{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T02:32:37Z","timestamp":1774319557567,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,4,14]],"date-time":"2015-04-14T00:00:00Z","timestamp":1428969600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["FP7-SEC-285477-CRISALIS"],"award-info":[{"award-number":["FP7-SEC-285477-CRISALIS"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,4,14]]},"DOI":"10.1145\/2732198.2732200","type":"proceedings-article","created":{"date-parts":[[2015,4,3]],"date-time":"2015-04-03T16:27:14Z","timestamp":1428078434000},"page":"13-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":116,"title":["Sequence-aware Intrusion Detection in Industrial Control Systems"],"prefix":"10.1145","author":[{"given":"Marco","family":"Caselli","sequence":"first","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}]},{"given":"Emmanuele","family":"Zambon","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede & SecurityMatters BV, Eindhoven, Netherlands"}]},{"given":"Frank","family":"Kargl","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands & Ulm University, Ulm, Germany"}]}],"member":"320","published-online":{"date-parts":[[2015,4,14]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.08.003"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWIA.2006.18"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26567-4_4"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2010.235"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/324119.324126"},{"key":"e_1_3_2_1_6_1","first-page":"60870","article-title":"Transmission protocols - network access for iec 60870-5-101 using standard transport profiles","author":"Telecontrol IEC","year":"2006","unstructured":"Equipment, IEC Telecontrol . Systems - part 5-104 : Transmission protocols - network access for iec 60870-5-101 using standard transport profiles . IEC Standard , 60870 , 2006 . Equipment, IEC Telecontrol. Systems - part 5-104: Transmission protocols - network access for iec 60870-5-101 using standard transport profiles. IEC Standard, 60870, 2006.","journal-title":"IEC Standard"},{"key":"e_1_3_2_1_7_1","volume-title":"Symantec Corp.","author":"Falliere N.","year":"2011","unstructured":"N. Falliere , L. O. Murchu , and E. Chien . W32. stuxnet dossier. White paper , Symantec Corp. , Security Response , 2011 . N. Falliere, L. O. Murchu, and E. Chien. W32. stuxnet dossier. White paper, Symantec Corp., Security Response, 2011."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2010.86"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.05.001"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_18"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664277"},{"issue":"6","key":"e_1_3_2_1_12_1","first-page":"497","article-title":"Anomaly detection of IP header threats","volume":"4","author":"Haris S.","year":"2011","unstructured":"S. Haris , G. M. W. Al-Saadoon , A. P. D. R. Ahmad , and M. Ghani . Anomaly detection of IP header threats . CSC International Journal of Computer Science and Security , 4 ( 6 ): 497 , 2011 . S. Haris, G. M. W. Al-Saadoon, A. P. D. R. Ahmad, and M. Ghani. Anomaly detection of IP header threats. CSC International Journal of Computer Science and Security, 4(6):497, 2011.","journal-title":"CSC International Journal of Computer Science and Security"},{"key":"e_1_3_2_1_13_1","volume-title":"Intrusion detection using sequences of system calls. Journal of computer security, 6(3):151--180","author":"Hofmeyr S. A.","year":"1998","unstructured":"S. A. Hofmeyr , S. Forrest , and A. Somayaji . Intrusion detection using sequences of system calls. Journal of computer security, 6(3):151--180 , 1998 . S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of computer security, 6(3):151--180, 1998."},{"key":"e_1_3_2_1_14_1","volume-title":"Industrial automation systems - Manufacturing Message Specification - Part 1: Service definition","author":"ISO","year":"2003","unstructured":"ISO 9506-1:2003. Industrial automation systems - Manufacturing Message Specification - Part 1: Service definition , 2003 . ISO 9506-1:2003. Industrial automation systems - Manufacturing Message Specification - Part 1: Service definition, 2003."},{"key":"e_1_3_2_1_15_1","first-page":"599","volume-title":"Network Operations and Management Symposium, 2004. NOMS 2004. IEEE\/IFIP","volume":"1","author":"Kim M.-S.","year":"2004","unstructured":"M.-S. Kim , H.-J. Kong , S.-C. Hong , S.-H. Chung , and J. W. Hong . A flow-based method for abnormal network traffic detection . In Network Operations and Management Symposium, 2004. NOMS 2004. IEEE\/IFIP , volume 1 , pages 599 -- 612 . IEEE, 2004 . M.-S. Kim, H.-J. Kong, S.-C. Hong, S.-H. Chung, and J. W. Hong. A flow-based method for abnormal network traffic detection. In Network Operations and Management Symposium, 2004. NOMS 2004. IEEE\/IFIP, volume 1, pages 599--612. IEEE, 2004."