{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T05:54:37Z","timestamp":1780466077736,"version":"3.54.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031842597","type":"print"},{"value":"9783031842603","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-84260-3_20","type":"book-chapter","created":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T14:46:38Z","timestamp":1741013198000},"page":"343-361","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Machine Learning Techniques for\u00a0Anomaly Detection in\u00a0the\u00a0Hydra Testbed: A Data-Driven Defense Strategy"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4346-2233","authenticated-orcid":false,"given":"Valeria","family":"Bonagura","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jacopo","family":"Pisani","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alessio","family":"Ferrato","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chiara","family":"Foglietta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Graziana","family":"Cavone","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Federica","family":"Pascucci","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,3,4]]},"reference":[{"key":"20_CR1","doi-asserted-by":"crossref","unstructured":"Ahmed, C.M., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: Proceedings of the 3rd International Workshop on Cyber-physical Systems for Smart Water Networks, pp. 25\u201328 (2017)","DOI":"10.1145\/3055366.3055375"},{"key":"20_CR2","unstructured":"Anton, S.D., Gundall, M., Fraunholz, D., Schotten, H.D.: Implementing SCADA scenarios and introducing attacks to obtain training data for intrusion detection methods. In: ICCWS 2019 14th International Conference on Cyber Warfare and Security: ICCWS 2019, pp.\u00a056. Academic Conferences and Publishing Limited (2019)"},{"key":"20_CR3","doi-asserted-by":"crossref","unstructured":"Anton, S.D.D., Sinha, S., Schotten, H.D.: Anomaly-based intrusion detection in industrial data with SVM and random forests. In: 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp.\u00a01\u20136. IEEE (2019)","DOI":"10.23919\/SOFTCOM.2019.8903672"},{"key":"20_CR4","doi-asserted-by":"publisher","first-page":"101994","DOI":"10.1016\/j.cose.2020.101994","volume":"97","author":"M Ashrafuzzaman","year":"2020","unstructured":"Ashrafuzzaman, M., Das, S., Chakhchoukh, Y., Shiva, S., Sheldon, F.T.: Detecting stealthy false data injection attacks in the smart grid using ensemble-based machine learning. Comput. Secur. 97, 101994 (2020)","journal-title":"Comput. Secur."},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Bernieri, G., Conti, M., Turrin, F.: Evaluation of machine learning algorithms for anomaly detection in industrial networks. In: 2019 IEEE International Symposium on Measurements & Networking (M &N), pp.\u00a01\u20136. IEEE (2019)","DOI":"10.1109\/IWMN.2019.8805036"},{"issue":"4","key":"20_CR6","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3398209","volume":"53","author":"Y Chen","year":"2020","unstructured":"Chen, Y., Zheng, B., Zhang, Z., Wang, Q., Shen, C., Zhang, Q.: Deep learning on mobile and embedded devices: State-of-the-art, challenges, and future directions. ACM Comput. Surv. (CSUR) 53(4), 1\u201337 (2020)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"8","key":"20_CR7","doi-asserted-by":"publisher","first-page":"2114","DOI":"10.1109\/TIFS.2018.2812149","volume":"13","author":"W Choi","year":"2018","unstructured":"Choi, W., Joo, K., Jo, H.J., Park, M.C., Lee, D.H.: VoltageIDS: low-level communication characteristics for automotive intrusion detection system. IEEE Trans. Inf. Forensics Secur. 13(8), 2114\u20132129 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"9","key":"20_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3472753","volume":"54","author":"D Chou","year":"2021","unstructured":"Chou, D., Jiang, M.: A survey on data-driven network intrusion detection. ACM Comput. Surv. (CSUR) 54(9), 1\u201336 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"7","key":"20_CR9","doi-asserted-by":"publisher","first-page":"6481","DOI":"10.1109\/JIOT.2019.2958185","volume":"7","author":"AA Cook","year":"2019","unstructured":"Cook, A.A., M\u0131s\u0131rl\u0131, G., Fan, Z.: Anomaly detection for IoT time-series data: a survey. IEEE Internet Things J. 7(7), 6481\u20136494 (2019)","journal-title":"IEEE Internet Things J."},{"issue":"4","key":"20_CR10","doi-asserted-by":"publisher","first-page":"e0152173","DOI":"10.1371\/journal.pone.0152173","volume":"11","author":"M Goldstein","year":"2016","unstructured":"Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS ONE 11(4), e0152173 (2016)","journal-title":"PLoS ONE"},{"issue":"4","key":"20_CR11","doi-asserted-by":"publisher","first-page":"1052","DOI":"10.1109\/JSYST.2013.2257594","volume":"8","author":"S Han","year":"2014","unstructured":"Han, S., Xie, M., Chen, H.H., Ling, Y.: Intrusion detection in cyber-physical systems: techniques and challenges. IEEE Syst. J. 8(4), 1052\u20131062 (2014)","journal-title":"IEEE Syst. J."