{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,11]],"date-time":"2025-06-11T04:11:49Z","timestamp":1749615109035,"version":"3.41.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319453774"},{"type":"electronic","value":"9783319453781"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45378-1_31","type":"book-chapter","created":{"date-parts":[[2016,9,8]],"date-time":"2016-09-08T05:04:15Z","timestamp":1473311055000},"page":"342-351","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Cyber Security of the Application Layer of Mission Critical Industrial Systems"],"prefix":"10.1007","author":[{"given":"Rafa\u0142","family":"Kozik","sequence":"first","affiliation":[]},{"given":"Micha\u0142","family":"Chora\u015b","sequence":"additional","affiliation":[]},{"given":"Rafa\u0142","family":"Renk","sequence":"additional","affiliation":[]},{"given":"Witold","family":"Ho\u0142ubowicz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,9]]},"reference":[{"key":"31_CR1","unstructured":"F-Secure. Backdoor: W32\/HAVEX description. https:\/\/www.f-secure.com\/v-descs\/backdoor_w32_havex.shtml"},{"key":"31_CR2","unstructured":"OWASP Top. 10 2013. OWASP project homepage. https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10"},{"key":"31_CR3","unstructured":"ModSecurity project homepage. https:\/\/www.modsecurity.org\/"},{"key":"31_CR4","unstructured":"PHPIDS project homepage. https:\/\/github.com\/PHPIDS\/PHPIDS"},{"key":"31_CR5","unstructured":"NAXSI project homepage. https:\/\/github.com\/nbs-system\/naxsi"},{"key":"31_CR6","unstructured":"NGINX project homepage. http:\/\/nginx.org\/en\/"},{"key":"31_CR7","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 251\u2013261 (2003)","DOI":"10.1145\/948109.948144"},{"issue":"5","key":"31_CR8","doi-asserted-by":"publisher","first-page":"1239","DOI":"10.1016\/j.comnet.2006.09.016","volume":"51","author":"KL Ingham","year":"2007","unstructured":"Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Comput. Netw. 51(5), 1239\u20131255 (2007)","journal-title":"Comput. Netw."},{"key":"31_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/978-3-642-33338-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"D Had\u017eiosmanovi\u0107","year":"2012","unstructured":"Had\u017eiosmanovi\u0107, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the Machine: On the Feasibility of the N-Gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354\u2013373. Springer, Heidelberg (2012)"},{"key":"31_CR10","doi-asserted-by":"crossref","unstructured":"Bolzoni, D., Zambon, E., Etalle, S., Hartel, P.H.: POSEIDON: a 2-tier anomaly-based Network Intrusion Detection System. In: IWIA 2006: Proceedings of 4th IEEE International Workshop on Information Assurance, pp. 144\u20137156 (2006)","DOI":"10.1109\/IWIA.2006.18"},{"key":"31_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K Wang","year":"2006","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226\u2013248. Springer, Heidelberg (2006)"},{"issue":"6","key":"31_CR12","doi-asserted-by":"publisher","first-page":"864","DOI":"10.1016\/j.comnet.2008.11.011","volume":"53","author":"R Perdisci","year":"2009","unstructured":"Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864\u2013881 (2009)","journal-title":"Comput. Netw."},{"key":"31_CR13","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1145\/1030194.1015492","volume":"34","author":"A Lakhina","year":"2004","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34, 357\u2013374 (2004)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"issue":"1","key":"31_CR14","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1016\/0378-1119(88)90330-7","volume":"73","author":"DG Higgins","year":"1988","unstructured":"Higgins, D.G., Sharp, P.M.: CLUSTAL: a package for performing multiple sequence alignment on a microcomputer. Gene 73(1), 237\u2013244 (1988)","journal-title":"Gene"},{"issue":"69","key":"31_CR15","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1109\/MC.1984.1659158","volume":"17","author":"T Welch","year":"1984","unstructured":"Welch, T.: A technique for high-performance data compression. IEEE Comput. 17(69), 8\u201319 (1984)","journal-title":"IEEE Comput."},{"key":"31_CR16","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1109\/TIT.1977.1055714","volume":"23","author":"J Ziv","year":"1977","unstructured":"Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23, 337\u2013343 (1977)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"31_CR17","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"crossref","first-page":"227","DOI":"10.1007\/978-3-319-19713-5_20","volume-title":"International Joint Conference CISIS 2015 and ICEUTE 2015","author":"R Kozik","year":"2015","unstructured":"Kozik, R., Choras, M., Renk, R., Holubowicz, W.: Patterns extraction method for anomaly detection in HTTP traffic. In: Herrero, A., Baruque, B., Sedano, J., Quintan, H., Corchado, E. (eds.) CISIS 2015 and ICEUTE 2015. AISC, vol. 369, pp. 227\u2013236. Springer, Heidelberg (2015)"},{"key":"31_CR18","unstructured":"Torrano-Gimnez, C., Prez-Villegas, A. lvarez G.: The HTTP dataset CSIC 2010 (2010). http:\/\/users.aber.ac.uk\/pds7\/csic_dataset\/csic2010http.html"},{"key":"31_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/978-3-642-21323-6_4","volume-title":"Computational Intelligence in Security for Information Systems","author":"HT Nguyen","year":"2011","unstructured":"Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovi\u0107, S., Franke, K.: Application of the generic feature selection measure in detection of web attacks. In: Herrero, \u00c1., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 25\u201332. Springer, Heidelberg (2011)"},{"key":"31_CR20","doi-asserted-by":"crossref","unstructured":"Sharma, M., Toshniwal, D.: Pre-clustering algorithm for anomaly detection