{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T05:12:10Z","timestamp":1761973930103,"version":"build-2065373602"},"publisher-location":"Berlin, Heidelberg","reference-count":24,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642389979"},{"type":"electronic","value":"9783642389986"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-38998-6_8","type":"book-chapter","created":{"date-parts":[[2013,6,20]],"date-time":"2013-06-20T01:24:39Z","timestamp":1371691479000},"page":"61-72","source":"Crossref","is-referenced-by-count":15,"title":["Towards Learning Normality for Anomaly Detection in Industrial Control Networks"],"prefix":"10.1007","author":[{"given":"Franka","family":"Schuster","sequence":"first","affiliation":[]},{"given":"Andreas","family":"Paul","sequence":"additional","affiliation":[]},{"given":"Hartmut","family":"K\u00f6nig","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Schuster, F., Paul, A.: A Distributed Intrusion Detection System for Industrial Automation Networks. In: Proc. of the 17th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2012). IEEE (2012)","DOI":"10.1109\/ETFA.2012.6489703"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Hadziosmanovi\u0107, D., Bolzoni, D., Etalle, S., Hartel, P.H.: Challenges and Opportunities in Securing Industrial Control Systems. In: Proc. of the IEEE Workshop on Complexity in Engineering (COMPENG 2012). IEEE (2012)","DOI":"10.1109\/CompEng.2012.6242970"},{"key":"8_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-642-13986-4_23","volume-title":"Mechanisms for Autonomous Management of Networks and Services","author":"R.R.R. Barbosa","year":"2010","unstructured":"Barbosa, R.R.R., Pras, A.: Intrusion Detection in SCADA Networks. In: Stiller, B., De Turck, F. (eds.) AIMS 2010. LNCS, vol.\u00a06155, pp. 163\u2013166. Springer, Heidelberg (2010)"},{"key":"8_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-642-30633-4_13","volume-title":"Dependable Networks and Services","author":"R. Hofstede","year":"2012","unstructured":"Hofstede, R., Pras, A.: Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. In: Sadre, R., Novotn\u00fd, J., \u010celeda, P., Waldburger, M., Stiller, B. (eds.) AIMS 2012. LNCS, vol.\u00a07279, pp. 109\u2013112. Springer, Heidelberg (2012)"},{"key":"8_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-28537-0_13","volume-title":"Passive and Active Measurement","author":"R.R. Barbosa","year":"2012","unstructured":"Barbosa, R.R., Sadre, R., Pras, A.: Difficulties in Modeling SCADA Traffic: A Comparative Analysis. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol.\u00a07192, pp. 126\u2013135. Springer, Heidelberg (2012)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"\u00c5kerberg, J., Bj\u00f6rkman, M.: Exploring Security in PROFINET IO. In: Proc. of the 33rd Annual IEEE Intl. Computer Software and Applications Conf. (COMPSAC 2009). IEEE (2009)","DOI":"10.1109\/COMPSAC.2009.61"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Liu, Y., Ning, P., Reiter, M.K.: False Data Injection Attacks Against State Estimation in Electric Power Grids. In: Proc. of the 16th ACM Conf. on Computer and Communications Security (CCS 2009). ACM (2009)","DOI":"10.1145\/1653662.1653666"},{"key":"8_CR8","unstructured":"Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA Control System Command and Response Injection and Intrusion Detection. In: Proc. of the Fifth eCrime Researchers Summit, pp. 1\u20139. IEEE (2010)"},{"issue":"4","key":"8_CR9","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1016\/j.ijcip.2009.10.001","volume":"2","author":"I. Nai Fovino","year":"2009","unstructured":"Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A.: An Experimental Investigation of Malware Attacks on SCADA Systems. Intl. Journal of Critical Infrastructure Protection\u00a02(4), 139\u2013145 (2009)","journal-title":"Intl. Journal of Critical Infrastructure Protection"},{"key":"8_CR10","unstructured":"Jin, D., Nicol, D., Yan, G.: An Event Buffer Flooding Attack in DNP3 Controlled SCADA Systems. In: Proc. of the 2011 Winter Simulation Conf. IEEE (2011)"},{"key":"8_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/978-3-642-33338-5_18","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"D. Hadziosmanovi\u0107","year":"2012","unstructured":"Hadziosmanovi\u0107, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram Against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol.