{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:57:12Z","timestamp":1773511032254,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,11,3]],"date-time":"2017-11-03T00:00:00Z","timestamp":1509667200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100006221","name":"United States - Israel Binational Science Foundation","doi-asserted-by":"publisher","award":["2016704"],"award-info":[{"award-number":["2016704"]}],"id":[{"id":"10.13039\/100006221","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Interdisciplinary Center for Cyber Research at TAU"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,11,3]]},"DOI":"10.1145\/3140241.3140245","type":"proceedings-article","created":{"date-parts":[[2017,10,31]],"date-time":"2017-10-31T14:58:58Z","timestamp":1509461938000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["A New Burst-DFA model for SCADA Anomaly Detection"],"prefix":"10.1145","author":[{"given":"Chen","family":"Markman","sequence":"first","affiliation":[{"name":"Tel Aviv University, Ramat Aviv, Israel"}]},{"given":"Avishai","family":"Wool","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Ramat Aviv, Israel"}]},{"given":"Alvaro A.","family":"Cardenas","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Richardson, TX, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17127-2_2"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1201\/b16390-12"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2012.6211945"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2012.6489745"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593242"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the International Infrastructure Survivability Workshop.","author":"Byres Eric J.","year":"2004","unstructured":"Eric J. Byres , Matthew Franz , and Darrin Miller . 2004 . The use of attack trees in assessing vulnerabilities in SCADA systems . In Proceedings of the International Infrastructure Survivability Workshop. Eric J. Byres, Matthew Franz, and Darrin Miller. 2004. The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the International Infrastructure Survivability Workshop."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2732198.2732200"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CPSNA.2013.6614240"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the SCADA Security Scientific Symposium. 127--134","author":"Cheung S.","unstructured":"S. Cheung , B. Dutertre , M. Fong , U. Lindqvist , K. Skinner , and A. Valdes . 2007. Using model-based intrusion detection for SCADA networks . In Proceedings of the SCADA Security Scientific Symposium. 127--134 . S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, and A. Valdes. 2007. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA Security Scientific Symposium. 127--134."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2015.05.001"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2016.7860524"},{"key":"e_1_3_2_1_12_1","unstructured":"N. Falliere L. O. Murchu and E. Chien. 2011. W32. stuxnet dossier. White paper Symantec Corp. Security Response (2011).  N. Falliere L. O. Murchu and E. Chien. 2011. W32. stuxnet dossier. White paper Symantec Corp. Security Response (2011)."},{"key":"e_1_3_2_1_13_1","volume-title":"24th IEEE International Conference on Advanced Information Networking and Applications (AINA). Ieee, 729--736","author":"Fovino I. N.","unstructured":"I. N. Fovino , A. Carcano , T. De Lacheze Murel, A. Trombetta, and M. Masera. 2010. Modbus\/DNP3 state-based intrusion detection system . In 24th IEEE International Conference on Advanced Information Networking and Applications (AINA). Ieee, 729--736 . I. N. Fovino, A. Carcano, T. De Lacheze Murel, A. Trombetta, and M. Masera. 2010. Modbus\/DNP3 state-based intrusion detection system. In 24th IEEE International Conference on Advanced Information Networking and Applications (AINA). Ieee, 729--736."},{"key":"e_1_3_2_1_14_1","volume-title":"1970-04. Two methods for splitting data into homogeneous groups","author":"Gilje E.","unstructured":"E. Gilje and I. Thomsen . 1970-04. Two methods for splitting data into homogeneous groups . In The Central Bureau of Statistics , Norway . http:\/\/www.ssb.no\/a\/histstat\/ano\/ano_io70_07.pdf. E. Gilje and I. Thomsen. 1970-04. Two methods for splitting data into homogeneous groups. In The Central Bureau of Statistics, Norway. http:\/\/www.ssb.no\/a\/histstat\/ano\/ano_io70_07.pdf."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.05.001"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.10"},{"key":"e_1_3_2_1_17_1","volume-title":"Stealthy Deception Attacks Against SCADA Systems. In 3rd Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS)","author":"Kleinmann Amit","year":"2017","unstructured":"Amit Kleinmann , Ori Amichay , Avishai Wool , David Tenenbaum , Ofer Bar , and Leonid Lev . 2017 . Stealthy Deception Attacks Against SCADA Systems. In 3rd Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS) . Oslo, Norway. Amit Kleinmann, Ori Amichay, Avishai Wool, David Tenenbaum, Ofer Bar, and Leonid Lev. 2017. Stealthy Deception Attacks Against SCADA Systems. In 3rd Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS). Oslo, Norway."},{"key":"e_1_3_2_1_18_1","first-page":"37","article-title":"Accurate Modeling of The Siemens kleinmann2017 SCADA Protocol For Intrusion Detection And Digital Forensic","volume":"9","author":"Kleinmann Amit","year":"2014","unstructured":"Amit Kleinmann and Avishai Wool . 