{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T16:52:58Z","timestamp":1773161578392,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319728162","type":"print"},{"value":"9783319728179","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,12,22]],"date-time":"2017-12-22T00:00:00Z","timestamp":1513900800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-72817-9_7","type":"book-chapter","created":{"date-parts":[[2017,12,21]],"date-time":"2017-12-21T11:44:29Z","timestamp":1513856669000},"page":"93-109","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Stealthy Deception Attacks Against SCADA Systems"],"prefix":"10.1007","author":[{"given":"Amit","family":"Kleinmann","sequence":"first","affiliation":[]},{"given":"Ori","family":"Amichay","sequence":"additional","affiliation":[]},{"given":"Avishai","family":"Wool","sequence":"additional","affiliation":[]},{"given":"David","family":"Tenenbaum","sequence":"additional","affiliation":[]},{"given":"Ofer","family":"Bar","sequence":"additional","affiliation":[]},{"given":"Leonid","family":"Lev","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,12,22]]},"reference":[{"key":"7_CR1","unstructured":"Final report on the August 14, 2003 blackout in the United States and Canada: Causes and recommendations. U.S.-Canada Power System Outage Task Force, U.S. Secretary of Energy and Minister of Natural Resources Canada, April 2004"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing ARP cache poisoning attacks. In: 27th International Conference on Distributed Computing Systems Workshops, ICDCSW 2007, pp. 60\u201360. IEEE (2007)","DOI":"10.1109\/ICDCSW.2007.19"},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-319-17127-2_2","volume-title":"Risks and Security of Internet and Systems","author":"C Alcaraz","year":"2015","unstructured":"Alcaraz, C., Cazorla, L., Fernandez, G.: Context-awareness using anomaly-based detectors for smart grid domains. In: Lopez, J., Ray, I., Crispo, B. (eds.) CRiSIS 2014. LNCS, vol. 8924, pp. 17\u201334. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-17127-2_2"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Atassi, A., Elhajj, I.H., Chehab, A., Kayssi, A.: The state of the art in intrusion prevention and detection. In: Intrusion Detection for SCADA Systems, Chap. 9, pp. 211\u2013230. Auerbach Publications, January 2014","DOI":"10.1201\/b16390-12"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Barbosa, R., Sadre, R., Pras, A.: A first look into SCADA network traffic. In: IEEE Network Operations and Management Symposium (NOMS), pp. 518\u2013521, April 2012","DOI":"10.1109\/NOMS.2012.6211945"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Barbosa, R., Sadre, R., Pras, A.: Towards periodicity based anomaly detection in SCADA networks. In: 17th IEEE Emerging Technologies Factory Automation (ETFA), pp. 1\u20134, September 2012","DOI":"10.1109\/ETFA.2012.6489745"},{"key":"7_CR7","unstructured":"Byres, E.J., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: International Infrastructure Survivability Workshop (2004)"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"C\u00e1rdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: 6th ACM Symposium on Information, Computer and Communications Security, pp. 355\u2013366. ACM (2011)","DOI":"10.1145\/1966913.1966959"},{"key":"7_CR9","unstructured":"Caselli, M., Zambon, E., Kargl, F.: Sequence-aware intrusion detection in industrial control systems. In: 1st ACM Workshop on Cyber-Physical System Security, New York, NY, USA, pp. 13\u201324 (2015). http:\/\/doi.acm.org\/10.1145\/2732198.2732200"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Chen, C.M., Hsiao, H.W., Yang, P.Y., Ou, Y.H.: Defending malicious attacks in cyber physical systems. In: 2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA), pp. 13\u201318, August 2013","DOI":"10.1109\/CPSNA.2013.6614240"},{"key":"7_CR11","unstructured":"Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using model-based intrusion detection for SCADA networks. In: SCADA Security Scientific Symposium, pp. 127\u2013134 (2007)"},{"key":"7_CR12","unstructured":"De\u00a0Maizi\u00e8re, T.: Die Lage der IT-Sicherheit in Deutschland 2014. The German Federal Office for Information Security (2014). https:\/\/www.google.co.il\/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwigs8_B1enXAhVSFuwKHQm3Ba8QFggmMAA&url=https%3A%2F%2Fwww.bmi.bund.de%2FSharedDocs%2Fdownloads%2FDE%2Fpublikationen%2F2014%2Fbsi-lagebericht-it-sicherheit.pdf%3F__blob%3DpublicationFile&usg=AOvVaw2deYBrgkWuS45W4MbRUldL"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Dolev, D., Yao, A.C.: On the security of public key protocols. Technical report, Stanford, CA, USA (1981)","DOI":"10.1109\/SFCS.1981.32"},{"key":"7_CR14","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1016\/j.ijcip.2015.05.001","volume":"10","author":"N Erez","year":"2015","unstructured":"Erez, N., Wool, A.: Control variable classification, modeling and anomaly detection in Modbus\/TCP SCADA systems. Int. J. Crit. Infrastruct. Prot. 10, 59\u201370 (2015)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"7_CR15","unstructured":"Falliere, N., Murchu, L., Chien, E.: W32.Stuxnet dossier. White paper, Symantec Corporation, Security Response (2011)"},{"issue":"4","key":"7_CR16","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/j.ijcip.2009.10.001","volume":"2","author":"IN Fovino","year":"2009","unstructured":"Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Int. J. Crit. Infrastruct. Prot. 2(4), 139\u2013145 (2009). http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1874548209000419","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Fovino, I., Carcano, A., De Lacheze Murel, T., Trombetta, A., Masera, M.: Modbus\/DNP3 state-based intrusion detection system. In: 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 729\u2013736. IEEE (2010)","DOI":"10.1109\/AINA.2010.86"},{"issue":"2","key":"7_CR18","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1016\/j.ijcip.2013.05.001","volume":"6","author":"N Goldenberg","year":"2013","unstructured":"Goldenberg, N., Wool, A.: Accurate modeling of Modbus\/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63\u201375 (2013). http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1874548213000243","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"7_CR19","unstructured":"Gorman, S.: Electricity grid in U.S. penetrated by spies. Wall Street J. A1 (2009). http:\/\/www.wsj.com\/articles\/SB123914805204099085"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Hadziosmanovic, D., Bolzoni, D., Hartel, P.H., Etalle, S.: MELISSA: towards automated detection of undesirable user actions in critical infrastructures. In: European Conference on Computer Network Defense, EC2ND, Gothenburg, Sweden, USA, pp. 41\u201348, September 2011","DOI":"10.1109\/EC2ND.2011.10"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Kleinmann, A., Amichay, O., Wool, A., Tenenbaum, D., Bar, O., Lev, L.: Stealthy deception attacks against SCADA systems. arXiv:1706.09303 [cs.CR], June 2017","DOI":"10.1007\/978-3-319-72817-9_7"},{"issue":"2","key":"7_CR22","first-page":"37","volume":"9","author":"A Kleinmann","year":"2014","unstructured":"Kleinmann, A., Wool, A.: Accurate modeling of the siemens S7 SCADA protocol for intrusion detection and digital forensic. JDFSL 9(2), 37\u201350 (2014). http:\/\/ojs.jdfsl.org\/index.php\/jdfsl\/article\/view\/262","journal-title":"JDFSL"},{"key":"7_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"132","DOI":"10.1007\/978-3-319-33331-1_11","volume-title":"Critical Information Infrastructures Security","author":"A Kleinmann","year":"2016","unstructured":"Kleinmann, A., Wool, A.: A statechart-based anomaly detection model for multi-threaded SCADA systems. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds.) CRITIS 2015. LNCS, vol. 9578, pp. 132\u2013144. