{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T15:55:41Z","timestamp":1756310141045,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319608754"},{"type":"electronic","value":"9783319608761"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60876-1_7","type":"book-chapter","created":{"date-parts":[[2017,6,3]],"date-time":"2017-06-03T08:00:34Z","timestamp":1496476834000},"page":"141-160","source":"Crossref","is-referenced-by-count":6,"title":["Last Line of Defense: A Novel IDS Approach Against Advanced Threats in Industrial Control Systems"],"prefix":"10.1007","author":[{"given":"Mark","family":"Luchs","sequence":"first","affiliation":[]},{"given":"Christian","family":"Doerr","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,4]]},"reference":[{"key":"7_CR1","unstructured":"Hadziosmanovic, D.: The process matters: cyber security in industrial control systems. Ph.D. thesis, Universiteit Twente (2014)"},{"key":"7_CR2","unstructured":"C\u00e1rdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Conference on Hot Topics in Security (2008)"},{"key":"7_CR3","unstructured":"Abrams, M., Weiss, J.: Malicious control system cyber security attack case study-maroochy water services, Australia, July 2008"},{"key":"7_CR4","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier. Technical report, Symantec, February 2011"},{"key":"7_CR5","unstructured":"McDonald, G., Murchu, L.O., Doherty, S., Chien, E.: Stuxnet 0.5: the missing link. Technical report, Symantec (2013)"},{"key":"7_CR6","unstructured":"Langner, R.: The Langner Group. Technical report, November 2013"},{"key":"7_CR7","unstructured":"Lee, R.M., Assante, M.J., Conway, T.: Technical report, SANS ICS (2014)"},{"key":"7_CR8","unstructured":"BSI. Die Lage der IT-Sicherheit in Deutschland 2014 (2014)"},{"key":"7_CR9","doi-asserted-by":"crossref","DOI":"10.1201\/b13869","volume-title":"Handbook of SCADA\/Control Systems Security","author":"R Radvanovsky","year":"2013","unstructured":"Radvanovsky, R., Brodsky, J.: Handbook of SCADA\/Control Systems Security. CRC Press, Boca Raton (2013)"},{"key":"7_CR10","volume-title":"Security Engineering","author":"RJ Anderson","year":"2008","unstructured":"Anderson, R.J.: Security Engineering. Wiley, Indianapolis (2008)"},{"key":"7_CR11","unstructured":"Goodin, D.: Stepson of stuxnet stalked kaspersky for months, tapped iran nuke talks. Februari 2017. arstechnica.com"},{"issue":"7","key":"7_CR12","doi-asserted-by":"crossref","first-page":"498","DOI":"10.1016\/j.cose.2006.03.001","volume":"25","author":"VM Igure","year":"2006","unstructured":"Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498\u2013506 (2006)","journal-title":"Comput. Secur."},{"key":"7_CR13","unstructured":"Cardenas, A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-physical Systems Security, DHS, July 2009"},{"issue":"1","key":"7_CR14","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1109\/TII.2012.2198666","volume":"9","author":"M Cheminod","year":"2013","unstructured":"Cheminod, M., Durante, L., Valenzano, A.: Review of security issues in industrial networks. IEEE Trans. Ind. Inf. 9(1), 277\u2013293 (2013)","journal-title":"IEEE Trans. Ind. Inf."},{"issue":"2","key":"7_CR15","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE\u201313","author":"D Denning","year":"1987","unstructured":"Denning, D.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE\u201313(2), 222\u2013232 (1987)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"C\u00e1rdenas, A.A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Symposium on Information, Computer and Communications Security (2011)","DOI":"10.1145\/1966913.1966959"},{"key":"7_CR17","unstructured":"Etalle, S., Gregory, C., Bolzoni, D., Zambon, E., Trivellato, D.: Monitoring industrial control systems to improve operations and security. Technical report, Security Matters (2013)"},{"key":"7_CR18","unstructured":"Etalle, S., Gregory, C., Bolzoni, D., Zambon, E.: Self configuring deep protocol network whitelisting. Technical report, Security Matters (2013)"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Urbina, D.I., Giraldo, J.A., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: SIGSAC Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2976749.2978388"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Had\u017eiosmanovi\u0107, D., Sommer, R., Zambon, E., Hartel, P.H.: Through the eye of the PLC: semantic security monitoring for industrial processes. In: Annual Computer Security Applications Conference (2014)","DOI":"10.1145\/2664243.2664277"},{"issue":"4","key":"7_CR21","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/j.ijcip.2009.10.001","volume":"2","author":"IN Fovino","year":"2009","unstructured":"Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on scada systems. Crit. Infrastruct. Protection 2(4), 139\u2013145 (2009)","journal-title":"Crit. Infrastruct. Protection"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Cardenas, A., Baras, J., Seamon, K.: A framework for the evaluation of intrusion detection systems. In: 2006 IEEE Symposium on Security and Privacy, pp. 15\u201377, May 2006","DOI":"10.1109\/SP.2006.2"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Cardenas, A., Amin, S., Sastry, S.: Secure control: towards survivable cyber-physical systems. In: Distributed Computing Systems Workshops, pp. 495\u2013500, June 2008","DOI":"10.1109\/ICDCS.Workshops.2008.40"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Fovino, I.N., Carcano, A., Murel, T.D.L., Trombetta, A., Masera, M.: Modbus\/dnp. 3 state-based intrusion detection system. In: International Conference on Advanced Information Networking and Applications (2010)","DOI":"10.1109\/AINA.2010.86"},{"key":"7_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-642-14379-3_12","volume-title":"Critical Information Infrastructures Security","author":"A Carcano","year":"2010","unstructured":"Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: State-based network intrusion detection systems for SCADA protocols: a proof of concept. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 138\u2013150. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-14379-3_12"},{"key":"7_CR26","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1109\/TII.2010.2099234","volume":"7","author":"A Carcano","year":"2011","unstructured":"Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I.N., Trombetta, A.: A multidimensional critical state analysis for detecting intrusions in scada systems. Trans. Ind. Inf. 7, 179\u2013186 (2011)","journal-title":"Trans. Ind. Inf."},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Doerr, C., Hernandez, J.M.: A computational approach to multi-level analysis of network resilience. In: Third International Conference on Dependability, DEPEND (2010)","DOI":"10.1109\/DEPEND.2010.27"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Doerr, C.: Challenge tracing and mitigation under partial information and uncertainty. In: Communications and Network Security (CNS) (2013)","DOI":"10.1109\/CNS.2013.6682759"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60876-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,25]],"date-time":"2019-09-25T11:17:36Z","timestamp":1569410256000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60876-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319608754","9783319608761"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60876-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}