{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T02:47:23Z","timestamp":1767494843333,"version":"3.40.3"},"publisher-location":"Cham","reference-count":18,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319584683"},{"type":"electronic","value":"9783319584690"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-58469-0_5","type":"book-chapter","created":{"date-parts":[[2017,5,3]],"date-time":"2017-05-03T11:34:53Z","timestamp":1493811293000},"page":"61-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Process Discovery for Industrial Control System Cyber Attack Detection"],"prefix":"10.1007","author":[{"given":"David","family":"Myers","sequence":"first","affiliation":[]},{"given":"Kenneth","family":"Radke","sequence":"additional","affiliation":[]},{"given":"Suriadi","family":"Suriadi","sequence":"additional","affiliation":[]},{"given":"Ernest","family":"Foo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,4]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.entcs.2004.10.013","volume":"121","author":"WMP Van der Aalst","year":"2005","unstructured":"Van der Aalst, W.M.P., de Medeiros, A.K.A.: Process mining and security: detecting anomalous process executions and checking process conformance. Electron. Notes Theor. Comput. Sci. 121, 3\u201321 (2005)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: SAC, pp. 1709\u20131716. ACM (2012)","DOI":"10.1145\/2245276.2232051"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Accorsi, R., Stocker, T., M\u00fcller, G.: On the exploitation of process mining for security audits: the process discovery case. In: SAC, pp. 1462\u20131468. ACM (2013)","DOI":"10.1145\/2480362.2480634"},{"key":"5_CR4","unstructured":"Daneels, A., Salter, W.: What is SCADA. In: Bulfone, D., Daneels, A. (eds.) International Conference on Accelerator and Large Experimental Physics Control Systems, pp. 339\u2013343. ELETTRA, October 1999"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-540-75183-0_24","volume-title":"Business Process Management","author":"CW G\u00fcnther","year":"2007","unstructured":"G\u00fcnther, C.W., Aalst, W.M.P.: Fuzzy mining \u2013 adaptive process simplification based on multi-perspective metrics. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 328\u2013343. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-75183-0_24"},{"issue":"4","key":"5_CR6","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/s10207-012-0163-8","volume":"11","author":"D Had\u017eiosmanovi\u0107","year":"2012","unstructured":"Had\u017eiosmanovi\u0107, D., Bolzoni, D., Hartel, P.H.: A log mining approach for process monitoring in SCADA. Int. J. Inf. Secur. 11(4), 231\u2013251 (2012)","journal-title":"Int. J. Inf. Secur."},{"key":"5_CR7","unstructured":"ICS-CERT. Alert (IR-ALERT-H-16-056-01) cyber-attack against ukrainian critical infrastructure. https:\/\/ics-cert.us-cert.gov\/alerts\/IR-ALERT-H-16-056-01, Accessed 18 Apr 2016"},{"issue":"7","key":"5_CR8","doi-asserted-by":"publisher","first-page":"498","DOI":"10.1016\/j.cose.2006.03.001","volume":"25","author":"VM Igure","year":"2006","unstructured":"Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498\u2013506 (2006)","journal-title":"Comput. Secur."},{"issue":"3","key":"5_CR9","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1016\/j.diin.2014.06.007","volume":"11","author":"RVD Knijff","year":"2014","unstructured":"Knijff, R.V.D.: Control systems\/SCADA forensics, what\u2019s the difference? Digital Invest. 11(3), 160\u2013174 (2014). Special Issue, Embedded Forensics","journal-title":"Digital Invest."},{"key":"5_CR10","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-27243-6_1","volume-title":"Data-Driven Process Discovery and Analysis","author":"M Leemans","year":"2015","unstructured":"Leemans, M., van der Aalst, W.M.P.: Discovery of frequent episodes in event logs. In: Ceravolo, P., Russo, B., Accorsi, R. (eds.) SIMPDA 2014. LNBIP, vol. 237, pp. 1\u201331. Springer, Cham (2015). doi:10.1007\/978-3-319-27243-6_1"},{"key":"5_CR11","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-319-06257-0_6","volume-title":"Business Process Management Workshops","author":"SJJ Leemans","year":"2014","unstructured":"Leemans, S.J.J., Fahland, D., van der Aalst, W.M.P.: Discovering block-structured process models from event logs containing infrequent behaviour. In: Lohmann, N., Song, M., Wohed, P. (eds.) BPM 2013. LNBIP, vol. 171, pp. 66\u201378. Springer, Cham (2014). doi:10.1007\/978-3-319-06257-0_6"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-540-78238-4_10","volume-title":"Business Process Management Workshops","author":"A Rozinat","year":"2008","unstructured":"Rozinat, A., de Medeiros, A.K.A., G\u00fcnther, C.W., Weijters, A.J.M.M., van der Aalst, W.M.P.: The need for a process mining evaluation framework in research and practice. In: Hofstede, A., Benatallah, B., Paik, H.-Y. (eds.) BPM 2007. LNCS, vol. 4928, pp. 84\u201389. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-78238-4_10"},{"issue":"9","key":"5_CR13","doi-asserted-by":"publisher","first-page":"1128","DOI":"10.1109\/TKDE.2004.47","volume":"16","author":"WMP Van der Aalst","year":"2004","unstructured":"Van der Aalst, W.M.P., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128\u20131142 (2004)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"5_CR14","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-28108-2_19","volume-title":"Business Process Management Workshops","author":"WMP van der Aalst","year":"2012","unstructured":"van der Aalst, W.M.P., et al.: Process mining manifesto. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM 2011. LNBIP, vol. 99, pp. 169\u2013194. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-28108-2_19"},{"issue":"5","key":"5_CR15","doi-asserted-by":"publisher","first-page":"713","DOI":"10.1016\/j.is.2006.05.003","volume":"32","author":"WMP van der Aalst","year":"2007","unstructured":"van der Aalst, W.M.P., Reijers, H.A., Weijters, A.J.M.M., van Dongen, B.F., de Medeiros, A.K.A., Song, M., Verbeek, H.M.W.E.: Business process mining: an industrial application. Inf. Syst. 32(5), 713\u2013732 (2007)","journal-title":"Inf. Syst."},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-540-68746-7_24","volume-title":"Applications and Theory of Petri Nets","author":"JMEM van der Werf","year":"2008","unstructured":"van der Werf, J.M.E.M., van Dongen, B.F., Hurkens, C.A.J., Serebrenik, A.: Process discovery using integer linear programming. In: Hee, K.M., Valk, R. (eds.) PETRI NETS 2008. LNCS, vol. 5062, pp. 368\u2013387. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-68746-7_24"},{"issue":"7","key":"5_CR17","doi-asserted-by":"publisher","first-page":"654","DOI":"10.1016\/j.is.2012.02.004","volume":"37","author":"JD Weerdt","year":"2012","unstructured":"Weerdt, J.D., Backer, M.D., Vanthienen, J., Baesens, B.: A multi-dimensional quality assessment of state-of-the-art process discovery algorithms using real-life event logs. Inf. Syst. 37(7), 654\u2013676 (2012)","journal-title":"Inf. Syst."},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Weijters, A.J.M.M., Ribeiro, J.T.S.: Flexible heuristics miner (FHM). In: CIDM, pp. 310\u2013317. IEEE (2011)","DOI":"10.1109\/CIDM.2011.5949453"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-58469-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,22]],"date-time":"2021-05-22T00:03:30Z","timestamp":1621641810000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-58469-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319584683","9783319584690"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-58469-0_5","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"4 May 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 May 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 May 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/ifipsec.org\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}