{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T03:51:57Z","timestamp":1768881117090,"version":"3.49.0"},"reference-count":46,"publisher":"ASME International","issue":"1","content-domain":{"domain":["asmedigitalcollection.asme.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,2,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Cyber-manufacturing system (CMS) is a vision of smart factories where manufacturing processes are fully integrated with computational components. In CMS, an effective intrusion detection system (IDS) is essential in protecting manufacturing operations from cyber-physical attacks. Current IDS analyses data from cyber and physical domains but produces reports separately for cyber domain and physical domain. To utilize connections between cyber and physical alerts, this paper presents a cyber-physical alert correlation method. To evaluate the method, four case studies have been developed and carried out on a CMS testbed. The experimental results demonstrate that the method can effectively reduce the number of false alerts, improve the detection accuracy, and identify root causes.<\/jats:p>","DOI":"10.1115\/1.4044208","type":"journal-article","created":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T16:30:31Z","timestamp":1562776231000},"update-policy":"https:\/\/doi.org\/10.1115\/crossmarkpolicy-asme","source":"Crossref","is-referenced-by-count":12,"title":["Alert Correlation for Detecting Cyber-Manufacturing Attacks and Intrusions"],"prefix":"10.1115","volume":"20","author":[{"given":"Mingtao","family":"Wu","sequence":"first","affiliation":[{"name":"Department of Mechanical and Aerospace Engineering, Syracuse University, 263 Link Hall, Syracuse, NY 13244"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Young B.","family":"Moon","sequence":"additional","affiliation":[{"name":"Department of Mechanical and Aerospace Engineering, Syracuse University, 263 Link Hall, Syracuse, NY 13244"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"33","published-online":{"date-parts":[[2019,9,10]]},"reference":[{"issue":"5\u20138","key":"2019110410333468000_CIT0001","doi-asserted-by":"crossref","first-page":"1365","DOI":"10.1007\/s00170-016-9428-0","article-title":"Assessing Sustainability Benefits of Cybermanufacturing Systems","volume":"90","author":"Song","year":"2017","journal-title":"Int. J. Adv. Manuf. Technol."},{"key":"2019110410333468000_CIT0002","article-title":"Implementation Strategy Industrie 4.0","author":"Bitkom","year":"2016"},{"key":"2019110410333468000_CIT0003","first-page":"1","article-title":"KCAD: Kinetic Cyber-Attack Detection Method for Cyber-Physical Additive Manufacturing Systems","author":"Chhetri","year":"2016"},{"key":"2019110410333468000_CIT0004","article-title":"Detecting Cyber-Physical Attacks in Additive Manufacturing Using Digital Audio Signing","author":"Belikovetsky"},{"key":"2019110410333468000_CIT0005","first-page":"4","article-title":"Detecting Malicious Defects in 3D Printing Process Using Machine Learning and Image Classification","author":"Wu","year":"2016"},{"key":"2019110410333468000_CIT0006","first-page":"06005","article-title":"Detecting Attacks in CyberManufacturing Systems\u202f: Additive Manufacturing Example","author":"Wu","year":"2017"},{"issue":"3","key":"2019110410333468000_CIT0007","doi-asserted-by":"crossref","first-page":"1111","DOI":"10.1007\/s10845-017-1315-5","article-title":"Detecting Cyber-Physical Attacks in CyberManufacturing Systems With Machine Learning Methods","volume":"30","author":"Wu","year":"2019","journal-title":"J. Intell. Manuf."},{"key":"2019110410333468000_CIT0008","first-page":"77","article-title":"Trojan Detection and Side-Channel Analyses for Cyber-Security in Cyber-Physical Manufacturing Systems","author":"Vincent","year":"2015"},{"key":"2019110410333468000_CIT0009","first-page":"1053","article-title":"Establishment of Intrusion Detection Testbed for CyberManufacturing Systems","author":"Wu","year":"2018"},{"key":"2019110410333468000_CIT0010","doi-asserted-by":"crossref","DOI":"10.1109\/IECON.2011.6120048","article-title":"Stuxnet Worm Impact on Industrial Cyber-Physical System Security","author":"Karnouskos","year":"2011"},{"key":"2019110410333468000_CIT0011","unstructured":"Lee, R. M., Assante, M. J., and Conway, T., 2014, SANS ICS 2014."},{"key":"2019110410333468000_CIT0012","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.jmsy.2017.05.007","article-title":"Cyber-Physical Vulnerabilities in Additive Manufacturing Systems","author":"Sturm","year":"2017","journal-title":"J. Manuf. Syst."