{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T15:56:28Z","timestamp":1770220588876,"version":"3.49.0"},"publisher-location":"Cham","reference-count":12,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319998428","type":"print"},{"value":"9783319998435","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99843-5_22","type":"book-chapter","created":{"date-parts":[[2018,9,8]],"date-time":"2018-09-08T11:15:01Z","timestamp":1536405301000},"page":"241-252","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["One Step More: Automatic ICS Protocol Field Analysis"],"prefix":"10.1007","author":[{"given":"Yeop","family":"Chang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seungoh","family":"Choi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jeong-Han","family":"Yun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"SinKyu","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,9,9]]},"reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Caballero, J., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317\u2013329 (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"22_CR2","unstructured":"Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: USENIX Security, pp. 199\u2013212 (2007)"},{"key":"22_CR3","doi-asserted-by":"crossref","unstructured":"Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering. In: ACM Conference on Computer and Communications Security, pp. 621\u2013634 (2009)","DOI":"10.1145\/1653662.1653737"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/978-3-642-04444-1_13","volume-title":"Computer Security \u2013 ESORICS 2009","author":"Z Wang","year":"2009","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: automatic reverse engineering of encrypted messages. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 200\u2013215. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04444-1_13"},{"key":"22_CR5","unstructured":"Li, H., Shuai, B., Wang, J., Tang, C.: Protocol feature word construction based on machine learning n-gram generation, pp. 93\u201397 (2011)"},{"key":"22_CR6","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1016\/j.comnet.2012.08.003","volume":"57","author":"J Caballero","year":"2013","unstructured":"Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Comput. Netw. 57, 451\u2013474 (2013)","journal-title":"Comput. Netw."},{"key":"22_CR7","doi-asserted-by":"publisher","first-page":"1070","DOI":"10.1016\/j.jnca.2013.01.013","volume":"36","author":"JZ Luo","year":"2013","unstructured":"Luo, J.Z., Yu, S.Z.: Position-based automatic reverse engineering of network protocols. J. Netw. Comput. Appl. 36, 1070\u20131077 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"22_CR8","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.comnet.2012.06.021","volume":"57","author":"AK Sood","year":"2013","unstructured":"Sood, A.K., Enbody, R.J., Bansal, R.: Dissecting SpyEye-Understanding the design of third generation botnets. Comput. Netw. 57, 436\u2013450 (2013)","journal-title":"Comput. Netw."},{"key":"22_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-319-15087-1_27","volume-title":"Information Security Applications","author":"S Choi","year":"2015","unstructured":"Choi, S., Chang, Y., Yun, J.-H., Kim, W.: Multivariate statistic approach to field specifications of binary protocols in SCADA system. In: Rhee, K.-H., Yi, J.H. (eds.) WISA 2014. LNCS, vol. 8909, pp. 345\u2013357. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-15087-1_27"},{"key":"22_CR10","doi-asserted-by":"crossref","unstructured":"Tao, S., Yu, H., Li, Q.: Bit-oriented format extraction approach for automatic binary protocol reverse engineering, pp. 709\u2013716 (2015)","DOI":"10.1049\/iet-com.2015.0797"},{"key":"22_CR11","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1016\/j.comcom.2016.02.015","volume":"84","author":"I Bermudez","year":"2016","unstructured":"Bermudez, I., Tongaonkar, A., Iliofotou, M., Mellia, M., Munaf, M.M.: Towards automatic protocol field inference. Comput. Commun. 84, 40\u201351 (2016)","journal-title":"Comput. Commun."},{"key":"22_CR12","doi-asserted-by":"crossref","unstructured":"Choi, K., Son, Y., Noh, J., Shin, H., Choi, J., Kim, Y.: Dissecting customized protocols: automatic analysis for customized protocols based on IEEE 802.15.4. In: ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 183\u2013193 (2016)","DOI":"10.1145\/2939918.2939921"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99843-5_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T23:46:47Z","timestamp":1661989607000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-99843-5_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319998428","9783319998435"],"references-count":12,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99843-5_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"9 September 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lucca","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 October 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}