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33331-1_11"},{"key":"7_CR24","unstructured":"Kleinmann, A., Wool, A.: Automatic construction of statechart-based anomaly detection models for multi-threaded SCADA via spectral analysis. In: 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC 2016, pp. 1\u201312. ACM, New York (2016). http:\/\/doi.acm.org\/10.1145\/2994487.2994490"},{"issue":"4","key":"7_CR25","first-page":"55","volume":"8","author":"A Kleinmann","year":"2017","unstructured":"Kleinmann, A., Wool, A.: Automatic construction of statechart-based anomaly detection models for multi-threaded industrial control systems. ACM Trans. Intell. Syst. Technol. (TIST) 8(4), 55 (2017)","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"issue":"3","key":"7_CR26","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"7_CR27","unstructured":"Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack on the Ukrainian power grid. Technical report, SANS E-ISAC, 18 March 2016. https:\/\/ics.sans.org\/media\/E-SAC_SANS_Ukraine_DUC_5.pdf"},{"issue":"4","key":"7_CR28","doi-asserted-by":"crossref","first-page":"3317","DOI":"10.1109\/TPWRS.2016.2631891","volume":"32","author":"G Liang","year":"2017","unstructured":"Liang, G., Weller, S.R., Zhao, J., Luo, F., Dong, Z.Y.: The 2015 Ukraine blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 3317\u20133318 (2017)","journal-title":"IEEE Trans. Power Syst."},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Lin, H., Slagell, A., Kalbarczyk, Z., Sauer, P.W., Iyer, R.K.: Semantic security analysis of SCADA networks to detect malicious control commands in power grids. In: First ACM Workshop on Smart Energy Grid Security, pp. 29\u201334. ACM (2013)","DOI":"10.1145\/2516930.2516947"},{"issue":"1","key":"7_CR30","first-page":"13","volume":"14","author":"Y Liu","year":"2011","unstructured":"Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 13 (2011)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"7_CR31","unstructured":"Marsh, R.T.: Critical foundations: protecting America\u2019s infrastructures - the report of the president\u2019s commission on critical infrastructure protection. Technical report, President\u2019s Commission on Critical Infrastructure Protection, October 1997"},{"issue":"1","key":"7_CR32","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1109\/JPROC.2011.2161428","volume":"100","author":"Y Mo","year":"2012","unstructured":"Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195\u2013209 (2012)","journal-title":"Proc. IEEE"},{"issue":"3","key":"7_CR33","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/65.283931","volume":"8","author":"B Mukherjee","year":"1994","unstructured":"Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network intrusion detection. IEEE Netw. 8(3), 26\u201341 (1994)","journal-title":"IEEE Netw."},{"issue":"11","key":"7_CR34","doi-asserted-by":"crossref","first-page":"2715","DOI":"10.1109\/TAC.2013.2266831","volume":"58","author":"F Pasqualetti","year":"2013","unstructured":"Pasqualetti, F., D\u00f6rfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715\u20132729 (2013)","journal-title":"IEEE Trans. Autom. Control"},{"key":"7_CR35","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: 13th USENIX Conference on System Administration, LISA 1999, pp. 229\u2013238. USENIX Association, Berkeley (1999). http:\/\/dl.acm.org\/citation.cfm?id=1039834.1039864"},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"Urbina, D.I., Giraldo, J.A., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092\u20131105. ACM (2016)","DOI":"10.1145\/2976749.2978388"},{"key":"7_CR37","doi-asserted-by":"crossref","unstructured":"Valdes, A., Cheung, S.: Communication pattern anomaly detection in process control systems. In: IEEE Conference on Technologies for Homeland Security (HST), pp. 22\u201329 (2009)","DOI":"10.1109\/THS.2009.5168010"},{"key":"7_CR38","unstructured":"Yang, D., Usynin, A., Hines, J.: Anomaly-based intrusion detection for SCADA systems. In: 5th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies, pp. 12\u201316 (2006)"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72817-9_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,8]],"date-time":"2019-10-08T07:45:05Z","timestamp":1570520705000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72817-9_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,22]]},"ISBN":["9783319728162","9783319728179"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72817-9_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,12,22]]}}}