},{"key":"20_CR12","doi-asserted-by":"crossref","unstructured":"Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058\u20131065. IEEE (2017)","DOI":"10.1109\/ICDMW.2017.149"},{"issue":"2","key":"20_CR13","doi-asserted-by":"publisher","first-page":"1087","DOI":"10.17762\/turcomat.v10i2.13630","volume":"10","author":"K Kumain","year":"2019","unstructured":"Kumain, K.: Anomaly detection in industrial control systems using machine learning techniques. Turk. J. Comput. Math. Educ. (TURCOMAT) 10(2), 1087\u20131094 (2019)","journal-title":"Turk. J. Comput. Math. Educ. (TURCOMAT)"},{"key":"20_CR14","doi-asserted-by":"publisher","DOI":"10.1002\/9781119682394","volume-title":"Machine Learning for Time Series Forecasting with Python","author":"F Lazzeri","year":"2020","unstructured":"Lazzeri, F.: Machine Learning for Time Series Forecasting with Python. John Wiley & Sons, Hoboken (2020)"},{"key":"20_CR15","doi-asserted-by":"crossref","unstructured":"Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, S.K.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks. In: International Conference on Artificial Neural Networks, pp. 703\u2013716. Springer (2019)","DOI":"10.1007\/978-3-030-30490-4_56"},{"issue":"1","key":"20_CR16","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","volume":"36","author":"HJ Liao","year":"2013","unstructured":"Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16\u201324 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"20_CR17","doi-asserted-by":"crossref","unstructured":"Lou, X., Tellabi, A.: Cybersecurity threats, vulnerability and analysis in safety critical industrial control system (ICS). Recent Developments on Industrial Control Systems Resilience, pp. 75\u201397 (2020)","DOI":"10.1007\/978-3-030-31328-9_4"},{"key":"20_CR18","doi-asserted-by":"crossref","unstructured":"Ma, M., Lahmadi, A., Chrisment, I.: Detecting a stealthy attack in distributed control for microgrids using machine learning algorithms. In: 2020 IEEE Conference on Industrial Cyberphysical Systems (ICPS), vol.\u00a01, pp. 143\u2013148. IEEE (2020)","DOI":"10.1109\/ICPS48405.2020.9274721"},{"issue":"12","key":"20_CR19","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/S1361-3723(21)00129-9","volume":"2021","author":"Y Maleh","year":"2021","unstructured":"Maleh, Y.: IT\/OT convergence and cyber security. Comput. Fraud Secur. 2021(12), 13\u201316 (2021)","journal-title":"Comput. Fraud Secur."},{"key":"20_CR20","doi-asserted-by":"crossref","unstructured":"Markovic, T., Dehlaghi-Ghadim, A., Leon, M., Balador, A., Punnekkat, S.: Time-series anomaly detection and classification with long short-term memory network on industrial manufacturing systems. In: 2023 18th Conference on Computer Science and Intelligence Systems (FedCSIS), pp. 171\u2013181. IEEE (2023)","DOI":"10.15439\/2023F5263"},{"key":"20_CR21","unstructured":"Maslej, N., et\u00a0al.: Artificial intelligence index report 2023. arXiv preprint: arXiv:2310.03715 (2023)"},{"key":"20_CR22","unstructured":"Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Critical Infrastructure Protection VIII: 8th IFIP WG 11.10 International Conference, ICCIP 2014, Arlington, VA, USA, 17\u201319 March 2014, Revised Selected Papers 8, pp. 65\u201378. Springer (2014)"},{"key":"20_CR23","unstructured":"Murray, G., Johnstone, M.N., Valli, C.: The convergence of IT and OT in critical infrastructure (2017)"},{"issue":"8","key":"20_CR24","doi-asserted-by":"publisher","first-page":"1773","DOI":"10.1109\/TNNLS.2015.2404803","volume":"27","author":"M Ozay","year":"2015","unstructured":"Ozay, M., Esnaola, I., Vural, F.T.Y., Kulkarni, S.R., Poor, H.V.: Machine learning methods for attack detection in the smart grid. IEEE Trans. Neural Netw. Learn. Syst. 27(8), 1773\u20131786 (2015)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"issue":"6","key":"20_CR25","doi-asserted-by":"publisher","first-page":"3104","DOI":"10.1109\/TSG.2015.2409775","volume":"6","author":"S Pan","year":"2015","unstructured":"Pan, S., Morris, T., Adhikari, U.: Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans. Smart Grid 6(6), 3104\u20133113 (2015)","journal-title":"IEEE Trans. Smart Grid"},{"issue":"2","key":"20_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3439950","volume":"54","author":"G Pang","year":"2021","unstructured":"Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. (CSUR) 54(2), 1\u201338 (2021)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"6","key":"20_CR27","doi-asserted-by":"publisher","first-page":"5310","DOI":"10.1109\/TSG.2021.3102833","volume":"12","author":"M Pasetti","year":"2021","unstructured":"Pasetti, M., et al.: Artificial neural network-based stealth attack on battery energy storage systems. IEEE Trans. Smart Grid 12(6), 5310\u20135321 (2021)","journal-title":"IEEE Trans. Smart Grid"},{"key":"20_CR28","doi-asserted-by":"crossref","unstructured":"Primartha, R., Tama, B.A.: Anomaly detection using random forest: a performance revisited. In: 2017 International Conference on Data and Software Engineering (ICoDSE), pp.