{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:31:42Z","timestamp":1774539102782,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031823480","type":"print"},{"value":"9783031823497","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-82349-7_29","type":"book-chapter","created":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T16:46:16Z","timestamp":1743698776000},"page":"453-473","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Deployment Challenges of\u00a0Industrial Intrusion Detection Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7571-0555","authenticated-orcid":false,"given":"Konrad","family":"Wolsing","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3211-1015","authenticated-orcid":false,"given":"Eric","family":"Wagner","sequence":"additional","affiliation":[]},{"given":"Frederik","family":"Basels","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"Wagner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7252-4186","authenticated-orcid":false,"given":"Klaus","family":"Wehrle","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,2]]},"reference":[{"key":"29_CR1","doi-asserted-by":"publisher","unstructured":"Ahmed, C.M., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: CySWATER. ACM (2017). https:\/\/doi.org\/10.1145\/3055366.3055375","DOI":"10.1145\/3055366.3055375"},{"key":"29_CR2","doi-asserted-by":"publisher","unstructured":"Ahmed, C.M., MR., G.R., Mathur, A.P.: Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In: CPSS. ACM (2020). https:\/\/doi.org\/10.1145\/3384941.3409588","DOI":"10.1145\/3384941.3409588"},{"key":"29_CR3","doi-asserted-by":"publisher","unstructured":"Alladi, T.,\u00a0Chamola, V.,\u00a0Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155 (2020). https:\/\/doi.org\/10.1016\/j.comcom.2020.03.007","DOI":"10.1016\/j.comcom.2020.03.007"},{"key":"29_CR4","doi-asserted-by":"publisher","unstructured":"Anton, S.D.D.,\u00a0Sinha, S.,\u00a0Dieter\u00a0Schotten, H.: Anomaly-based intrusion detection in industrial data with SVM and random forests. In: SoftCOM (2019). https:\/\/doi.org\/10.23919\/SOFTCOM.2019.8903672","DOI":"10.23919\/SOFTCOM.2019.8903672"},{"key":"29_CR5","doi-asserted-by":"publisher","unstructured":"Apruzzese, G.,\u00a0Laskov, P.,\u00a0Schneider, J.: SOK: pragmatic assessment of machine learning for network intrusion detection. In: IEEE EuroS &P (2023). https:\/\/doi.org\/10.1109\/EuroSP57164.2023.00042","DOI":"10.1109\/EuroSP57164.2023.00042"},{"key":"29_CR6","unstructured":"Arp, D.,\u00a0Quiring, E.,\u00a0Pendlebury, F. et\u00a0al.: Dos and don\u2019ts of machine learning in computer security. In: USENIX Security Symposium (SEC) (2022)"},{"key":"29_CR7","doi-asserted-by":"publisher","unstructured":"Bader, L.,\u00a0Serror, M.,\u00a0Lamberts, O., et\u00a0al.: Comprehensively analyzing the impact of cyberattacks on power grids. In: IEEE EuroS &P (2023). https:\/\/doi.org\/10.1109\/EuroSP57164.2023.00066","DOI":"10.1109\/EuroSP57164.2023.00066"},{"key":"29_CR8","doi-asserted-by":"publisher","unstructured":"Conti, M.,\u00a0Donadel, D.,\u00a0Turrin, F.: A survey on industrial control system testbeds and datasets for security research. IEEE Commun. Surv. Tutorials 23(4) (). https:\/\/doi.org\/10.1109\/COMST.2021.3094360","DOI":"10.1109\/COMST.2021.3094360"},{"key":"29_CR9","doi-asserted-by":"publisher","unstructured":"Dahlmanns, M.,\u00a0Lohm\u00f6ller, J.,\u00a0Pennekamp, J.: et\u00a0al.: Missed opportunities: measuring the untapped TLS support in the industrial internet of things. In: ASIACCS. ACM (2022).https:\/\/doi.org\/10.1145\/3488932.3497762","DOI":"10.1145\/3488932.3497762"},{"key":"29_CR10","doi-asserted-by":"publisher","unstructured":"Erba, A., Tippenhauer, N.O.: Assessing model-free anomaly detection in industrial control systems against generic concealment attacks. In: ACSAC (2022). https:\/\/doi.org\/10.1145\/3564625.3564633","DOI":"10.1145\/3564625.3564633"},{"key":"29_CR11","doi-asserted-by":"publisher","unstructured":"Etalle, S.: From intrusion detection to software design. In: ESORICS. Springer (2017).https:\/\/doi.org\/10.1007\/978-3-319-66402-6_1","DOI":"10.1007\/978-3-319-66402-6_1"},{"key":"29_CR12","doi-asserted-by":"publisher","unstructured":"Feng, C., Palleti, V.R.,\u00a0Mathur, A., et\u00a0al.: A systematic framework to generate invariants for anomaly detection in industrial control systems. In: NDSS. Internet Society (2019). https:\/\/doi.org\/10.14722\/ndss.2019.23265","DOI":"10.14722\/ndss.2019.23265"},{"key":"29_CR13","doi-asserted-by":"publisher","unstructured":"Fovino, I.N.,\u00a0Carcano, A.,\u00a0De\u00a0Lacheze\u00a0Murel, T. et\u00a0al.: Modbus\/DNP3 state-based intrusion detection system. In: AINA. IEEE (2010). https:\/\/doi.org\/10.1109\/AINA.2010.86","DOI":"10.1109\/AINA.2010.86"},{"key":"29_CR14","doi-asserted-by":"publisher","unstructured":"Fung, C.,\u00a0Srinarasi, S.,\u00a0Lucas, K., et\u00a0al.: Perspectives from a comprehensive evaluation of reconstruction-based anomaly detection in industrial control systems. In: ESORICS. Springer (2022). https:\/\/doi.org\/10.1007\/978-3-031-17143-7_24","DOI":"10.1007\/978-3-031-17143-7_24"},{"key":"29_CR15","doi-asserted-by":"publisher","unstructured":"Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutorials 15(2) (2013). https:\/\/doi.org\/10.1109\/SURV.2012.071812.00124","DOI":"10.1109\/SURV.2012.071812.00124"},{"key":"29_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-319-71368-7_8","volume-title":"Critical Information Infrastructures Security","author":"J Goh","year":"2017","unstructured":"Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 88\u201399. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-71368-7_8"},{"key":"29_CR17","doi-asserted-by":"publisher","unstructured":"Humayed, A.,\u00a0Lin, J.,\u00a0Li, F., et\u00a0al.: Cyber-physical systems security-a survey. IEEE Internet Things J. 4(6) (2017). https:\/\/doi.org\/10.1109\/JIOT.2017.2703172","DOI":"10.1109\/JIOT.2017.2703172"},{"key":"29_CR18","series-title":"The Springer Series on Challenges in Machine Learning","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05318-5","volume-title":"Automated Machine Learning","year":"2019","unstructured":"Hutter, F., Kotthoff, L., Vanschoren, J. (eds.): Automated Machine Learning. TSSCML, Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-05318-5"},{"key":"29_CR19","doi-asserted-by":"publisher","unstructured":"Junejo, K.N.,\u00a0Goh, J.: Behaviour-based attack detection and classification in cyber physical systems using machine learning. In: CPSS (2016). https:\/\/doi.org\/10.1145\/2899015.2899016","DOI":"10.1145\/2899015.2899016"},{"key":"29_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-42048-2_1","volume-title":"Computer Security","author":"J Kim","year":"2020","unstructured":"Kim, J., Yun, J.-H., Kim, H.C.: Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In: Katsikas, S., et al. (eds.) CyberICPS\/SECPRE\/SPOSE\/ADIoT -2019. LNCS, vol. 11980, pp. 3\u201318. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-42048-2_1"},{"key":"29_CR21","doi-asserted-by":"publisher","unstructured":"Kus, D., Wagner, E., Pennekamp, J., et\u00a0al.: A false sense of security? Revisiting the state of machine learning-based industrial intrusion detection. In: CPSS. ACM (2022). https:\/\/doi.org\/10.1145\/3494107.3522773","DOI":"10.1145\/3494107.3522773"},{"key":"29_CR22","doi-asserted-by":"publisher","unstructured":"Lamberts, O., Wolsing, K., Wagner, E., et\u00a0al.: SOK: evaluations in industrial intrusion detection research. J. Syst. Res. 3(1) (2023). https:\/\/doi.org\/10.5070\/SR33162445","DOI":"10.5070\/SR33162445"},{"key":"29_CR23","doi-asserted-by":"publisher","unstructured":"Liaw, R., Liang, E., Nishihara, R., et\u00a0al.: Tune: a research platform for distributed model selection and training (2018). https:\/\/doi.org\/10.48550\/arXiv.1807.05118","DOI":"10.48550\/arXiv.1807.05118"},{"key":"29_CR24","doi-asserted-by":"publisher","unstructured":"Lin, Q., Adepu, S., Verwer, S., Mathur, A.: TABOR: a graphical model-based approach for anomaly detection in industrial control systems. In: ASIACCS. ACM (2018). https:\/\/doi.org\/10.1145\/3196494.3196546","DOI":"10.1145\/3196494.3196546"},{"issue":"1","key":"29_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-021-00095-5","volume":"4","author":"GR M. R.","year":"2021","unstructured":"M. R., G.R., Ahmed, C.M., Mathur, A.: Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation. Cybersecurity 4(1), 1\u201312 (2021). https:\/\/doi.org\/10.1186\/s42400-021-00095-5","journal-title":"Cybersecurity"},{"key":"29_CR26","unstructured":"Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In: SCSS. CAE in Cybersecurity Community (2015)"},{"key":"29_CR27","doi-asserted-by":"publisher","unstructured":"Perez, R.L., Adamsky, F., Soua, R., Engel, T.: Machine learning for reliable network attack detection in SCADA systems. In: IEEE TrustCom. IEEE (2018). https:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2018.00094","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00094"},{"key":"29_CR28","unstructured":"Probst, P., Boulesteix, A.L., Bischl, B.: Tunability: importance of hyperparameters of machine learning algorithms. J. Mach. Learn. Res. 20(53) (2019). http:\/\/jmlr.org\/papers\/v20\/18-444.html"},{"key":"29_CR29","doi-asserted-by":"publisher","unstructured":"Seng, S., Garcia-Alfaro, J., Laarouchi, Y.: Why anomaly-based intrusion detection systems have not yet conquered the industrial market?. In: A\u00efmeur, E., Laurent, M., Yaich, R., Dupont, B., Garcia-Alfaro, J. (eds.) Foundations and Practice of Security. FPS 2021. LNCS, vol. 13291. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-08147-7_23","DOI":"10.1007\/978-3-031-08147-7_23"},{"key":"29_CR30","doi-asserted-by":"publisher","unstructured":"Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: S &P. IEEE (2010). https:\/\/doi.org\/10.1109\/SP.2010.25","DOI":"10.1109\/SP.2010.25"},{"key":"29_CR31","doi-asserted-by":"publisher","unstructured":"Taormina, R., Galelli, S., Tippenhauer, N.O., et\u00a0al.: Battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8) (2018). https:\/\/doi.org\/10.1061\/(ASCE)WR.1943-5452.0000969","DOI":"10.1061\/(ASCE)WR.1943-5452.0000969"},{"key":"29_CR32","doi-asserted-by":"publisher","unstructured":"Weerts, H.J., Mueller, A.C., Vanschoren, J.: Importance of tuning hyperparameters of machine learning algorithms (2020). https:\/\/doi.org\/10.48550\/arXiv.2007.07588","DOI":"10.48550\/arXiv.2007.07588"},{"key":"29_CR33","doi-asserted-by":"publisher","unstructured":"Wolsing, K., Thiemt, L., van Sloun, C., et\u00a0al.: Can industrial intrusion detection be SIMPLE? In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17143-7_28","DOI":"10.1007\/978-3-031-17143-7_28"},{"key":"29_CR34","doi-asserted-by":"publisher","unstructured":"Wolsing, K., Wagner, E., Saillard, A., et al.: IPAL: breaking up silos of protocol-dependent and domain-specific industrial intrusion detection systems. In: RAID. ACM (2022). https:\/\/doi.org\/10.1145\/3545948.3545968","DOI":"10.1145\/3545948.3545968"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2024 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-82349-7_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T16:46:29Z","timestamp":1743698789000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-82349-7_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031823480","9783031823497"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-82349-7_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"2 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}