{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,15]],"date-time":"2025-11-15T10:36:02Z","timestamp":1763202962084,"version":"3.40.3"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031818998"},{"type":"electronic","value":"9783031819001"}],"license":[{"start":{"date-parts":[[2024,12,29]],"date-time":"2024-12-29T00:00:00Z","timestamp":1735430400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,29]],"date-time":"2024-12-29T00:00:00Z","timestamp":1735430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-81900-1_2","type":"book-chapter","created":{"date-parts":[[2024,12,28]],"date-time":"2024-12-28T17:44:35Z","timestamp":1735407875000},"page":"21-36","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["The Good, the\u00a0Bad and\u00a0the\u00a0Ugly: Investigating the\u00a0Effectiveness of\u00a0Graph Deep Neural Networks for\u00a0Anomaly Detection in\u00a0Industrial Control Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-9606-5003","authenticated-orcid":false,"given":"Martin","family":"Nahalka","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5232-2381","authenticated-orcid":false,"given":"Marco M.","family":"Cook","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0939-378X","authenticated-orcid":false,"given":"Dimitrios","family":"Pezaros","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,12,29]]},"reference":[{"key":"2_CR1","doi-asserted-by":"publisher","unstructured":"Audibert, J., Guyard, F., Marti, S., Zuluaga, M.: USAD: UnSupervised Anomaly Detection on Multivariate Time Series (2020). https:\/\/doi.org\/10.1145\/3394486.3403392","DOI":"10.1145\/3394486.3403392"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Cziva, R., Pezaros, D.P.: On the latency benefits of edge NFV. In: 2017 ACM\/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 105\u2013106. IEEE (2017)","DOI":"10.1109\/ANCS.2017.23"},{"key":"2_CR3","doi-asserted-by":"publisher","unstructured":"de Riberolles, T., Zou, Y., Silvestre, G., Lochin, E., Song, J.: Anomaly detection for ICS based on deep learning: a use case for aeronautical radar data. Ann. Telecommun. 1\u201313 (2022). https:\/\/doi.org\/10.1007\/s12243-021-00902-7","DOI":"10.1007\/s12243-021-00902-7"},{"key":"2_CR4","doi-asserted-by":"publisher","unstructured":"Dehlaghi-Ghadim, A., Helali\u00a0Moghadam, M., Balador, A., Hansson, H.: Anomaly detection dataset for industrial control systems. IEEE Access 1 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3320928","DOI":"10.1109\/ACCESS.2023.3320928"},{"key":"2_CR5","doi-asserted-by":"publisher","unstructured":"Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, no. 5, pp. 4027\u20134035 (2021). https:\/\/doi.org\/10.1609\/aaai.v35i5.16523","DOI":"10.1609\/aaai.v35i5.16523"},{"key":"2_CR6","unstructured":"Dragos: ICS\/OT Cybersecurity: Year in review 2022 (2022). https:\/\/www.dragos.com\/year-in-review\/"},{"key":"2_CR7","doi-asserted-by":"publisher","first-page":"532","DOI":"10.1016\/j.ins.2022.06.039","volume":"608","author":"X Du","year":"2022","unstructured":"Du, X., Yu, J., Chu, Z., Jin, L., Chen, J.: Graph autoencoder-based unsupervised outlier detection. Inf. Sci. 608, 532\u2013550 (2022). https:\/\/doi.org\/10.1016\/j.ins.2022.06.039","journal-title":"Inf. Sci."},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-319-71368-7_8","volume-title":"Critical Information Infrastructures Security","author":"J Goh","year":"2017","unstructured":"Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 88\u201399. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-71368-7_8"},{"key":"2_CR9","doi-asserted-by":"publisher","unstructured":"Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140\u2013145. IEEE, Singapore (2017). https:\/\/doi.org\/10.1109\/HASE.2017.36","DOI":"10.1109\/HASE.2017.36"},{"key":"2_CR10","doi-asserted-by":"publisher","first-page":"41874","DOI":"10.1109\/ACCESS.2022.3167814","volume":"10","author":"JR Jiang","year":"2022","unstructured":"Jiang, J.R., Chen, Y.T.: Industrial control system anomaly detection and classification based on network traffic. IEEE Access 10, 41874\u201341888 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3167814","journal-title":"IEEE Access"},{"key":"2_CR11","unstructured":"Jin, M., et al.: A survey on graph neural networks for time series: forecasting, classification, imputation, and anomaly detection. arXiv abs\/2307.03759 (2023). https:\/\/api.semanticscholar.org\/CorpusID:259501265"},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Khan, S.A., Ali\u00a0Rana, Z.: Evaluating performance of software defect prediction models using area under precision-recall curve (AUC-PR). In: 2019 2nd International Conference on Advancements in Computational Sciences (ICACS), pp.