{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T05:31:34Z","timestamp":1778823094144,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,8,27]],"date-time":"2018-08-27T00:00:00Z","timestamp":1535328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,8,27]]},"DOI":"10.1145\/3230833.3232818","type":"proceedings-article","created":{"date-parts":[[2018,8,13]],"date-time":"2018-08-13T12:29:48Z","timestamp":1534163388000},"page":"1-9","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":78,"title":["Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus\/TCP Data Set"],"prefix":"10.1145","author":[{"given":"Simon Duque","family":"Anton","sequence":"first","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for Artificial Intelligence, Kaiserslautern, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suneetha","family":"Kanoor","sequence":"additional","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for Artificial Intelligence, Kaiserslautern, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Fraunholz","sequence":"additional","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for Artificial Intelligence, Kaiserslautern, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hans Dieter","family":"Schotten","sequence":"additional","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for Artificial Intelligence, Kaiserslautern, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,8,27]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. Package rpart. 2018. Package rpart."},{"key":"e_1_3_2_1_2_1","volume-title":"An efficient k-means clustering algorithm. Electrical Engineering and Computer Science (January","author":"Alsabti Khaled","year":"1997","unstructured":"Khaled Alsabti , Sanjay Ranka , and Vineet Singh . 1997. An efficient k-means clustering algorithm. Electrical Engineering and Computer Science (January 1997 ). Khaled Alsabti, Sanjay Ranka, and Vineet Singh. 1997. An efficient k-means clustering algorithm. Electrical Engineering and Computer Science (January 1997)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1080\/00031305.1992.10475879","article-title":"An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression","volume":"46","author":"Altman N. S.","year":"1992","unstructured":"N. S. Altman . 1992 . An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression . The American Statistician 46 , 3 (August 1992), 175--185. N. S. Altman. 1992. An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression. The American Statistician 46, 3 (August 1992), 175--185.","journal-title":"The American Statistician"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.052213.00046"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1080\/00140139508925269"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/130385.130401"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022627411411"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1987.232894"},{"key":"e_1_3_2_1_10_1","volume-title":"d.}. Control Techniques Drives and Controls Handbook","author":"Drury Bill","unstructured":"Bill Drury . {n. d.}. Control Techniques Drives and Controls Handbook ( 2 nd ed.). Institution of Engineering and Technology . Bill Drury. {n. d.}. Control Techniques Drives and Controls Handbook (2nd ed.). Institution of Engineering and Technology.","edition":"2"},{"key":"e_1_3_2_1_11_1","volume-title":"Two Decades of SCADA Exploitation: A Brief History","author":"Anton Simon Duque","year":"2017","unstructured":"Simon Duque Anton , Daniel Fraunholz , Christoph Lipps , Frederic Pohl , Marc Zimmermann , and Hans Dieter Schotten . 2017. Two Decades of SCADA Exploitation: A Brief History . In IEEE Conference on Applications, Information and Network Security (AINS). IEEE Conference on Applications, Information and Network Security (AINS- 2017 ), November 13-14, Miri, Sarawak, Malaysia. IEEE Computer Science Chapter Malaysia, IEEE Press . Simon Duque Anton, Daniel Fraunholz, Christoph Lipps, Frederic Pohl, Marc Zimmermann, and Hans Dieter Schotten. 2017. Two Decades of SCADA Exploitation: A Brief History. In IEEE Conference on Applications, Information and Network Security (AINS). IEEE Conference on Applications, Information and Network Security (AINS-2017), November 13-14, Miri, Sarawak, Malaysia. IEEE Computer Science Chapter Malaysia, IEEE Press."