{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T04:07:22Z","timestamp":1747368442197,"version":"3.40.5"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031928819","type":"print"},{"value":"9783031928826","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-92882-6_10","type":"book-chapter","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T14:34:10Z","timestamp":1747319650000},"page":"136-150","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Artefact Provenance Graphs for Anomaly Inference in Industrial Control Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5232-2381","authenticated-orcid":false,"given":"Marco M.","family":"Cook","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0939-378X","authenticated-orcid":false,"given":"Dimitrios","family":"Pezaros","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Ahmed, C.M., Ochoa, M., Zhou, J., Mathur, A.: Scanning the cycle: timing-based authentication on PLCs, pp. 886\u2013900. Association for Computing Machinery, New York, NY, USA (2021)","DOI":"10.1145\/3433210.3453102"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Ahmed, C.M., Prakash, J., Qadeer, R., Agrawal, A., Zhou, J.: Process skew: fingerprinting the process for anomaly detection in industrial control systems. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Network, pp. 219\u2013230. WiSec \u201920, Association for Computing Machinery, New York, NY, USA (2020)","DOI":"10.1145\/3395351.3399364"},{"key":"10_CR3","unstructured":"Alexander, O., Belisle, M., Steele, J.: Mitre Att &ck\u00ae for Industrial Control Systems: Design and Philosophy. The MITRE Corporation, Bedford, MA, USA (2020)"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Arora, P., Kaur, B., Teixeira, M.A.: Security in industrial control systems using machine learning algorithms: an overview. In: Fong, S., Dey, N., Joshi, A. (eds.) ICT Analysis and Applications, pp. 359\u2013368. Springer Nature Singapore, Singapore (2022)","DOI":"10.1007\/978-981-16-5655-2_34"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Castellanos, J.H., Ochoa, M., Zhou, J.: Finding dependencies between cyber-physical domains for security testing of industrial control systems. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 582\u2013594. ACSAC \u201918, Association for Computing Machinery, New York, NY, USA (2018)","DOI":"10.1145\/3274694.3274745"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Cook, M., Patterson, C., Marnerides, A.K., Pezaros, D.: Anomaly diagnosis in cyber-physical systems. In: IEEE ICC. IEEE, Seoul, South Korea (2022)","DOI":"10.1109\/ICC45855.2022.9838968"},{"key":"10_CR7","doi-asserted-by":"publisher","first-page":"3376","DOI":"10.1109\/TIFS.2023.3277688","volume":"18","author":"MM Cook","year":"2023","unstructured":"Cook, M.M., Marnerides, A.K., Pezaros, D.: PLCPrint: fingerprinting memory attacks in programmable logic controllers. IEEE Trans. Inf. Forensics Secur. 18, 3376\u20133387 (2023)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10_CR8","unstructured":"Dragos: Pipedream: Chernovite\u2019s emerging malware targeting industrial control systems. Tech. rep., Dragos, Inc. (2022)"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Feng, Y., Zhang, W., Fu, Y., Jiang, W., Zhu, J., Ren, W.: Sensitivehue: multivariate time series anomaly detection by enhancing the sensitivity to normal patterns. In: Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pp. 782\u2013793 (2024)","DOI":"10.1145\/3637528.3671919"},{"key":"10_CR10","unstructured":"Forscout Research: \u201cICS malware \u2018FrostyGoop\/BUSTLEBERM\u2019: Insights others missed\u201d (2024). https:\/\/www.forescout.com\/blog\/ics-malware-frostygoopbustleberm-insights-others-missed\/"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security, pp. 88\u201399. Springer International Publishing, Cham (2017)","DOI":"10.1007\/978-3-319-71368-7_8"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Ike, M., Phan, K., Sadoski, K., Valme, R., Lee, W.: Scaphy: detecting modern ics attacks by correlating behaviors in scada and physical. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 20\u201337. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179411"},{"issue":"3","key":"10_CR13","doi-asserted-by":"publisher","first-page":"1310","DOI":"10.3390\/s23031310","volume":"23","author":"B Kim","year":"2023","unstructured":"Kim, B., Alawami, M.A., Kim, E., Oh, S., Park, J., Kim, H.: A comparative study of time series anomaly detection models for industrial control systems. Sensors 23(3), 1310 (2023)","journal-title":"Sensors"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Lin, Q., Adepu, S., Verwer, S., Mathur, A.: Tabor: a graphical model-based approach for anomaly detection in industrial control systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 525\u2013536 (2018)","DOI":"10.1145\/3196494.3196546"},{"key":"10_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2021.100464","volume":"35","author":"T Miller","year":"2021","unstructured":"Miller, T., Staves, A., Maesschalck, S., Sturdee, M., Green, B.: Looking back to look forward: lessons learnt from cyber-attacks on industrial control systems. Int. J. Crit. Infrastruct. Prot. 35, 100464 (2021)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"10_CR16","unstructured":"Rajput, P.H.N., Doumanidis, C., Maniatakos, M.: $$\\{$$ICSPatch$$\\}$$: automated vulnerability localization and $$\\{$$Non-Intrusive$$\\}$$ hotpatching in industrial control systems using data dependence graphs. In: 32nd USENIX Security Symposium, pp. 6861\u20136876 (2023)"},{"key":"10_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.106144","volume":"122","author":"Y Wang","year":"2023","unstructured":"Wang, Y., Peng, H., Wang, G., Tang, X., Wang, X., Liu, C.: Monitoring industrial control systems via spatio-temporal graph neural networks. Eng. Appl. Artif. Intell. 122, 106144 (2023)","journal-title":"Eng. Appl. Artif. Intell."},{"issue":"5","key":"10_CR18","doi-asserted-by":"publisher","first-page":"955","DOI":"10.1109\/JSAC.2020.2980921","volume":"38","author":"K Yang","year":"2020","unstructured":"Yang, K., Li, Q., Lin, X., Chen, X., Sun, L.: iFinger: intrusion detection in industrial control systems via register-based fingerprinting. IEEE J. Sel. Areas Commun. 38(5), 955\u2013967 (2020)","journal-title":"IEEE J. Sel. Areas Commun."}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-92882-6_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T14:34:19Z","timestamp":1747319659000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-92882-6_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031928819","9783031928826"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-92882-6_10","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"16 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2025.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}