},{"issue":"3","key":"2019110410333468000_CIT0013","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2015.60","article-title":"Bad Parts: Are Our Manufacturing Systems at Risk of Silent Cyberattacks?","volume":"13","author":"Turner","year":"2015","journal-title":"IEEE Secur. Priv."},{"key":"2019110410333468000_CIT0014","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.jmsy.2017.05.007","article-title":"Cyber-Physical Vulnerabilities in Additive Manufacturing Systems: A Case Study Attack on the. STL File With Human Subjects","volume":"44","author":"Sturm","year":"2017","journal-title":"J. Manuf. Syst."},{"key":"2019110410333468000_CIT0015","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.ijcip.2015.12.004","article-title":"Using 3D Printers as Weapons","volume":"14","author":"Yampolskiy","year":"2016","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"2019110410333468000_CIT0016","article-title":"dr0wned\u2014Cyber-Physical Attack with Additive Manufacturing","author":"Belikovetsky","year":"2017"},{"issue":"3","key":"2019110410333468000_CIT0017","first-page":"45","article-title":"Taxonomies for Reasoning About Cyber-Physical Attacks in IoT-Based Manufacturing Systems","volume":"4","author":"Pan","year":"2017","journal-title":"Int. J. Interact. Multimed. Artif. Intell."},{"issue":"4","key":"2019110410333468000_CIT0018","doi-asserted-by":"crossref","first-page":"55:1","DOI":"10.1145\/2542049","article-title":"A Survey of Intrusion Detection Techniques for Cyber-Physical Systems","volume":"46","author":"Mitchell","year":"2014","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"2019110410333468000_CIT0019","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.jnca.2012.09.004","article-title":"Intrusion Detection System: A Comprehensive Review","volume":"36","author":"Liao","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"key":"2019110410333468000_CIT0020","unstructured":"Debar, H.\n          , \u201cWhat is behavior based Intrusion Detection?,\u201d SANS, 2017, https:\/\/www.researchgate.net\/publication\/228589845_An_Introduction_to_Intrusion-Detection_Systems"},{"key":"2019110410333468000_CIT0021","unstructured":"Minnick, J.\n          , \u201cThe Biggest Cybersecurity Problems Facing Manufacturing in 2016,\u201d https:\/\/www.manufacturing.net\/article\/2016\/01\/biggest-cybersecurity-problems-facing-manufacturing-2016"},{"key":"2019110410333468000_CIT0022","first-page":"126","article-title":"Through the Eye of the PLC","author":"Had\u017eiosmanovi\u0107","year":"2014"},{"issue":"4","key":"2019110410333468000_CIT0023","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3203245","article-title":"A Survey of Physics-Based Attack Detection in Cyber-Physical Systems","volume":"51","author":"Giraldo","year":"2018","journal-title":"ACM Comput. Surv."},{"issue":"B","key":"2019110410333468000_CIT0024","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1016\/j.mfglet.2017.12.009","article-title":"DACDI (Define, Audit, Correlate, Disclose, and Improve) Framework to Address Cyber-Manufacturing Attacks and Intrusions","volume":"15","author":"Wu","year":"2018","journal-title":"Manuf. Lett."},{"issue":"5","key":"2019110410333468000_CIT0025","doi-asserted-by":"crossref","first-page":"1289","DOI":"10.1016\/j.comnet.2012.10.022","article-title":"A Model-Based Survey of Alert Correlation Techniques","volume":"57","author":"Salah","year":"2013","journal-title":"Comput. Networks"},{"issue":"3","key":"2019110410333468000_CIT0026","doi-asserted-by":"crossref","first-page":"031007","DOI":"10.1115\/1.4042053","article-title":"Intrusion Detection System for Cyber-Manufacturing System","volume":"141","author":"Wu","year":"2019","journal-title":"ASME J. Manuf. Sci. Eng."},{"issue":"1\u20132","key":"2019110410333468000_CIT0027","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2008.08.003","article-title":"Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges","volume":"28","author":"Garc\u00eda-Teodoro","year":"2009","journal-title":"Comput. Secur."},{"key":"2019110410333468000_CIT0028","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2014.12.003","article-title":"Intrusion Alert Prioritisation and Attack Detection Using Post-Correlation Analysis","volume":"50","author":"Shittu","year":"2015","journal-title":"Comput. Secur."