{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:34:14Z","timestamp":1767339254477,"version":"3.41.0"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319487366"},{"type":"electronic","value":"9783319487373"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-48737-3_6","type":"book-chapter","created":{"date-parts":[[2016,11,2]],"date-time":"2016-11-02T01:02:29Z","timestamp":1478048549000},"page":"99-115","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Lightweight Journaling for Scada Systems via Event Correlation"],"prefix":"10.1007","author":[{"given":"Antoine","family":"Lemay","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alireza","family":"Sadighian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jose","family":"Fernandez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,11,3]]},"reference":[{"key":"6_CR1","unstructured":"BBC News, Hack attack causes \u201cmassive damage\u201d at steel works, December 22, 2014"},{"key":"6_CR2","unstructured":"Burks, D.: Security Onion Project (2016). github.com\/Security-Onion-Solutions\/security-onion"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Cheng, B., Tseng, R.: A context adaptive intrusion detection system for MANET, Computer Communications, vol. 34(3), pp. 310\u2013318 (2011)","DOI":"10.1016\/j.comcom.2010.06.015"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework, Proceedings of the IEEE Symposium on Security and Privacy, pp. 202\u2013215 (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"issue":"3","key":"6_CR5","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1504\/IJHPCN.2013.056525","volume":"7","author":"Massimo Ficco","year":"2013","unstructured":"Ficco, M.: Security event correlation approach for cloud computing, International Journal of High Performance Computing and Networking, vol. 7(3), pp. 173\u2013185 (2013)","journal-title":"International Journal of High Performance Computing and Networking"},{"key":"6_CR6","unstructured":"Golden, T.: WMI 1.4.9 (2003). pypi.Python.org\/pypi\/WMI"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Hoque, M., Mukit, M., Bikas, M.: An implementation of an intrusion detection system using a genetic algorithm, International Journal of Network Security and its Applications, vol. 4(2), pp. 109\u2013120 (2012)","DOI":"10.5121\/ijnsa.2012.4208"},{"key":"6_CR8","unstructured":"Jean, L.: modbus_tk 0.4.3 (2014). pypi.python.org\/pypi\/modbus_tk\/0.4.3"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Lemay, A., Fernandez, J., Knight, S.: An isolated virtual cluster for SCADA network security research, Proceedings of the First International Symposium for ICS and SCADA Cyber Security Research, pp. 88\u201396 (2013)","DOI":"10.14236\/ewic\/ICSCSR2013.10"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"NETRESEC, Full Disclosure of Havex Trojans, Orsundsbro, Sweden (2014). www.netresec.com\/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans","DOI":"10.1038\/scientificamerican0614-10"},{"key":"6_CR11","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1007\/978-3-642-37119-6_18","volume-title":"Foundations and Practice of Security","author":"Sherif Saad","year":"2013","unstructured":"Saad, S., Traore, I.: Extracting attack scenarios using intrusion semantics, Proceedings of the Fifth International Symposium on the Foundations and Practice of Security, pp. 278\u2013292 (2013)"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Sadighian, A., Fernandez, J., Lemay, A., Zargar, S.: ONTIDS: A highly flexible context-aware and ontology-based alert correlation framework, Proceedings of the Sixth International Symposium on the Foundations and Practice of Security, pp. 161\u2013177 (2014)","DOI":"10.1007\/978-3-319-05302-8_10"},{"key":"6_CR13","unstructured":"SourceForge, ScadaBR (2016). sourceforge.net\/projects\/scadabr"},{"issue":"3","key":"6_CR14","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","volume":"1","author":"F. Valeur","year":"2004","unstructured":"Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.: Comprehensive approach to intrusion detection alert correlation, IEEE Transactions Dependable and Secure Computing, vol. 1(3), pp. 146\u2013169 (2004)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"2-3","key":"6_CR15","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1016\/0166-3615(94)90017-5","volume":"24","author":"Theodore J. Williams","year":"1994","unstructured":"Williams, T.: The Purdue Enterprise Reference Architecture, Computers in Industry, vol. 24(2-3), pp. 141\u2013158 (1994)","journal-title":"Computers in Industry"},{"key":"6_CR16","unstructured":"Wireshark Foundation, tshark (2016). www.wireshark.org\/docs\/man-pages\/tshark.html"},{"key":"6_CR17","unstructured":"Yusof, R., Selamat, S., Sahib, S.: Intrusion alert correlation technique analysis for heterogeneous log, International Journal of Computer Science and Network Security, vol. 8(9), pp. 132\u2013138 (2008)"}],"container-title":["IFIP Advances in Information and Communication Technology","Critical Infrastructure Protection X"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-48737-3_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,11]],"date-time":"2025-06-11T23:12:38Z","timestamp":1749683558000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-48737-3_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319487366","9783319487373"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-48737-3_6","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"3 November 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICCIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Infrastructure Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 March 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 March 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iccip2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}