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CTTE.2017.8260938"},{"key":"e_1_3_2_1_13_1","volume-title":"9th Central European Workshop on Services and their Composition. Central European Workshop on Services and their Composition (ZEUS-2017), February 13-14","author":"Anton Simon Duque","unstructured":"Simon Duque Anton , Daniel Fraunholz , Janis Zemitis , Frederic Pohl , and Hans Dieter Schotten . 2017. Highly Scalable and Flexible Model for Effective Aggregation of Context-based Data in Generic IIoT Scenarios . In 9th Central European Workshop on Services and their Composition. Central European Workshop on Services and their Composition (ZEUS-2017), February 13-14 , Lugano, Switzerland , Oliver Kopp, J\u00c3\u0171rg Lenhard, and Cesare Pautasso (Eds.). CEUR Workshop Proceedings , 51--58. Simon Duque Anton, Daniel Fraunholz, Janis Zemitis, Frederic Pohl, and Hans Dieter Schotten. 2017. Highly Scalable and Flexible Model for Effective Aggregation of Context-based Data in Generic IIoT Scenarios. In 9th Central European Workshop on Services and their Composition. Central European Workshop on Services and their Composition (ZEUS-2017), February 13-14, Lugano, Switzerland, Oliver Kopp, J\u00c3\u0171rg Lenhard, and Cesare Pautasso (Eds.). CEUR Workshop Proceedings, 51--58."},{"key":"e_1_3_2_1_14_1","unstructured":"EtherCAT Technology Group. 1991. EtherCAT - The Ethernet Fieldbus. (1991). https:\/\/www.ethercat.org\/default.htm EtherCAT Technology Group. 1991. EtherCAT - The Ethernet Fieldbus. (1991). https:\/\/www.ethercat.org\/default.htm"},{"key":"e_1_3_2_1_15_1","unstructured":"Python Software Foundation. {n. d.}. Python. ({n. d.}). https:\/\/www.python.org\/ Python Software Foundation. {n. d.}. Python. ({n. d.}). https:\/\/www.python.org\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2017.8074855"},{"key":"e_1_3_2_1_17_1","volume-title":"Towards Deployment Strategies for Deception Systems. Advances in Science, Technology and Engineering Systems Journal (ASTESJ) Special Issue on Recent Advances in Engineering Systems 2017 (July","author":"Fraunholz Daniel","year":"2017","unstructured":"Daniel Fraunholz , Marc Zimmermann , and Hans Dieter Schotten . 2017. Towards Deployment Strategies for Deception Systems. Advances in Science, Technology and Engineering Systems Journal (ASTESJ) Special Issue on Recent Advances in Engineering Systems 2017 (July 2017 ), 1272--1279. Daniel Fraunholz, Marc Zimmermann, and Hans Dieter Schotten. 2017. Towards Deployment Strategies for Deception Systems. Advances in Science, Technology and Engineering Systems Journal (ASTESJ) Special Issue on Recent Advances in Engineering Systems 2017 (July 2017), 1272--1279."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2012.06.015"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1740954.1741118"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.10"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.03.001"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"e_1_3_2_1_23_1","volume-title":"Security and Law","volume":"9","author":"Kleinmann Amit","year":"2014","unstructured":"Amit Kleinmann and Avishai Wool . 2014 . Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics. In Journal of Digital Forensics , Security and Law , Vol. 9 . Amit Kleinmann and Avishai Wool. 2014. Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics. In Journal of Digital Forensics, Security and Law, Vol. 9."},{"key":"e_1_3_2_1_24_1","volume-title":"Providing SCADA Network Data Sets for Intrusion Detection Research. In 9th Workshop on Cyber Security Experimentation and Test (CSET 16)","author":"Lemay Antoine","unstructured":"Antoine Lemay and Jose M. Fernandez . 2016 . Providing SCADA Network Data Sets for Intrusion Detection Research. In 9th Workshop on Cyber Security Experimentation and Test (CSET 16) . USENIX Association, Austin, TX. https:\/\/www.usenix.org\/conference\/cset16\/workshop-program\/presentation\/lemay Antoine Lemay and Jose M. Fernandez. 2016. Providing SCADA Network Data Sets for Intrusion Detection Research. In 9th Workshop on Cyber Security Experimentation and Test (CSET 16). USENIX Association, Austin, TX. https:\/\/www.usenix.org\/conference\/cset16\/workshop-program\/presentation\/lemay"},{"key":"e_1_3_2_1_25_1","first-page":"5","article-title":"Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network","volume":"4","author":"Mantere Matti","year":"2013","unstructured":"Matti Mantere , Mirko Sailio , and Sami Noponen . 