{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T07:02:28Z","timestamp":1758265348357,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319749464"},{"type":"electronic","value":"9783319749471"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-74947-1_4","type":"book-chapter","created":{"date-parts":[[2018,1,24]],"date-time":"2018-01-24T13:56:04Z","timestamp":1516802164000},"page":"53-67","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Intrusion Detection for Sequence-Based Attacks with Reduced Traffic Models"],"prefix":"10.1007","author":[{"given":"Benedikt","family":"Ferling","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Justyna","family":"Chromik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marco","family":"Caselli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anne","family":"Remke","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,1,25]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on SCADA systems. In: International Conference on Internet of Things and on Cyber, Physical and Social Computing, pp. 380\u2013388. IEEE CS Press, Washington, DC (2011)","DOI":"10.1109\/iThings\/CPSCom.2011.34"},{"key":"4_CR2","unstructured":"Burke, G., Fahey, J.: AP Investigation: U.S. Power Grid Vulnerable to Foreignhacks. http:\/\/lasvegassun.com\/news\/2015\/dec\/21\/apinvestigation-us-power-grid-vulnerable-to-forei\/. Accessed 06 June 2015"},{"key":"4_CR3","unstructured":"Goodin, D.: First known hacker-caused power outage signals troubling escalation. http:\/\/arstechnica.com\/security\/2016\/01\/first-known-hacker-caused-power-outage-signals-troubling-escalation\/. Accessed 06 June 2015"},{"key":"4_CR4","unstructured":"Falliere, N., Murchu, L., Chien, E.: White Paper: W32. Stuxnet Dossier. Technical Report. Symantec Corporation (2011)"},{"key":"4_CR5","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/978-3-319-26567-4_4","volume-title":"Critical Infrastructure Protection IX","author":"M Caselli","year":"2015","unstructured":"Caselli, M., Zambon, E., Petit, J., Kargl, F.: Modeling message sequences for intrusion detection in industrial control systems. In: Rice, M., Shenoi, S. (eds.) ICCIP 2015. IAICT, vol. 466, pp. 49\u201371. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26567-4_4"},{"issue":"3","key":"4_CR6","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1016\/j.ijcip.2013.08.003","volume":"6","author":"RRR Barbosa","year":"2013","unstructured":"Barbosa, R.R.R., Sadre, R., Pras, A.: Flow whitelisting in SCADA networks. Int. J. Crit. Infrastruct. Prot. 6(3), 150\u2013158 (2013)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"issue":"2","key":"4_CR7","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1016\/j.ijcip.2013.05.001","volume":"6","author":"N Goldenberg","year":"2013","unstructured":"Goldenberg, N., Wool, A.: Accurate modeling of Modbus\/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63\u201375 (2013)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Kang, B., McLaughlin, K., Sezer, S.: Towards a stateful analysis framework for smart grid network intrusion detection. In: 4th International Symposium for ICS & SCADA Cyber Security Research, pp. 1\u20138. BCS Learning & Development Ltd., Swindon (2016)","DOI":"10.14236\/ewic\/ICS2016.14"},{"key":"4_CR9","first-page":"1","volume":"99","author":"H Lin","year":"2016","unstructured":"Lin, H., Slagell, A., Kalbarczyk, Z., Sauer, P., Iyer, R.: Runtime semantic security analysis to detect and mitigate control-related attacks in power grids. IEEE Trans. Smart Grid 99, 1\u201316 (2016)","journal-title":"IEEE Trans. Smart Grid"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Barbosa, R.R.R., Sadre, R., Pras, A.: A first look into SCADA network traffic. In: IEEE\/IFIP Network Operations and Management Symposium, pp. 518\u2013521. IEEE CS Press, Maui, HI (2012)","DOI":"10.1109\/NOMS.2012.6211945"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Feng, C., Li, T., Chana, D.: Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In: 47th IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 1\u201312. IEEE CS Press, Denver, CO (2017)","DOI":"10.1109\/DSN.2017.34"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Caselli, M., Zambon, E., Kargl, F.: Sequence-aware intrusion detection in industrial control systems. In: 1st ACM Workshop on Cyber-Physical System Security, pp. 13\u201324. ACM (2015)","DOI":"10.1145\/2732198.2732200"},{"issue":"10","key":"4_CR13","doi-asserted-by":"publisher","first-page":"3943","DOI":"10.1109\/TIE.2011.2181132","volume":"59","author":"IN Fovino","year":"2012","unstructured":"Fovino, I.N., Coletta, A., Carcano, A., Masera, M.: Critical state-based filtering system for securing SCADA network protocols. IEEE Trans. Industr. Electron. 59(10), 3943\u20133950 (2012)","journal-title":"IEEE Trans. Industr. Electron."},{"key":"4_CR14","unstructured":"International Electrotechnical Commission: IEC 60870-5-104, Transmission Protocols, Network Access for IEC 60870-5-101Using Standard Transport Profiles (2003)"},{"issue":"12","key":"4_CR15","doi-asserted-by":"publisher","first-page":"1431","DOI":"10.1002\/cpe.1679","volume":"23","author":"C Alcaraz","year":"2011","unstructured":"Alcaraz, C., Lopez, J., Zhou, J., Roman, R.: Secure SCADA framework for the protection of energy control systems. Concurrency Computation: Pract. Experience 23(12), 1431\u20131442 (2011)","journal-title":"Concurrency Computation: Pract. Experience"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Clarke, G., Reynders, D.: Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems. Newnes, Oxford (2004)","DOI":"10.1016\/B978-075065799-0\/50019-X"},{"key":"4_CR17","unstructured":"Burke, G., Fahey, J.: LIAN 98(en): Protocol IEC 60870\u20135-104, Telegram Structure. http:\/\/www.mayor.de\/lian98\/doc.en\/html\/u_iec104_struct.htm. Accessed 13 December 2017"},{"key":"4_CR18","unstructured":"Nugteren, J.: ACM completes investigation into power outage in diemen. https:\/\/www.acm.nl\/en\/publications\/publication\/16469\/ACM-completes-investigation-into-power-outage-in-Diemen\/. Accessed 18 December 2017"},{"key":"4_CR19","unstructured":"Associated Press: Flights cancelled at schiphol airport as power outage hits amsterdam. https:\/\/www.theguardian.com\/world\/2015\/mar\/27\/flights-cancelled-schiphol-airport-power-outage-amsterdam. Accessed 26 June 2017"}],"container-title":["Lecture Notes in Computer Science","Measurement, Modelling and Evaluation of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-74947-1_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T15:35:18Z","timestamp":1710344118000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-74947-1_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319749464","9783319749471"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-74947-1_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"25 January 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"MMB","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Measurement, Modelling and Evaluation of Computing Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Erlangen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 February 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 February 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"mmb2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.mmb2018.de\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}