\u00a07462, pp. 354\u2013373. Springer, Heidelberg (2012)"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1007\/11553595_6","volume-title":"Image Analysis and Processing \u2013 ICIAP 2005","author":"P. Laskov","year":"2005","unstructured":"Laskov, P., D\u00fcssel, P., Sch\u00e4fer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol.\u00a03617, pp. 50\u201357. Springer, Heidelberg (2005)"},{"key":"8_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-642-14379-3_12","volume-title":"Critical Information Infrastructures Security","author":"A. Carcano","year":"2010","unstructured":"Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol.\u00a06027, pp. 138\u2013150. Springer, Heidelberg (2010)"},{"issue":"2","key":"8_CR14","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1109\/TII.2010.2099234","volume":"7","author":"A. Carcano","year":"2011","unstructured":"Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I.N., Trombetta, A.: A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. IEEE Trans. on Industrial Informatics\u00a07(2), 179\u2013186 (2011)","journal-title":"IEEE Trans. on Industrial Informatics"},{"key":"8_CR15","series-title":"IFIP AICT","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/978-3-642-04798-5_11","volume-title":"Critical Infrastructure Protection III","author":"J. Rrushi","year":"2009","unstructured":"Rrushi, J., Kang, K.D.: Detecting Anomalies in Process Control Networks. In: Palmer, C., Shenoi, S. (eds.) Critical Infrastructure Protection III. IFIP AICT, vol.\u00a0311, pp. 151\u2013165. Springer, Heidelberg (2009)"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Linda, O., Vollmer, T., Manic, M.: Neural Network based Intrusion Detection System for Critical Infrastructures. In: Proc. of the 2009 Intl. Joint Conf. on Neural Networks (IJCNN 2009), pp. 1827\u20131834. IEEE (2009)","DOI":"10.1109\/IJCNN.2009.5178592"},{"key":"8_CR17","unstructured":"Yang, D., Usynin, A., Hines, J.W.: Anomaly-based Intrusion Detection for SCADA Systems. In: Proc of the Fifth Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC\/HMIT 2006), pp. 12\u201316. Curran Associates (2006)"},{"key":"8_CR18","unstructured":"Snort: Snort 2.9.4, http:\/\/www.snort.org"},{"key":"8_CR19","unstructured":"Neumann, P., P\u00f6schmann, A.: Ethernet-based Real-time Communications with PROFINET IO. In: Proc. of the Seventh WSEAS Intl. Conf. on Automatic Control, Modeling and Simulation (ACMOS 2005), pp. 54\u201361. World Scientific and Engineering Academy and Society, WSEAS (2005)"},{"key":"8_CR20","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/4175.001.0001","volume-title":"Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond","author":"B. Sch\u00f6lkopf","year":"2001","unstructured":"Sch\u00f6lkopf, B., Smola, A.J.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT Press, Cambridge (2001)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Dougherty, J., Kohavi, R., Sahami, M.: Supervised and Unsupervised Discretization of Continuous Features. In: Proc. of the Twelfth Intl. Conf. on Machine Learning (ICML 1995), Morgan Kaufmann (1995)","DOI":"10.1016\/B978-1-55860-377-6.50032-3"},{"issue":"4","key":"8_CR22","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1023\/A:1016304305535","volume":"6","author":"H. Liu","year":"2002","unstructured":"Liu, H., Hussain, F., Tan, C.L., Dash, M.: Discretization: An Enabling Technique. Data Mining and Knowledge Discovery\u00a06(4), 393\u2013423 (2002)","journal-title":"Data Mining and Knowledge Discovery"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Peng, L., Qing, W., Yujia, G.: Study on Comparison of Discretization Methods. In: Proc. of the Intl. Conf. on Artificial Intelligence and Computational Intelligence, AICI 2009. IEEE (2009)","DOI":"10.1109\/AICI.2009.385"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Paul, A., Schuster, F., K\u00f6nig, H.: Towards the Protection of Industrial Control Systems \u2013 Conclusions of a Vulnerability Analysis of Profinet IO. Accepted for the 10th Conf. on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013 (2013)","DOI":"10.1007\/978-3-642-39235-1_10"}],"container-title":["Lecture Notes in Computer Science","Emerging Management Mechanisms for the Future Internet"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-38998-6_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T12:21:19Z","timestamp":1746015679000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-38998-6_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642389979","9783642389986"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-38998-6_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}