2013 . Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network . Future Internet 4 , 5 (September 2013), 460--473. Matti Mantere, Mirko Sailio, and Sami Noponen. 2013. Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network. Future Internet 4, 5 (September 2013), 460--473.","journal-title":"Future Internet"},{"key":"e_1_3_2_1_26_1","unstructured":"Mathworks. {n. d.}. Simulation and Model-Based Design. ({n. d.}). https:\/\/www.mathworks.com\/products\/simulink.html Mathworks. {n. d.}. Simulation and Model-Based Design. ({n. d.}). https:\/\/www.mathworks.com\/products\/simulink.html"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Ankush Meshram and Christian Haas. 2016. Anomaly Detection in Industrial Networks using Machine Learning: A Roadmap. In Machine Learning for Cyber Physical Systems. 65--72. Ankush Meshram and Christian Haas. 2016. Anomaly Detection in Industrial Networks using Machine Learning: A Roadmap. In Machine Learning for Cyber Physical Systems. 65--72.","DOI":"10.1007\/978-3-662-53806-7_8"},{"key":"e_1_3_2_1_28_1","unstructured":"Modbus. 2012. MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b3. (2012). http:\/\/www.modbus.org\/docs\/Modbus_Application_Protocol_V1_1b3.pdf Modbus. 2012. MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b3. (2012). http:\/\/www.modbus.org\/docs\/Modbus_Application_Protocol_V1_1b3.pdf"},{"key":"e_1_3_2_1_29_1","unstructured":"Modbus-IDA. 2006. MODBUS MESSAGING ON TCP\/IP IMPLEMENTATION GUIDE V1.0b. (2006). http:\/\/www.modbus.org\/docs\/Modbus_Messaging_Implementation_Guide_V1_0b.pdf Modbus-IDA. 2006. MODBUS MESSAGING ON TCP\/IP IMPLEMENTATION GUIDE V1.0b. (2006). http:\/\/www.modbus.org\/docs\/Modbus_Messaging_Implementation_Guide_V1_0b.pdf"},{"key":"e_1_3_2_1_30_1","unstructured":"MODICON Inc. 1996. (1996). http:\/\/www.modbus.org\/docs\/PI_MBUS_300.pdf MODICON Inc. 1996. (1996). http:\/\/www.modbus.org\/docs\/PI_MBUS_300.pdf"},{"key":"e_1_3_2_1_31_1","volume-title":"Industrial Control System Traffic Data Sets for Intrusion Detection Research","author":"Morris Thomas","unstructured":"Thomas Morris and Wei Gao . 2014. Industrial Control System Traffic Data Sets for Intrusion Detection Research . Springer Berlin Heidelberg , Berlin, Heidelberg , 65--78. Thomas Morris and Wei Gao. 2014. Industrial Control System Traffic Data Sets for Intrusion Detection Research. Springer Berlin Heidelberg, Berlin, Heidelberg, 65--78."},{"key":"e_1_3_2_1_32_1","unstructured":"Morris Thomas. {n. d.}. Industrial Control System (ICS) Cyber Attack Datasets. ({n. d.}). https:\/\/sites.google.com\/a\/uah.edu\/tommy-morris-uah\/ics-data-sets Morris Thomas. {n. d.}. Industrial Control System (ICS) Cyber Attack Datasets. ({n. d.}). https:\/\/sites.google.com\/a\/uah.edu\/tommy-morris-uah\/ics-data-sets"},{"key":"e_1_3_2_1_33_1","volume-title":"Olson and Delen Dursun. {n. d.}. Advanced Data Mining Techniques","author":"David","unstructured":"David L. Olson and Delen Dursun. {n. d.}. Advanced Data Mining Techniques . Springer . David L. Olson and Delen Dursun. {n. d.}. Advanced Data Mining Techniques. Springer."},{"key":"e_1_3_2_1_34_1","volume-title":"https:\/\/opcfoundation.org\/developer-tools\/specifications-unified-architecture\/part-1-overview-and-concepts","author":"Foundation OPC","year":"2017","unstructured":"OPC Foundation . 2017. Unified Architecture . ( 2017 ). https:\/\/opcfoundation.org\/developer-tools\/specifications-unified-architecture\/part-1-overview-and-concepts OPC Foundation. 2017. Unified Architecture. (2017). https:\/\/opcfoundation.org\/developer-tools\/specifications-unified-architecture\/part-1-overview-and-concepts"},{"key":"e_1_3_2_1_35_1","unstructured":"PROFIBUS. 2017. PROFINET Specification. (2017). http:\/\/www.profibus.com\/nc\/download\/specifications-standards\/downloads\/profinet-io-specification\/display\/ PROFIBUS. 2017. PROFINET Specification. (2017). http:\/\/www.profibus.com\/nc\/download\/specifications-standards\/downloads\/profinet-io-specification\/display\/"},{"key":"e_1_3_2_1_36_1","unstructured":"The Bro Project. {n. d.