and clustering that uses variable size buckets. In: 2012 1st International Conference on Recent Advances in Information Technology (RAIT), pp. 515\u2013519, 15\u201317 March 2012","DOI":"10.1109\/RAIT.2012.6194613"},{"key":"31_CR21","doi-asserted-by":"crossref","unstructured":"Adaniya, M.H.A.C., Lima, M.F., Rodrigues, J.J.P.C., Abrao, T., Proenca, M.L.: Anomaly detection using DSNS and fireflyharmonic clustering algorithm. In: 2012 IEEE International Conference on Communications (ICC), pp. 1183\u20131187, 10\u201315 June 2012","DOI":"10.1109\/ICC.2012.6364088"},{"key":"31_CR22","doi-asserted-by":"crossref","unstructured":"Mazel, J., Casas, P., Labit, Y., Owezarski, P.: Sub-space clustering, inter-clustering results association and anomaly correlation for unsupervised network anomaly detection. In: 2011 7th International Conference on Network and Service Management (CNSM), pp. 1\u20138, 24\u201328 October 2011","DOI":"10.1007\/978-3-642-20305-3_2"},{"key":"31_CR23","doi-asserted-by":"crossref","unstructured":"Yang, C., FeiqiDeng, H.Y.: An unsupervised anomaly detection approach using subtractive clustering and hidden markov model. In: Second International Conference on Communications and Networking in China, CHINACOM 2007, pp. 313\u2013316, 22\u201324 August 2007","DOI":"10.1109\/CHINACOM.2007.4469390"},{"key":"31_CR24","doi-asserted-by":"crossref","unstructured":"Liang, H., Wei-wu, R., Fei, R.: An adaptive anomaly detection based on hierarchical clustering. In: 2009 1st International Conference on Information Science and Engineering (ICISE), pp. 1626\u20131629, 26\u201328 December 2009","DOI":"10.1109\/ICISE.2009.225"},{"issue":"2","key":"31_CR25","doi-asserted-by":"publisher","first-page":"191","DOI":"10.7155\/jgaa.00124","volume":"10","author":"P Pons","year":"2006","unstructured":"Pons, P., Latapy, M.: Computing communities in large networks using random walks. J. Graph Algorithms Appl. 10(2), 191\u2013218 (2006)","journal-title":"J. Graph Algorithms Appl."},{"key":"31_CR26","doi-asserted-by":"publisher","first-page":"2809","DOI":"10.1016\/j.comnet.2010.07.015","volume":"54","author":"Q Liao","year":"2010","unstructured":"Liao, Q., Blaich, A., Van Bruggen, D., Striegel, A.: Managing networks through context: graph visualization and exploration. Comput. Netw. 54, 2809\u20132824 (2010)","journal-title":"Comput. Netw."},{"key":"31_CR27","unstructured":"Cyberattack on Italian government. http:\/\/www.lastampa.it\/2015\/05\/19\/italia\/cronache\/anonymous-colpisce-il-ministero-della-difesa-qlFNgswyvu20wnQiNYK1kL\/pagina.html"},{"key":"31_CR28","unstructured":"Cyberattack on Turkish government. http:\/\/www.ehackingnews.com\/2013\/06\/istanbul-special-provincial.html"},{"key":"31_CR29","unstructured":"Cyberattack on Polish Airlines LOT company. http:\/\/uk.reuters.com\/article\/2015\/06\/21\/uk-poland-lot-cybercrime-idUKKBN0P10WY20150621"},{"key":"31_CR30","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/978-3-642-41485-5_2","volume-title":"Critical Information Infrastructures Security","author":"L Coppolino","year":"2013","unstructured":"Coppolino, L., et al.: Enhancing SIEM technology to protect critical infrastructures. In: H\u00e4mmerli, B.M., Svendsen, N.K., Lopez, J. (eds.) Critical Information Infrastructures Security, vol. 7722, pp. 10\u201321. Springer, Heidelberg (2013)"},{"issue":"1","key":"31_CR31","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1080\/18335330.2012.653198","volume":"7","author":"S Collins","year":"2012","unstructured":"Collins, S., McCombie, S.: Stuxnet: the emergence of a new cyber weapon and its implications. J. Policing Intell. Counter Terrorism 7(1), 80\u201391 (2012)","journal-title":"J. Policing Intell. Counter Terrorism"},{"key":"31_CR32","doi-asserted-by":"crossref","unstructured":"Takagi, H., et al.: Strategic security protection for industrial control systems. In: 2015 54th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE). IEEE (2015)","DOI":"10.1109\/SICE.2015.7285554"},{"key":"31_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-33675-1_20","volume-title":"Computer Safety, Reliability, and Security","author":"L Romano","year":"2012","unstructured":"Romano, L., D\u2019Antonio, S., Formicola, V., Coppolino, L.: Protecting the WSN zones of a critical infrastructure via enhanced SIEM technology. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP Workshops 2012. LNCS, vol. 7613, pp. 222\u2013234. Springer, Heidelberg (2012)"},{"key":"31_CR34","first-page":"213","volume-title":"Critical Infrastructure Protection VIII","author":"V Formicola","year":"2014","unstructured":"Formicola, V., et al.: Assessing the impact of cyber attacks on wireless sensor nodes that monitor interdependent physical systems. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection VIII, vol. 441, pp. 213\u2013229. Springer, Heidelberg (2014)"}],"container-title":["Lecture Notes in Computer Science","Computer Information Systems and Industrial Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45378-1_31","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,10]],"date-time":"2025-06-10T17:23:57Z","timestamp":1749576237000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-45378-1_31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319453774","9783319453781"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45378-1_31","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"9 September 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CISIM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Computer Information Systems and Industrial Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vilnius","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lithuania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisim2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}