{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:06:13Z","timestamp":1771063573564,"version":"3.50.1"},"reference-count":92,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1736114"],"award-info":[{"award-number":["U1736114"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Basic Research Program of China","doi-asserted-by":"publisher","award":["2017YFB0802805"],"award-info":[{"award-number":["2017YFB0802805"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/access.2020.2976745","type":"journal-article","created":{"date-parts":[[2020,2,27]],"date-time":"2020-02-27T22:16:57Z","timestamp":1582841817000},"page":"83842-83857","source":"Crossref","is-referenced-by-count":20,"title":["Machine Learning Methods for Industrial Protocol Security Analysis: Issues, Taxonomy, and Directions"],"prefix":"10.1109","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6644-8348","authenticated-orcid":false,"given":"Jiaping","family":"Men","sequence":"first","affiliation":[]},{"given":"Zhuo","family":"Lv","sequence":"additional","affiliation":[]},{"given":"Xiaojun","family":"Zhou","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3688-873X","authenticated-orcid":false,"given":"Zhen","family":"Han","sequence":"additional","affiliation":[]},{"given":"Hequn","family":"Xian","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5092-0329","authenticated-orcid":false,"given":"Ya-Nan","family":"Song","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/INDIN.2018.8472054"},{"key":"ref72","year":"0","journal-title":"Wireshark A Free Open Source Network Protocol Detection and Analysis Program"},{"key":"ref71","year":"0","journal-title":"Freemodbus"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/3140241.3140254"},{"key":"ref76","article-title":"Security in process: Detecting attacks in industrial process data","author":"duque anton","year":"2019","journal-title":"arXiv 1909 03730"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/IWMN.2019.8805036"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2013.105"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2008.06.002"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.23919\/SOFTCOM.2019.8903672"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.05.005"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3232818"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2912022"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2019.07.008"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-018-0803-6"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-017-0446-0"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.01.019"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2009.06.040"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLC.2004.1378514"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2019.2903186"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2918139"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406311"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2007.147"},{"key":"ref61","year":"0","journal-title":"Ics Security Information"},{"key":"ref63","first-page":"1","article-title":"The Dolev-Yao intruder is the most powerful attacker","volume":"1","author":"cervesato","year":"2001","journal-title":"Proc 16th Annu Symp Comput Sci"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2014.2353996"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ITNEC.2016.7560424"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2020.2968505"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2019.00016"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.23919\/AE.2017.8053600"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.04.041"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/ICOMSSC45026.2018.8941772"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28920-0_8"},{"key":"ref69","author":"agostin","year":"0","journal-title":"Defense-in-Depth or How to Secure Industrial Control System Critical Infrastructure"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2746266.2746268"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/BSC.2018.8494686"},{"key":"ref20","article-title":"Security considerations in SCADA communication protocols","author":"graham","year":"2004"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2459976.2459982"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00143"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/CoDIT.2017.8102661"},{"key":"ref23","first-page":"48","article-title":"Recent advances in PLC attack and protection technology","volume":"4","author":"xu","year":"2019","journal-title":"J Cyber Secur"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101604"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2835654"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-28648-6_105"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/I-SPAN.2009.49"},{"key":"ref92","first-page":"3","article-title":"The use of attack trees in assessing vulnerabilities in scada systems","author":"byres","year":"2004","journal-title":"International Infrastructure Survivability Workshop"},{"key":"ref91","first-page":"186","article-title":"Foundations of attack trees","author":"mauw","year":"2005","journal-title":"Proc Int Conf Inf Security Cryptol"},{"key":"ref90","first-page":"21","article-title":"Attack trees","volume":"24","author":"schneier","year":"1999","journal-title":"Dr Dobb&#x2019;s J"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMA.2012.125"},{"key":"ref58","first-page":"791","article-title":"Specification mining for intrusion detection in networked control systems","author":"caselli","year":"2016","journal-title":"Proc 25th Usenix Security Symp"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.14"},{"key":"ref56","article-title":"Stuxnet malware analysis paper","author":"thabet","year":"2011"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3337065"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2847447"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.02.003"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2017.2777990"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/PSCE.2009.4840120"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2667190.2667196"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2019.09.024"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966959"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/NPSC.2016.7858908"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2007.381952"},{"key":"ref15","first-page":"27","article-title":"Towards Improving SCADA Control Systems Security with Vulnerability Analysis","author":"cagalaban","year":"2010","journal-title":"Proc Int Conf Parallel Distrib Comput Netw"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ICIAI.2019.8850828"},{"key":"ref16","article-title":"LZfuzz: A fast compression-based fuzzer for poorly documented protocols","author":"bratus","year":"2008"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI.2015.22"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2931061"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2016.12"},{"key":"ref18","first-page":"345","article-title":"Multivariate statistic approach to field specifications of binary protocols in SCADA system","author":"choi","year":"2014","journal-title":"Proc Int Workshop Inf Secur Appl"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/GreenCom.2012.127"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ReTIS.2011.6146884"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/GloSIC.2018.8570073"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007465528199"},{"key":"ref4","first-page":"557","article-title":"Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol","author":"yoo","year":"2016","journal-title":"Proc IEEE Int Conf Smart Grid Commun (SmartGridComm)"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2695664.2695835"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ANTS.2016.7947865"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745438"},{"key":"ref85","author":"naghavi","year":"2003","journal-title":"From vulnerable plaque to vulnerable patient A call for new definitions risk assessment strategies Part II"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/s40012-013-0013-5"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/TR.1985.5222114"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1155\/2012\/268478"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2008.04.006"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007469218079"},{"key":"ref88","first-page":"577","article-title":"The infinite hidden Markov model","author":"beal","year":"2002","journal-title":"Proc Adv Neural Inf Process Syst"},{"key":"ref9","first-page":"138","article-title":"State-based network intrusion detection systems for SCADA protocols: A proof of concept","author":"carcano","year":"2009","journal-title":"Proc Int Workshop Critical Inf Infrastruct Secur"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2016.10.023"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2013.146"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2014.0353"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36938-5_24"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87481-2_41"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2007.10.010"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2014.06.018"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.73"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8948470\/09016234.pdf?arnumber=9016234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:51:55Z","timestamp":1639770715000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9016234\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":92,"URL":"https:\/\/doi.org\/10.1109\/access.2020.2976745","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}