},{"issue":"4","key":"2019110410333468000_CIT0029","doi-asserted-by":"crossref","first-page":"520","DOI":"10.1007\/s10489-012-0383-7","article-title":"An Intrusion Detection and Alert Correlation Approach Based on Revising Probabilistic Classifiers Using Expert Knowledge","volume":"38","author":"Benferhat","year":"2013","journal-title":"Appl. Intell."},{"key":"2019110410333468000_CIT0030","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Adv. Intrusion Detect.","author":"Valdes","year":"2001"},{"key":"2019110410333468000_CIT0031","doi-asserted-by":"crossref","DOI":"10.1117\/12.820000","article-title":"Feature-based Alert Correlation in Security Systems Using Self Organizing Maps","author":"Kumar","year":"2009"},{"key":"2019110410333468000_CIT0032","volume-title":"Dissertation: A Probabilistic-Based Framework for INFOSEC Alert Correlation","author":"Qin","year":"2005"},{"key":"2019110410333468000_CIT0033","first-page":"379","article-title":"Real-time Alert Stream Clustering and Correlation for Discovering Attack Strategies","author":"Jie","year":"2008"},{"key":"2019110410333468000_CIT0034","doi-asserted-by":"crossref","DOI":"10.1016\/j.promfg.2019.06.197","article-title":"Alert Correlation for Cyber-Manufacturing Intrusion Detection","author":"Wu","year":"2019"},{"key":"2019110410333468000_CIT0035","first-page":"229","article-title":"Snort: Lightweight Intrusion Detection for Networks","author":"Roesch","year":"1999"},{"issue":"6","key":"2019110410333468000_CIT0036","first-page":"901","article-title":"Intrusion Detection Tools and Techniques\u2013A Survey","volume":"2","author":"Karthikeyan","year":"2010","journal-title":"Int. J. Comput. Theory Eng."},{"key":"2019110410333468000_CIT0037","first-page":"308","article-title":"Using Unsupervised Learning for Network Alert Correlation","author":"Smith","year":"2008"},{"key":"2019110410333468000_CIT0038","first-page":"170","article-title":"Alert Correlation Using Correlation Probability Estimation and Time Windows","author":"Ahmadinejad","year":"2009"},{"key":"2019110410333468000_CIT0039","unstructured":"Debar, H., Curry, D., and Feinstein, B.,2007, https:\/\/tools.ietf.org\/html\/rfc4765."},{"key":"2019110410333468000_CIT0040","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1007\/978-0-387-34890-2_26","volume-title":"Integrated Network Management IV","author":"Jakobson","year":"1995"},{"key":"2019110410333468000_CIT0041","first-page":"833","article-title":"Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World","author":"Bilge","year":"2012"},{"key":"2019110410333468000_CIT0042","doi-asserted-by":"crossref","DOI":"10.1109\/APWCCSE.2014.7053873","article-title":"Detecting SQL Injection Attacks Using SNORT IDS","author":"Alnabulsi","year":"2014"},{"key":"2019110410333468000_CIT0043","first-page":"367","article-title":"Taxonomy of Cross-Domain Attacks on CyberManufacturing System","author":"Wu","year":"2017"},{"key":"2019110410333468000_CIT0044","article-title":"CyberRadar: A Regression Analysis Approach to the Identification of Cyber-Physical Mappings in Process Control Systems","author":"Rrushi","year":"2008"},{"issue":"7","key":"2019110410333468000_CIT0045","doi-asserted-by":"crossref","first-page":"1872","DOI":"10.1007\/s11837-016-1937-7","article-title":"Manufacturing and Security Challenges in 3D Printing","volume":"68","author":"Zeltmann","year":"2016","journal-title":"J. Miner. Met. Mater. Soc."},{"key":"2019110410333468000_CIT0046","first-page":"895","article-title":"My Smartphone Knows What You Print\u202f: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers","author":"Song","year":"2016"}],"container-title":["Journal of Computing and Information Science in Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4044208\/6437419\/jcise_20_1_011004.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/doi\/10.1115\/1.4044208\/6437419\/jcise_20_1_011004.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,4]],"date-time":"2019-11-04T15:33:52Z","timestamp":1572881632000},"score":1,"resource":{"primary":{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article\/doi\/10.1115\/1.4044208\/955170\/Alert-Correlation-for-Detecting-CyberManufacturing"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,10]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,2,1]]}},"URL":"https:\/\/doi.org\/10.1115\/1.4044208","relation":{},"ISSN":["1530-9827","1944-7078"],"issn-type":[{"value":"1530-9827","type":"print"},{"value":"1944-7078","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,10]]},"article-number":"011004"}}