\u00a01\u20136 (2019). https:\/\/doi.org\/10.23919\/ICACS.2019.8689135","DOI":"10.23919\/ICACS.2019.8689135"},{"issue":"3","key":"2_CR13","doi-asserted-by":"publisher","first-page":"1310","DOI":"10.3390\/s23031310","volume":"23","author":"B Kim","year":"2023","unstructured":"Kim, B., Alawami, M.A., Kim, E., Oh, S., Park, J., Kim, H.: A comparative study of time series anomaly detection models for industrial control systems. Sensors 23(3), 1310 (2023). https:\/\/doi.org\/10.3390\/s23031310","journal-title":"Sensors"},{"key":"2_CR14","unstructured":"Li, Y., Yu, R., Shahabi, C., Liu, Y.: Graph convolutional recurrent neural network: data-driven traffic forecasting. CoRR abs\/1707.01926 (2017). http:\/\/arxiv.org\/abs\/1707.01926"},{"key":"2_CR15","doi-asserted-by":"publisher","unstructured":"Li, Z., et al.: Multivariate time series anomaly detection and interpretation using hierarchical inter-metric and temporal embedding. In: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pp. 3220\u20133230. ACM, Virtual Event Singapore (2021). https:\/\/doi.org\/10.1145\/3447548.3467075","DOI":"10.1145\/3447548.3467075"},{"key":"2_CR16","doi-asserted-by":"publisher","unstructured":"Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems (2018). https:\/\/doi.org\/10.1145\/3196494.3196546","DOI":"10.1145\/3196494.3196546"},{"key":"2_CR17","doi-asserted-by":"publisher","unstructured":"Luo, Y., Xiao, Y., Cheng, L., Peng, G., Yao, D.D.: Deep learning-based anomaly detection in cyber-physical systems: progress and opportunities. ACM Comput. Surv. 54(5) (2021). https:\/\/doi.org\/10.1145\/3453155","DOI":"10.1145\/3453155"},{"key":"2_CR18","doi-asserted-by":"publisher","unstructured":"Manevitz, L., Yousef, M.: One-class SVMs for document classification. J. Mach. Learn. Res. 2, 139\u2013154 (2001). https:\/\/doi.org\/10.1162\/15324430260185574","DOI":"10.1162\/15324430260185574"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Miller, T., Staves, A., Maesschalck, S., Sturdee, M., Green, B.: Looking back to look forward: lessons learnt from cyber-attacks on industrial control systems. Int. J. Crit. Infrastruct. Prot. 35, 100464 (2021)","DOI":"10.1016\/j.ijcip.2021.100464"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-031-25460-4_22","volume-title":"Computer Security: ESORICS 2022 International Workshops - ESORICS 2022","author":"A Mitseva","year":"2023","unstructured":"Mitseva, A., Thierse, P., Hoffmann, H., Er, D., Panchenko, A.: Challenges and pitfalls in generating representative ICS datasets in cyber security research. In: Katsikas, S., et al. (eds.) ESORICS 2022. LNCS, vol. 13785, pp. 379\u2013397. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-25460-4_22"},{"key":"2_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118902","volume":"213","author":"TPQ Nguyen","year":"2023","unstructured":"Nguyen, T.P.Q., et al.: Time-series anomaly detection using dynamic programming based longest common subsequence on sensor data. Expert Syst. Appl. 213, 118902 (2023). https:\/\/doi.org\/10.1016\/j.eswa.2022.118902","journal-title":"Expert Syst. Appl."},{"key":"2_CR22","doi-asserted-by":"publisher","DOI":"10.1007\/s11276-022-03214-3","author":"I Ortega-Fernandez","year":"2023","unstructured":"Ortega-Fernandez, I., Sestelo, M., Burguillo, J.C., Pi\u00f1\u00f3n-Blanco, C.: Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wirel. Netw. (2023). https:\/\/doi.org\/10.1007\/s11276-022-03214-3","journal-title":"Wirel. Netw."