}. The Bro Network Security Monitor. ({n. d.}). https:\/\/www.bro.org\/ The Bro Project. {n. d.}. The Bro Network Security Monitor. ({n. d.}). https:\/\/www.bro.org\/"},{"key":"e_1_3_2_1_37_1","unstructured":"Rapid7. {n. d.}. metasploit. ({n. d.}). https:\/\/www.metasploit.com\/ Rapid7. {n. d.}. metasploit. ({n. d.}). https:\/\/www.metasploit.com\/"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2004.843247"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/0377-0427(87)90125-7"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Schneider Electric. 2017. Life Is On. (2017). https:\/\/www.schneider-electric.fr\/fr\/ Schneider Electric. 2017. Life Is On. (2017). https:\/\/www.schneider-electric.fr\/fr\/","DOI":"10.26537\/neutroaterra.v0i14.420"},{"key":"e_1_3_2_1_41_1","unstructured":"Jan Seidl. {n. d.}. VirtuaPlant. ({n. d.}). https:\/\/wroot.org\/posts\/introducing-virtuaplant-0-1\/ Jan Seidl. {n. d.}. VirtuaPlant. ({n. d.}). https:\/\/wroot.org\/posts\/introducing-virtuaplant-0-1\/"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETC.2013.2287188"},{"key":"e_1_3_2_1_43_1","unstructured":"Snort. {n. d.}. Snort. ({n. d.}). https:\/\/www.snort.org\/ Snort. {n. d.}. Snort. ({n. d.}). https:\/\/www.snort.org\/"},{"key":"e_1_3_2_1_44_1","unstructured":"The R Foundation. {n. d.}. The R Project for Statistical Computing. ({n. d.}). https:\/\/www.r-project.org\/ The R Foundation. {n. d.}. The R Project for Statistical Computing. ({n. d.}). https:\/\/www.r-project.org\/"},{"key":"e_1_3_2_1_45_1","unstructured":"The University of Utah. {n. d.}. emulab total network testbed. ({n. d.}). http:\/\/www.emulab.net\/ The University of Utah. {n. d.}. emulab total network testbed. ({n. d.}). http:\/\/www.emulab.net\/"},{"key":"e_1_3_2_1_46_1","volume-title":"Package e1071. TU Wien","author":"TU","unstructured":"TU Wien 2017. Package e1071. TU Wien , Probability Theory Group (Formerly : E1071). TU Wien 2017. Package e1071. TU Wien, Probability Theory Group (Formerly: E1071)."},{"key":"e_1_3_2_1_47_1","volume-title":"Package randomForest","author":"University of Berkeley 2015.","unstructured":"University of Berkeley 2015. Package randomForest . University of Berkeley . University of Berkeley 2015. Package randomForest. University of Berkeley."},{"key":"e_1_3_2_1_48_1","unstructured":"University of California Irvine (UCI). 1999. KDD Cup 1999 Data. (1999). http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html University of California Irvine (UCI). 1999. KDD Cup 1999 Data. (1999). http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"},{"key":"e_1_3_2_1_49_1","unstructured":"C.J. van Rijsbergen. 1979. Information Retrieval. (1979). C.J. van Rijsbergen. 1979. Information Retrieval. (1979)."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMTMA.2010.603"},{"key":"e_1_3_2_1_51_1","volume-title":"International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology. 797--803","author":"Yang Dayu","unstructured":"Dayu Yang , Alexander Usynin , and J. Wesley Hines . 2006. Anomaly-based intrusion detection for SCADA systems. In 5 . International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology. 797--803 . Dayu Yang, Alexander Usynin, and J. Wesley Hines. 2006. Anomaly-based intrusion detection for SCADA systems. In 5. International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology. 797--803."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"}],"event":{"name":"ARES 2018: International Conference on Availability, Reliability and Security","location":"Hamburg Germany","acronym":"ARES 2018","sponsor":["Universit\u00e4t Hamburg Universit\u00e4t Hamburg"]},"container-title":["Proceedings of the 13th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230833.3232818","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3230833.3232818","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:07:50Z","timestamp":1750212470000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230833.3232818"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,27]]},"references-count":52,"alternative-id":["10.1145\/3230833.3232818","10.1145\/3230833"],"URL":"https:\/\/doi.org\/10.1145\/3230833.3232818","relation":{},"subject":[],"published":{"date-parts":[[2018,8,27]]},"assertion":[{"value":"2018-08-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}