{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T02:51:02Z","timestamp":1777949462684,"version":"3.51.4"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032160881","type":"print"},{"value":"9783032160898","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-16089-8_24","type":"book-chapter","created":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T23:35:30Z","timestamp":1777851330000},"page":"382-402","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Signals and\u00a0Symptoms: ICS Attack Dataset From Railway Cyber Range"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1255-9296","authenticated-orcid":false,"given":"Anis","family":"Yusof","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5191-8362","authenticated-orcid":false,"given":"Yuancheng","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-7850-259X","authenticated-orcid":false,"given":"Niklaus","family":"Kang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0964-9194","authenticated-orcid":false,"given":"Choon Meng","family":"Seah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7138-5030","authenticated-orcid":false,"given":"Zhenkai","family":"Liang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4613-0866","authenticated-orcid":false,"given":"Ee-Chien","family":"Chang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"24_CR1","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-030-69781-5_9","volume-title":"Cyber-physical security for critical infrastructures protection","author":"CM Ahmed","year":"2021","unstructured":"Ahmed, C.M., Kandasamy, N.K.: A comprehensive dataset from a smart grid testbed for machine learning based cps security research. In: Abie, H., Ranise, S., Verderame, L., Cambiaso, E., Ugarelli, R., Giunta, G., Pra\u00e7a, I., Battisti, F. (eds.) Cyber-physical security for critical infrastructures protection, pp. 123\u2013135. Springer International Publishing, Cham (2021)"},{"key":"24_CR2","doi-asserted-by":"publisher","unstructured":"Ahmed, C.M., Palleti, V.R., Mathur, A.P.: Wadi: a water distribution testbed for research in the design of secure cyber physical systems. In: Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, pp. 25\u201328. CySWATER \u201917, Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3055366.3055375","DOI":"10.1145\/3055366.3055375"},{"key":"24_CR3","doi-asserted-by":"publisher","unstructured":"Akbarzadeh, A., Erdodi, L., Houmb, S.H., Soltvedt, T.G.: Two-stage advanced persistent threat (apt) attack on an iec 61850 power grid substation. Int. J. Inf. Secur. 23(4), 2739\u20132758 (May 2024). https:\/\/doi.org\/10.1007\/s10207-024-00856-6","DOI":"10.1007\/s10207-024-00856-6"},{"key":"24_CR4","doi-asserted-by":"publisher","unstructured":"Allison, D., Smith, P., Mclaughlin, K.: Digital twin-enhanced incident response for cyber-physical systems. In: Proceedings of the 18th International Conference on Availability, Reliability and Security. ARES \u201923, Association for Computing Machinery, New York, NY, USA (2023). https:\/\/doi.org\/10.1145\/3600160.3600195","DOI":"10.1145\/3600160.3600195"},{"issue":"4","key":"24_CR5","doi-asserted-by":"publisher","first-page":"2248","DOI":"10.1109\/COMST.2021.3094360","volume":"23","author":"M Conti","year":"2021","unstructured":"Conti, M., Donadel, D., Turrin, F.: A survey on industrial control system testbeds and datasets for security research. IEEE Commun. Surv. Tutorials 23(4), 2248\u20132294 (2021). https:\/\/doi.org\/10.1109\/COMST.2021.3094360","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"24_CR6","doi-asserted-by":"publisher","unstructured":"Dehlaghi-Ghadim, A., Balador, A., Moghadam, M.H., Hansson, H., Conti, M.: Icssim \u2013 a framework for building industrial control systems security testbeds. Comput. Ind. 148, 103906 (2023). https:\/\/doi.org\/10.1016\/j.compind.2023.103906, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0166361523000568","DOI":"10.1016\/j.compind.2023.103906"},{"key":"24_CR7","doi-asserted-by":"publisher","unstructured":"Dehlaghi-Ghadim, A., Moghadam, M.H., Balador, A., Hansson, H.: Anomaly detection dataset for industrial control systems. IEEE Access 11, 107982\u2013107996 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3320928","DOI":"10.1109\/ACCESS.2023.3320928"},{"key":"24_CR8","doi-asserted-by":"publisher","unstructured":"Downs, J., Vogel, E.: A plant-wide industrial process control problem. Comput. Chem. Eng. 17(3), 245\u2013255 (1993). https:\/\/doi.org\/10.1016\/0098-1354(93)80018-I, https:\/\/www.sciencedirect.com\/science\/article\/pii\/009813549380018I, industrial challenge problems in process control","DOI":"10.1016\/0098-1354(93)80018-I"},{"key":"24_CR9","doi-asserted-by":"publisher","unstructured":"d\u2019Ambrosio, N., Capodagli, G., Perrone, G., Romano, S.P.: Scass: Breaking into scada systems security. Comput. Secur. 151(C) (Apr 2025). https:\/\/doi.org\/10.1016\/j.cose.2025.104315","DOI":"10.1016\/j.cose.2025.104315"},{"key":"24_CR10","doi-asserted-by":"publisher","unstructured":"Fernandes, T., Magalh\u00e3es, J.P., Alves, W.: Cybersecurity in smart railways: exploring risks, vulnerabilities and mitigation in the data communication services. Green Energy and Intelligent Transportation p. 100305 (2025). https:\/\/doi.org\/10.1016\/j.geits.2025.100305, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2773153725000556","DOI":"10.1016\/j.geits.2025.100305"},{"key":"24_CR11","doi-asserted-by":"publisher","unstructured":"Firoozjaei, M.D., Mahmoudyar, N., Baseri, Y., Ghorbani, A.A.: An evaluation framework for industrial control system cyber incidents. Int. J. Crit. Infrastruct. Prot. 36, 100487 (2022). https:\/\/doi.org\/10.1016\/j.ijcip.2021.100487, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1874548221000718","DOI":"10.1016\/j.ijcip.2021.100487"},{"key":"24_CR12","doi-asserted-by":"publisher","unstructured":"Flood, R., Engelen, G., Aspinall, D., Desmet, L.: Bad design smells in benchmark nids datasets. In: 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P), pp. 658\u2013675 (2024). https:\/\/doi.org\/10.1109\/EuroSP60621.2024.00042","DOI":"10.1109\/EuroSP60621.2024.00042"},{"key":"24_CR13","unstructured":"Fraunhofer: Safety4rails eu project. https:\/\/safety4rails.eu\/ (2020). Accessed 25 May 2025"},{"key":"24_CR14","doi-asserted-by":"publisher","unstructured":"Gaggero, G.B., Armellin, A., Portomauro, G., Marchese, M.: Industrial control system-anomaly detection dataset (ics-add) for cyber-physical security monitoring in smart industry environments. IEEE Access 12, 64140\u201364149 (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3395991","DOI":"10.1109\/ACCESS.2024.3395991"},{"key":"24_CR15","doi-asserted-by":"publisher","unstructured":"Genge, B., Haller, P., Roman, A.S.: E-aptdetect: Early advanced persistent threat detection in critical infrastructures with dynamic attestation. Appl. Sci. 13(6) (2023). https:\/\/doi.org\/10.3390\/app13063409, https:\/\/www.mdpi.com\/2076-3417\/13\/6\/3409","DOI":"10.3390\/app13063409"},{"key":"24_CR16","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-319-71368-7_8","volume-title":"Critical Information Infrastructures Security","author":"J Goh","year":"2017","unstructured":"Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security, pp. 88\u201399. Springer International Publishing, Cham (2017)"},{"key":"24_CR17","doi-asserted-by":"publisher","unstructured":"Kim, M., Jeon, S., Cho, J., Gong, S.: Data-driven ics network simulation for synthetic data generation. Electronics 