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 1\u201329 (2014)","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"6_CR34","doi-asserted-by":"publisher","first-page":"119","DOI":"10.11591\/eei.v11i1.3334","volume":"11","author":"DD Nguyen","year":"2022","unstructured":"Nguyen, D.D., Le, M.T., Cung, T.L.: Improving intrusion detection in SCADA systems using stacking ensemble of tree-based models. Bull. Electr. Eng. Inform. 11(1), 119\u2013127 (2022)","journal-title":"Bull. Electr. Eng. Inform."},{"issue":"2","key":"6_CR35","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1109\/TDSC.2015.2443793","volume":"13","author":"S Ponomarev","year":"2015","unstructured":"Ponomarev, S., Atkison, T.: Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13(2), 252\u2013260 (2015)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"6_CR36","doi-asserted-by":"crossref","unstructured":"Radoglou-Grammatikis, P., et al.: DIDEROT: an intrusion detection and prevention system for DNP3-based SCADA systems. In: ARES (2020)","DOI":"10.1145\/3407023.3409314"},{"issue":"1\u20132","key":"6_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10462-009-9124-7","volume":"33","author":"L Rokach","year":"2010","unstructured":"Rokach, L.: Ensemble-based classifiers. Artif. Intell. Rev. 33(1\u20132), 1\u201339 (2010)","journal-title":"Artif. Intell. Rev."},{"issue":"4","key":"6_CR38","doi-asserted-by":"publisher","DOI":"10.1002\/widm.1249","volume":"8","author":"O Sagi","year":"2018","unstructured":"Sagi, O., Rokach, L.: Ensemble learning: a survey. WIREs Data Min. Knowl. Discov. 8(4), e1249 (2018)","journal-title":"WIREs Data Min. Knowl. Discov."},{"key":"6_CR39","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1016\/j.inffus.2018.12.003","volume":"52","author":"M Singh","year":"2019","unstructured":"Singh, M., Singh, R., Ross, A.: A comprehensive overview of biometric fusion. Inf. Fusion 52, 187\u2013205 (2019)","journal-title":"Inf. Fusion"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: IEEE SP (2010)","DOI":"10.1109\/SP.2010.25"},{"key":"6_CR41","unstructured":"Stallings, W., Brown, L.: Computer Security: Principles and Practice, 4th edn. Pearson (2021)"},{"key":"6_CR42","doi-asserted-by":"crossref","unstructured":"Teixeira, A., et al.: Attack models and scenarios for networked control systems. In: HiCoNS (2012)","DOI":"10.1145\/2185505.2185515"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Torrey, L., Shavlik, J.: Transfer Learning, chap. 11. IGI Global (2010)","DOI":"10.4018\/978-1-60566-766-9.ch011"},{"issue":"3","key":"6_CR44","doi-asserted-by":"publisher","first-page":"2559","DOI":"10.1109\/TNSE.2021.3099371","volume":"8","author":"D Upadhyay","year":"2021","unstructured":"Upadhyay, D., et al.: Intrusion detection in SCADA based power grids: recursive feature elimination model with majority vote ensemble algorithm. IEEE Trans. Netw. Sci. Eng. 8(3), 2559\u20132574 (2021)","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"6_CR45","volume-title":"Artifact: One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection","author":"K Wolsing","year":"2023","unstructured":"Wolsing, K., et al.: Artifact: One IDS is not Enough! Exploring Ensemble Learning for Industrial Intrusion Detection. Zenodo (2023)"},{"key":"6_CR46","doi-asserted-by":"crossref","unstructured":"Wolsing, K., et al.: Can industrial intrusion detection be SIMPLE? In: ESORICS (2022)","DOI":"10.1007\/978-3-031-17143-7_28"},{"key":"6_CR47","doi-asserted-by":"crossref","unstructured":"Wolsing, K., et al.: IPAL: breaking up silos of protocol-dependent and domain-specific industrial intrusion detection systems. In: RAID (2022)","DOI":"10.1145\/3545948.3545968"},{"issue":"1","key":"6_CR48","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1016\/j.dcan.2022.09.008","volume":"9","author":"A Yazdinejad","year":"2023","unstructured":"Yazdinejad, A., et al.: An ensemble deep learning model for cyber threat hunting in industrial internet of things. Digit. Commun. Netw. 9(1), 101\u2013110 (2023)","journal-title":"Digit. Commun. Netw."},{"key":"6_CR49","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-9326-7","volume-title":"Ensemble Machine Learning: Methods and Applications","author":"C Zhang","year":"2012","unstructured":"Zhang, C., Ma, Y.: Ensemble Machine Learning: Methods and Applications, 1st edn. Springer, Cham (2012)","edition":"1"},{"key":"6_CR50","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.isatra.2021.01.036","volume":"116","author":"D Zhang","year":"2021","unstructured":"Zhang, D., et al.: A survey on attack detection, estimation and control of industrial cyber-physical systems. ISA Trans. 116, 1\u201316 (2021)","journal-title":"ISA Trans."},{"key":"6_CR51","doi-asserted-by":"publisher","DOI":"10.1201\/b12207","volume-title":"Ensemble Methods: Foundations and Algorithms","author":"ZH Zhou","year":"2012","unstructured":"Zhou, Z.H.: Ensemble Methods: Foundations and Algorithms, 1st edn. CRC Press, Boca Raton (2012)","edition":"1"},{"key":"6_CR52","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-1967-3","volume-title":"Machine Learning","author":"ZH Zhou","year":"2021","unstructured":"Zhou, Z.H.: Machine Learning, 1st edn. Springer, Cham (2021)","edition":"1"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51476-0_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:03:36Z","timestamp":1704870216000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51476-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514753","9783031514760"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51476-0_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}