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381896.2381904"},{"key":"e_1_3_2_1_17_1","first-page":"43","volume-title":"AAAI Workshop: AI Approaches to Fraud Detection and Risk Management","author":"Lane T.","year":"1997","unstructured":"T. Lane , C. E. Brodley , Sequence matching and learning in anomaly detection for computer security . In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management , pages 43 -- 49 , 1997 . T. Lane, C. E. Brodley, et al. Sequence matching and learning in anomaly detection for computer security. In AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, pages 43--49, 1997."},{"key":"e_1_3_2_1_18_1","volume-title":"PHAD: Packet header anomaly detection for identifying hostile network traffic","author":"Mahoney M. V.","year":"2001","unstructured":"M. V. Mahoney and P. K. Chan . PHAD: Packet header anomaly detection for identifying hostile network traffic . 2001 . M. V. Mahoney and P. K. Chan. PHAD: Packet header anomaly detection for identifying hostile network traffic. 2001."},{"key":"e_1_3_2_1_19_1","first-page":"1449","volume-title":"7th IEEE World Congress on Intelligent Control and Automation","author":"Mao G.","year":"2008","unstructured":"G. Mao , J. Zhang , and X. Wu . Intrusion detection based on the short sequence model . In 7th IEEE World Congress on Intelligent Control and Automation , pages 1449 -- 1454 , 2008 . G. Mao, J. Zhang, and X. Wu. Intrusion detection based on the short sequence model. In 7th IEEE World Congress on Intelligent Control and Automation, pages 1449--1454, 2008."},{"key":"e_1_3_2_1_20_1","volume-title":"Massachusetts (www. modbus. org\/ specs. php )","author":"IDA.","year":"2004","unstructured":"Modbus, IDA. Modbus application protocol specification v1.1a. North Grafton , Massachusetts (www. modbus. org\/ specs. php ) , 2004 . Modbus, IDA. Modbus application protocol specification v1.1a. North Grafton, Massachusetts (www. modbus. org\/ specs. php ), 2004."},{"key":"e_1_3_2_1_21_1","first-page":"7","volume-title":"Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International","author":"Scheirer W.","unstructured":"W. Scheirer and M. C. Chuah . Network intrusion detection with semantics-aware capability . In Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International , pages 7 --pp. IEEE, 2006. W. Scheirer and M. C. Chuah. Network intrusion detection with semantics-aware capability. In Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International, pages 7--pp. IEEE, 2006."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586146"},{"issue":"82","key":"e_1_3_2_1_23_1","first-page":"16","article-title":"Guide to industrial control systems (ICS) security","volume":"800","author":"Stouffer K.","year":"2008","unstructured":"K. Stouffer , J. Falco , and K. Scarfone . Guide to industrial control systems (ICS) security . NIST Special Publication , 800 ( 82 ): 16 -- 16 , 2008 . K. Stouffer, J. Falco, and K. Scarfone. Guide to industrial control systems (ICS) security. NIST Special Publication, 800(82):16--16, 2008.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_24_1","volume-title":"The Commission","author":"United States President's Commission on Critical Infrastructure Protection and Marsh, Robert T. Critical Foundations","year":"1997","unstructured":"United States President's Commission on Critical Infrastructure Protection and Marsh, Robert T. Critical Foundations : Protecting America's Infrastructures: the Report . The Commission , 1997 . United States President's Commission on Critical Infrastructure Protection and Marsh, Robert T. Critical Foundations: Protecting America's Infrastructures: the Report. The Commission, 1997."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"e_1_3_2_1_27_1","volume-title":"Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems","author":"Yoon M.-K.","year":"2014","unstructured":"M.-K. Yoon and G. F. Ciocarlie . Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems . 2014 . M.-K. Yoon and G. F. Ciocarlie. Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems. 2014."}],"event":{"name":"ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security","location":"Singapore Republic of Singapore","acronym":"ASIA CCS '15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 1st ACM Workshop on Cyber-Physical System Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2732198.2732200","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2732198.2732200","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:04:09Z","timestamp":1750273449000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2732198.2732200"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,4,14]]},"references-count":27,"alternative-id":["10.1145\/2732198.2732200","10.1145\/2732198"],"URL":"https:\/\/doi.org\/10.1145\/2732198.2732200","relation":{},"subject":[],"published":{"date-parts":[[2015,4,14]]},"assertion":[{"value":"2015-04-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}