{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T00:05:26Z","timestamp":1759104326187,"version":"3.44.0"},"reference-count":71,"publisher":"IEEE","license":[{"start":{"date-parts":[[2019,11,1]],"date-time":"2019-11-01T00:00:00Z","timestamp":1572566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,11,1]],"date-time":"2019-11-01T00:00:00Z","timestamp":1572566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,11]]},"DOI":"10.1109\/iccd46524.2019.00012","type":"proceedings-article","created":{"date-parts":[[2020,2,10]],"date-time":"2020-02-10T21:59:38Z","timestamp":1581371978000},"page":"20-28","source":"Crossref","is-referenced-by-count":8,"title":["Stealthy Rootkits in Smart Grid Controllers"],"prefix":"10.1109","author":[{"given":"Prashanth","family":"Krishnamurthy","sequence":"first","affiliation":[{"name":"NYU Tandon School of Engineering"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hossein","family":"Salehghaffari","sequence":"additional","affiliation":[{"name":"NYU Tandon School of Engineering"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shiva","family":"Duraisamy","sequence":"additional","affiliation":[{"name":"NYU Tandon School of Engineering"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ramesh","family":"Karri","sequence":"additional","affiliation":[{"name":"NYU Tandon School of Engineering"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Farshad","family":"Khorrami","sequence":"additional","affiliation":[{"name":"NYU Tandon School of Engineering"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref71","article-title":"Anomaly detection in realtime multi-threaded processes using hardware performance counters","author":"krishnamurthy","year":"2019","journal-title":"IEEE Transaction on Information Forensics and Security"},{"journal-title":"Papi - the performance application programming interface","year":"0","key":"ref70"},{"journal-title":"unhide forensic tool","year":"0","key":"ref39"},{"journal-title":"rkhunter rootkit hunter","year":"0","key":"ref38"},{"journal-title":"Detecting Kernel Rootkits","year":"2007","author":"wampler","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73742-3_6"},{"key":"ref31","article-title":"Unix and linux based rootkits techniques and countermeasures","author":"bunten","year":"2004","journal-title":"Forum of Incident Response and Security Teams"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2017.8038393"},{"journal-title":"bedevil Linux LD_PRELOAD rootkit","year":"0","key":"ref37"},{"journal-title":"Diamorphine Linux kernel module rootkit","year":"0","key":"ref36"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.25.866"},{"key":"ref34","article-title":"Horse pill: A new kind of linux rootkit","author":"leibowitz","year":"2016","journal-title":"Black Hat USA"},{"key":"ref60","doi-asserted-by":"crossref","first-page":"180","DOI":"10.1049\/iet-cps.2017.0033","article-title":"Gps spoofing effect on phase angle monitoring and control in an RTDS based hardware-in-the-loop environment","volume":"2","author":"musleh","year":"2017","journal-title":"IET Cyber-Phys Syst Theory Appl"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2018.8342128"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2833063"},{"key":"ref63","article-title":"Ge Multilin SR protective relays passcode vulnerability","author":"keliris","year":"2017","journal-title":"Black Hat USA"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2017.8323953"},{"journal-title":"pvbrowser HMI and SCADA","year":"0","key":"ref64"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2019.23074"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.epsr.2011.01.021"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/PES.2007.385733"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.05.001"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2010.5470400"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/COMPENG.2010.10"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1049\/iet-gtd.2014.1016"},{"key":"ref2","first-page":"5","article-title":"Challenges for securing cyber physical systems","author":"cardenas","year":"2009","journal-title":"Workshop on Future Directions in Cyber-physical Systems Security"},{"key":"ref1","article-title":"Research challenges for the security of control systems","author":"c\u00e1rdenas","year":"2008","journal-title":"Proc Usenix Workshop Hot Topics in Security"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/GHTC.2014.6970342"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/CTC.2010.9"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1698750.1698752"},{"key":"ref23","first-page":"122","article-title":"Rootkit attacks and protection: a case study of teaching network security","volume":"26","author":"arnold","year":"2011","journal-title":"Journal of Computing Sciences in Colleges"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23313"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2019.8715080"},{"key":"ref50","article-title":"Anomaly detection for malware identification using hardware performance counters","author":"garcia-serrano","year":"2015","journal-title":"arXiv preprint arXiv 1508 07482"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TMSCS.2016.2569467"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/CQR.2015.7129084"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijepes.2017.01.016"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2015.2432013"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/NAPS.2006.359615"},{"key":"ref55","article-title":"RAPPER: Ransomware prevention via performance counters","author":"alam","year":"2018","journal-title":"arXiv preprint arXiv 1802 03395"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.23919\/TRONSHOW.2017.8275073"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052999"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/VLSID.2016.115"},{"journal-title":"ICS cybersecurity Water water everywhere","year":"2011","author":"blask","key":"ref10"},{"journal-title":"Mysterious '08 Turkey pipeline blast opened new cyberwar","year":"2014","author":"robertson","key":"ref11"},{"journal-title":"chkrootkit tool to check for signs of a rootkit","year":"0","key":"ref40"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.2172\/911775"},{"journal-title":"Feds Hacker disabled offshore oil platforms' leak-detection system","year":"2009","author":"kravets","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MSPEC.2013.6471059"},{"journal-title":"Cyberattack on german steel plant caused significant damage","year":"2014","author":"kovacs","key":"ref15"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2015.2512235"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TEST.2016.7805855"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.ifacol.2017.08.178"},{"journal-title":"OpenPLC (Open Source PLC)","year":"0","key":"ref19"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2016.2594178"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997498"},{"key":"ref6","volume":"5","author":"falliere","year":"2011","journal-title":"W32 stuxnet Dossier"},{"key":"ref5","first-page":"213","article-title":"The myths and facts behind cyber security risks for industrial control systems","volume":"116","author":"byres","year":"2004","journal-title":"Proceedings of the VDE Kongress"},{"journal-title":"NCCIC\/ICS-CERT Year in Review – 2015","year":"2015","key":"ref8"},{"journal-title":"ICS-CERT year in review – 2014","year":"2014","key":"ref7"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ICCKE.2014.6993402"},{"journal-title":"ICS-CERT Year in Review","year":"2016","key":"ref9"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2015.2474374"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2857055"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_6"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2485922.2485970"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2093511"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2046582.2046596"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2463209.2488831"},{"key":"ref43","first-page":"1","article-title":"CFIMon: Detecting violation of control flow integrity using performance counters","author":"xia","year":"2012","journal-title":"Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks"}],"event":{"name":"2019 IEEE 37th International Conference on Computer Design (ICCD)","start":{"date-parts":[[2019,11,17]]},"location":"Abu Dhabi, United Arab Emirates","end":{"date-parts":[[2019,11,20]]}},"container-title":["2019 IEEE 37th International Conference on Computer Design (ICCD)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8970097\/8988587\/08988665.pdf?arnumber=8988665","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T00:46:43Z","timestamp":1755910003000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8988665\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11]]},"references-count":71,"URL":"https:\/\/doi.org\/10.1109\/iccd46524.2019.00012","relation":{},"subject":[],"published":{"date-parts":[[2019,11]]}}}