\u00a01\u20136. IEEE (2017)","DOI":"10.1109\/ICODSE.2017.8285847"},{"key":"20_CR29","doi-asserted-by":"crossref","unstructured":"Robles-Durazno, A., Moradpoor, N., McWhinnie, J., Russell, G.: A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp.\u00a01\u20138. IEEE (2018)","DOI":"10.1109\/CyberSecPODS.2018.8560683"},{"issue":"5","key":"20_CR30","doi-asserted-by":"publisher","first-page":"1289","DOI":"10.1016\/j.comnet.2012.10.022","volume":"57","author":"S Salah","year":"2013","unstructured":"Salah, S., Maci\u00e1-Fern\u00e1ndez, G., D\u00edaz-Verdejo, J.E.: A model-based survey of alert correlation techniques. Comput. Netw. 57(5), 1289\u20131317 (2013)","journal-title":"Comput. Netw."},{"key":"20_CR31","doi-asserted-by":"crossref","unstructured":"Samrin, R., Vasumathi, D.: Review on anomaly based network intrusion detection system. In: 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), pp. 141\u2013147. IEEE (2017)","DOI":"10.1109\/ICEECCOT.2017.8284655"},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Santos, S., Costa, P., Rocha, A.: IT\/OT convergence in industry 4.0: risks and analisy of the problems. In: 2023 18th Iberian Conference on InformationD Systems and Technologies (CISTI), pp.\u00a01\u20136. IEEE (2023)","DOI":"10.23919\/CISTI58278.2023.10211415"},{"key":"20_CR33","doi-asserted-by":"publisher","unstructured":"Schmidl, S., Wenig, P., Papenbrock, T.: Anomaly detection in time series: a comprehensive evaluation. Proc. VLDB Endow. 15(9), 1779\u20131797 (2022). https:\/\/doi.org\/10.14778\/3538598.3538602","DOI":"10.14778\/3538598.3538602"},{"key":"20_CR34","doi-asserted-by":"crossref","unstructured":"Schneider, P., B\u00f6ttinger, K.: High-performance unsupervised anomaly detection for cyber-physical system networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, pp. 1\u201312 (2018)","DOI":"10.1145\/3264888.3264890"},{"key":"20_CR35","unstructured":"Shin, H.K., Lee, W., Yun, J.H., Kim, H.: $$\\{$$HAI$$\\}$$ 1.0:$$\\{$$HIL-based$$\\}$$ augmented $$\\{$$ICS$$\\}$$ security dataset. In: 13Th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20) (2020)"},{"issue":"8","key":"20_CR36","doi-asserted-by":"publisher","first-page":"04018048","DOI":"10.1061\/(ASCE)WR.1943-5452.0000969","volume":"144","author":"R Taormina","year":"2018","unstructured":"Taormina, R., et al.: Battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 144(8), 04018048 (2018)","journal-title":"J. Water Resour. Plan. Manag."},{"key":"20_CR37","doi-asserted-by":"crossref","unstructured":"Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: Revealing stealthy attacks in control systems. In: 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1806\u20131813. IEEE (2012)","DOI":"10.1109\/Allerton.2012.6483441"},{"issue":"SI","key":"20_CR38","doi-asserted-by":"publisher","first-page":"22","DOI":"10.2112\/SI93-004.1","volume":"93","author":"Y Wang","year":"2019","unstructured":"Wang, Y., Jiang, R., Xie, J., Zhao, Y., Yan, D., Yang, S.: Soil and water assessment tool (SWAT) model: a systemic review. J. Coast. Res. 93(SI), 22\u201330 (2019)","journal-title":"J. Coast. Res."},{"key":"20_CR39","doi-asserted-by":"publisher","first-page":"100078","DOI":"10.1016\/j.commtr.2022.100078","volume":"2","author":"Z Wang","year":"2022","unstructured":"Wang, Z., Liu, X.: Cyber security of railway cyber-physical system (CPS)-a risk management methodology. Commun. Transp. Res. 2, 100078 (2022)","journal-title":"Commun. Transp. Res."},{"key":"20_CR40","doi-asserted-by":"crossref","unstructured":"Yampolskiy, M., Horvath, P., Koutsoukos, X.D., Xue, Y., Sztipanovits, J.: Taxonomy for description of cross-domain attacks on CPS. In: Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, pp. 135\u2013142 (2013)","DOI":"10.1145\/2461446.2461465"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-84260-3_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T14:46:50Z","timestamp":1741013210000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-84260-3_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031842597","9783031842603"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-84260-3_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"4 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}