{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T02:38:00Z","timestamp":1768271880094,"version":"3.49.0"},"reference-count":57,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100000015","name":"U.S. Department of Energy","doi-asserted-by":"publisher","award":["DEOE0000779"],"award-info":[{"award-number":["DEOE0000779"]}],"id":[{"id":"10.13039\/100000015","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Smart Grid"],"published-print":{"date-parts":[[2023,7]]},"DOI":"10.1109\/tsg.2022.3222261","type":"journal-article","created":{"date-parts":[[2022,11,15]],"date-time":"2022-11-15T20:39:19Z","timestamp":1668544759000},"page":"3058-3071","source":"Crossref","is-referenced-by-count":7,"title":["HELOT\u2013Hunting Evil Life in Operational Technology"],"prefix":"10.1109","volume":"14","author":[{"given":"Syed","family":"Akailvi","sequence":"first","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]},{"given":"Uddhav","family":"Gautam","sequence":"additional","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]},{"given":"Praveshika","family":"Bhandari","sequence":"additional","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8524-4404","authenticated-orcid":false,"given":"Hadi","family":"Rashid","sequence":"additional","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0226-8329","authenticated-orcid":false,"given":"Philip D.","family":"Huff","sequence":"additional","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6700-6413","authenticated-orcid":false,"given":"Jan P.","family":"Springer","sequence":"additional","affiliation":[{"name":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"}]}],"member":"263","reference":[{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.012"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"},{"key":"ref12","first-page":"1","article-title":"Using model-based intrusion detection for SCADA networks","volume":"12","author":"cheung","year":"2007","journal-title":"Proc SCADA Security Sci Symp"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2018.2828832"},{"key":"ref15","year":"2022","journal-title":"Diffy Visual regression testing made easy"},{"key":"ref14","year":"2022","journal-title":"Collecting GRR artifacts"},{"key":"ref53","first-page":"253","article-title":"SCADA live forensics: Real time data acquisition process to detect, prevent or evaluate critical situations","volume":"9","author":"taveras","year":"2013","journal-title":"Eur Sci J"},{"key":"ref52","first-page":"98","article-title":"Developing cyber forensics for SCADA industrial control systems","author":"stirland","year":"2014","journal-title":"Proc Int Conf Inf Security Cyber Forensics Soc Digit Inf Wireless Commun"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TPWRD.2014.2300099"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920307"},{"key":"ref54","first-page":"12","article-title":"Anomaly-based intrusion detection for SCADA systems","author":"yang","year":"2006","journal-title":"Proc 5th Int Topical Meeting Nucl Plant Instrum Controls Human Mach Interface Technol"},{"key":"ref17","year":"2022","journal-title":"Journal of Elasticity"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.04.003"},{"key":"ref19","year":"2022","journal-title":"EXPECT"},{"key":"ref18","year":"2022","journal-title":"ELK stack"},{"key":"ref51","year":"2022","journal-title":"Splunk documentation"},{"key":"ref50","year":"2022","journal-title":"SNORT"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_3"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-012-0160-5"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/MELCON.2014.6820573"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.08.020"},{"key":"ref42","year":"2022","journal-title":"Protocol Buffers"},{"key":"ref41","first-page":"353","article-title":"EMERALD: Event monitoring enabling response to anomalous live disturbances","volume":"3","author":"porras","year":"1997","journal-title":"Proc 20th Nat Inf Syst Security Conf"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2179298.2179325"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1113034.1113074"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781107298019"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966959"},{"key":"ref7","year":"2022","journal-title":"BigQuery"},{"key":"ref9","year":"2022","journal-title":"Cellebrite"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TPAS.1979.319407"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.07.005"},{"key":"ref6","author":"beaver","year":"2014","journal-title":"Industrial control system (ics) cyber attack datasets"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13986-4_23"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2443793"},{"key":"ref35","year":"2022","journal-title":"Modbus"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2017.8170757"},{"key":"ref37","year":"2022","journal-title":"OASIS Cyber Threat Intelligence (CTI) TC"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2242890"},{"key":"ref31","year":"2010"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2007.1"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1049\/el.2014.2897"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2576898"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.325"},{"key":"ref1","year":"2022","journal-title":"AFF4&#x2014;The advanced forensics file format"},{"key":"ref39","first-page":"2825","article-title":"Scikit-learn: Machine learning in python","volume":"12","author":"pedregosa","year":"2011","journal-title":"J Mach Learn Res"},{"key":"ref38","year":"2022","journal-title":"OpenText EnCase forensic"},{"key":"ref24","author":"gospodnetic","year":"2004","journal-title":"Lucene in Action"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.05.001"},{"key":"ref26","author":"greenberg","year":"2019","journal-title":"Cellebrite says it can unlock any iPhone for cops"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSA.2016.7503281"},{"key":"ref20","year":"2022","journal-title":"Filebeat"},{"key":"ref22","year":"2022","journal-title":"Forensic toolkit"},{"key":"ref21","year":"2022","journal-title":"FleeatSpeak"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.03.007"},{"key":"ref27","year":"2022","journal-title":"GRR documentation"},{"key":"ref29","author":"hale","year":"2019","journal-title":"Scale Standardize or Normalize With Scikit-Learn"}],"container-title":["IEEE Transactions on Smart Grid"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/5165411\/10158941\/09951382.pdf?arnumber=9951382","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T19:24:31Z","timestamp":1689017071000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9951382\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7]]},"references-count":57,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tsg.2022.3222261","relation":{},"ISSN":["1949-3053","1949-3061"],"issn-type":[{"value":"1949-3053","type":"print"},{"value":"1949-3061","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7]]}}}