13(10) (2024). https:\/\/doi.org\/10.3390\/electronics13101920, https:\/\/www.mdpi.com\/2079-9292\/13\/10\/1920","DOI":"10.3390\/electronics13101920"},{"key":"24_CR18","doi-asserted-by":"publisher","unstructured":"Liu, J., Inam, M.A., Goyal, A., Riddle, A., Westfall, K., Bates, A.: What we talk about when we talk about logs: understanding the effects of dataset quality on endpoint threat detection research . In: 2025 IEEE Symposium on Security and Privacy (SP). pp. 112\u2013129. IEEE Computer Society, Los Alamitos, CA, USA (May 2025). https:\/\/doi.org\/10.1109\/SP61157.2025.00112, https:\/\/doi.ieeecomputersociety.org\/10.1109\/SP61157.2025.00112","DOI":"10.1109\/SP61157.2025.00112"},{"key":"24_CR19","unstructured":"LiuYuancheng: Cluster User Emulation System. https:\/\/github.com\/LiuYuancheng\/Cluster_User_Emulation_System"},{"key":"24_CR20","doi-asserted-by":"publisher","unstructured":"Lo, C., Win, T.Y., Rezaeifar, Z., Khan, Z., Legg, P.: Digital twins of cyber physical systems in smart manufacturing for threat simulation and detection with deep learning for time series classification. In: 2024 29th International Conference on Automation and Computing (ICAC), pp.\u00a01\u20136 (2024). https:\/\/doi.org\/10.1109\/ICAC61394.2024.10718749","DOI":"10.1109\/ICAC61394.2024.10718749"},{"key":"24_CR21","doi-asserted-by":"publisher","unstructured":"Neema, H., Koutsoukos, X., Potteiger, B., Tang, C., Stouffer, K.: Simulation testbed for railway infrastructure security and resilience evaluation. In: Proceedings of the 7th Symposium on Hot Topics in the Science of Security. HotSoS \u201920, Association for Computing Machinery, New York, NY, USA (2020). https:\/\/doi.org\/10.1145\/3384217.3385623","DOI":"10.1145\/3384217.3385623"},{"key":"24_CR22","unstructured":"Shin, H.K., Lee, W., Yun, J.H., Kim, H.: HAI 1.0: HIL-based augmented ICS security dataset. In: 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association (Aug 2020), https:\/\/www.usenix.org\/conference\/cset20\/presentation\/shin"},{"key":"24_CR23","doi-asserted-by":"publisher","unstructured":"Srivastava, K., K\u00f6pke, C., Walter, J., Faist, K., Berry, J.M., Porretti, C., Stolz, A.: Modelling and simulation of railway networks for resilience analysis. In: Computer Security. ESORICS 2022 International Workshops: CyberICPS 2022, SECPRE 2022, SPOSE 2022, CPS4CIP 2022, CDT&SECOMANE 2022, EIS 2022, and SecAssure 2022, Copenhagen, Denmark, September 26\u201330, 2022, Revised Selected Papers, pp. 308\u2013320. Springer-Verlag, Berlin, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-25460-4_17","DOI":"10.1007\/978-3-031-25460-4_17"},{"key":"24_CR24","doi-asserted-by":"publisher","unstructured":"Teo, Z.T., et al.: Securerails: Towards an open simulation platform for analyzing cyber-physical attacks in railways. In: 2016 IEEE Region 10 Conference (TENCON), pp. 95\u201398 (2016). https:\/\/doi.org\/10.1109\/TENCON.2016.7847966","DOI":"10.1109\/TENCON.2016.7847966"},{"key":"24_CR25","doi-asserted-by":"publisher","unstructured":"Yang, Z., He, L., Cheng, P., Chen, J.: Mismatched control and monitoring frequencies: vulnerability, attack, and mitigation. IEEE Trans. Dependable Secure Comput. 22(01), 16\u201333 (Jan 2025). https:\/\/doi.org\/10.1109\/TDSC.2024.3384146, https:\/\/doi.ieeecomputersociety.org\/10.1109\/TDSC.2024.3384146","DOI":"10.1109\/TDSC.2024.3384146"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2025 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-16089-8_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T23:35:32Z","timestamp":1777851332000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-16089-8_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032160881","9783032160898"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-16089-8_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}