2014 . Accurate Modeling of The Siemens kleinmann2017 SCADA Protocol For Intrusion Detection And Digital Forensic . JDFSL 9 , 2 (2014), 37 -- 50 . http:\/\/ojs.jdfsl.org\/index.php\/jdfsl\/article\/view\/262 Amit Kleinmann and Avishai Wool. 2014. Accurate Modeling of The Siemens kleinmann2017 SCADA Protocol For Intrusion Detection And Digital Forensic. JDFSL 9, 2 (2014), 37--50. http:\/\/ojs.jdfsl.org\/index.php\/jdfsl\/article\/view\/262","journal-title":"JDFSL"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994487.2994490"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3011018"},{"key":"e_1_3_2_1_21_1","volume-title":"Internet-facing PLCs-A New Back Orifice. In Blackhat USA","author":"Klick Johannes","year":"2015","unstructured":"Johannes Klick , Stephan Lau , Daniel Marzin , Jan-Ole Malchow , and Volker Roth . 2015 . Internet-facing PLCs-A New Back Orifice. In Blackhat USA 2015, Las Vegas, USA. Johannes Klick, Stephan Lau, Daniel Marzin, Jan-Ole Malchow, and Volker Roth. 2015. Internet-facing PLCs-A New Back Orifice. In Blackhat USA 2015, Las Vegas, USA."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_23_1","volume-title":"Die Lage der IT-Sicherheit in Deutschland","author":"Maiziere T. D.","year":"2014","unstructured":"T. D. Maiziere . 2014. Die Lage der IT-Sicherheit in Deutschland 2014 . Technical Report. Bundesamt fur Sicherheit in der Informationstechnik . https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/Lageberichte\/Lagebericht2014.pdf?__blob=publicationFile T. D. Maiziere. 2014. Die Lage der IT-Sicherheit in Deutschland 2014. Technical Report. Bundesamt fur Sicherheit in der Informationstechnik. https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/Lageberichte\/Lagebericht2014.pdf?__blob=publicationFile"},{"key":"e_1_3_2_1_24_1","volume-title":"Critical Foundations: Protecting America's Infrastructures - The Report of the President's Commission on Critical Infrastructure Protection. Technical Report.","author":"Marsh Robert T.","year":"1997","unstructured":"Robert T. Marsh . 1997 . Critical Foundations: Protecting America's Infrastructures - The Report of the President's Commission on Critical Infrastructure Protection. Technical Report. Robert T. Marsh. 1997. Critical Foundations: Protecting America's Infrastructures - The Report of the President's Commission on Critical Infrastructure Protection. Technical Report."},{"key":"e_1_3_2_1_25_1","volume-title":"1997 National Information Systems Security Conference. http:\/\/www.csl.sri.com\/papers\/emerald-niss97\/","author":"Phillip","unstructured":"Phillip A. Porras and Peter G. Neumann. 1997. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances . In 1997 National Information Systems Security Conference. http:\/\/www.csl.sri.com\/papers\/emerald-niss97\/ Phillip A. Porras and Peter G. Neumann. 1997. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In 1997 National Information Systems Security Conference. http:\/\/www.csl.sri.com\/papers\/emerald-niss97\/"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1039834.1039864"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_28_1","volume-title":"Black Hat Asia","author":"Spenneberg Ralf","unstructured":"Ralf Spenneberg , Maik Bruggemann , and Hendrik Schwartke . 2016. PLC-Blaster: A Worm Living Solely in the PLC . In Black Hat Asia , Marina Bay Sands , Singapore . Ralf Spenneberg, Maik Bruggemann, and Hendrik Schwartke. 2016. PLC-Blaster: A Worm Living Solely in the PLC. In Black Hat Asia, Marina Bay Sands, Singapore."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-82r1"},{"key":"e_1_3_2_1_30_1","volume-title":"Justin Ruths, Richard Candell, and Henrik Sandberg.","author":"Urbina David I.","year":"2016","unstructured":"David I. Urbina , Jairo Giraldo , Alvaro A. Cardenas , Junia Valente , Mustafa Faisal , Nils Ole Tippenhauer , Justin Ruths, Richard Candell, and Henrik Sandberg. 2016 . Survey and New Directions for Physics-Based Attack Detection in Control Systems . (2016). David I. Urbina, Jairo Giraldo, Alvaro A. Cardenas, Junia Valente, Mustafa Faisal, Nils Ole Tippenhauer, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Survey and New Directions for Physics-Based Attack Detection in Control Systems. (2016)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978388"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2009.5168010"},{"key":"e_1_3_2_1_33_1","volume-title":"Anomaly-Based Intrusion Detection for SCADA Systems. In 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies. 12--16","author":"Yang D.","unstructured":"D. Yang , A. Usynin , and J. W. Hines . 2006 . Anomaly-Based Intrusion Detection for SCADA Systems. In 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies. 12--16 . D. Yang, A. Usynin, and J. W. Hines. 2006. Anomaly-Based Intrusion Detection for SCADA Systems. In 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies. 12--16."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2004.823851"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3140241.3140245","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3140241.3140245","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:20Z","timestamp":1750212680000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3140241.3140245"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11,3]]},"references-count":34,"alternative-id":["10.1145\/3140241.3140245","10.1145\/3140241"],"URL":"https:\/\/doi.org\/10.1145\/3140241.3140245","relation":{},"subject":[],"published":{"date-parts":[[2017,11,3]]},"assertion":[{"value":"2017-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}