},{"issue":"10","key":"2_CR23","doi-asserted-by":"publisher","first-page":"1583","DOI":"10.3390\/sym12101583","volume":"12","author":"\u00c1L Perales G\u00f3mez","year":"2020","unstructured":"Perales G\u00f3mez, \u00c1.L., Fern\u00e1ndez Maim\u00f3, L., Huertas Celdr\u00e1n, A., Garc\u00eda Clemente, F.J.: MADICS: a methodology for anomaly detection in industrial control systems. Symmetry 12(10), 1583 (2020). https:\/\/doi.org\/10.3390\/sym12101583","journal-title":"Symmetry"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Ranganathan, P., Pramesh, C.S., Aggarwal, R.: Common pitfalls in statistical analysis: logistic regression. Perspect. Clin. Res. 8, 148\u2013151 (2017). https:\/\/api.semanticscholar.org\/CorpusID:39844737","DOI":"10.4103\/picr.PICR_87_17"},{"key":"2_CR25","doi-asserted-by":"publisher","unstructured":"Rao, S., Ghaderi, M., Zhang, H.: CloudPAD: managed anomaly detection for ICS. In: Proceedings of the 4th Workshop on CPS and IoT Security and Privacy, pp. 55\u201361. ACM, Los Angeles CA USA (2022). https:\/\/doi.org\/10.1145\/3560826.3563383","DOI":"10.1145\/3560826.3563383"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Rozemberczki, B., et al.: PyTorch geometric temporal: spatiotemporal signal processing with neural machine learning models. In: Proceedings of the 30th ACM International Conference on Information and Knowledge Management, pp. 4564\u20134573 (2021)","DOI":"10.1145\/3459637.3482014"},{"key":"2_CR27","unstructured":"Shi, X., Chen, Z., Wang, H., Yeung, D.Y., Wong, W.K., WOO, W.C.: Convolutional LSTM network: a machine learning approach for precipitation nowcasting. In: Advances in Neural Information Processing Systems, vol.\u00a028. Curran Associates, Inc. (2015)"},{"key":"2_CR28","unstructured":"Shin, H.K., Lee, W., Yun, J.H., Kim, H.: HAI 1.0: HIL-based augmented ICS security dataset. In: 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association (2020). https:\/\/www.usenix.org\/conference\/cset20\/presentation\/shin"},{"key":"2_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2022.100516","volume":"38","author":"MA Umer","year":"2022","unstructured":"Umer, M.A., Junejo, K.N., Jilani, M.T., Mathur, A.P.: Machine learning for intrusion detection in industrial control systems: applications, challenges, and recommendations. Int. J. Crit. Infrastruct. Prot. 38, 100516 (2022). https:\/\/doi.org\/10.1016\/j.ijcip.2022.100516","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"2_CR30","doi-asserted-by":"publisher","unstructured":"Wardhani, N.W.S., Rochayani, M.Y., Iriany, A., Sulistyono, A.D., Lestantyo, P.: Cross-validation metrics for evaluating classification performance on imbalanced data. In: 2019 International Conference on Computer, Control, Informatics and Its Applications (IC3INA), pp. 14\u201318 (2019). https:\/\/doi.org\/10.1109\/IC3INA48034.2019.8949568","DOI":"10.1109\/IC3INA48034.2019.8949568"},{"key":"2_CR31","doi-asserted-by":"publisher","unstructured":"Zhang, C., et al.: A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, no. 01, pp. 1409\u20131416 (2019). https:\/\/doi.org\/10.1609\/aaai.v33i01.33011409","DOI":"10.1609\/aaai.v33i01.33011409"},{"key":"2_CR32","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1016\/j.aiopen.2021.01.001","volume":"1","author":"J Zhou","year":"2020","unstructured":"Zhou, J., et al.: Graph neural networks: a review of methods and applications. AI Open 1, 57\u201381 (2020). https:\/\/doi.org\/10.1016\/j.aiopen.2021.01.001","journal-title":"AI Open"}],"container-title":["IFIP Advances in Information and Communication Technology","Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-81900-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,28]],"date-time":"2024-12-28T18:01:58Z","timestamp":1735408918000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-81900-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,29]]},"ISBN":["9783031818998","9783031819001"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-81900-1_2","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2024,12,29]]},"assertion":[{"value":"29 December 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IFIPIoT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Internet of Things Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nice","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ifipiot2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ifip-iotconference.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}