{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:59:42Z","timestamp":1773154782709,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,11]],"date-time":"2021-05-11T00:00:00Z","timestamp":1620691200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,11]]},"DOI":"10.1145\/3457388.3458868","type":"proceedings-article","created":{"date-parts":[[2021,4,29]],"date-time":"2021-04-29T22:15:17Z","timestamp":1619734517000},"page":"221-228","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["A threat model method for ICS malware"],"prefix":"10.1145","author":[{"given":"Yassine","family":"Mekdad","sequence":"first","affiliation":[{"name":"Moulay Ismail University of Meknes, Meknes, Morocco"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giuseppe","family":"Bernieri","sequence":"additional","affiliation":[{"name":"University of Padua, Padua, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[{"name":"University of Padua, Padua, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdeslam El","family":"Fergougui","sequence":"additional","affiliation":[{"name":"Moulay Ismail University of Meknes, Meknes, Morocco"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,5,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. Cuckoo Sandbox - Automated Malware Analysis. https:\/\/cuckoosandbox.org\/  2021. Cuckoo Sandbox - Automated Malware Analysis. https:\/\/cuckoosandbox.org\/"},{"key":"e_1_3_2_1_2_1","volume-title":"22. https:\/\/www.accenture.com\/t20180123T095554Z__w__\/us-en\/_acnmedia\/PDF-46\/Accenture-Security-Triton-Trisis-Threat-Analysis.pdf","author":"Accenture Threat Ananlysis","year":"2018","unstructured":"Accenture. 2018. Threat Ananlysis | Accenture . Accenture ( 2018 ), 22. https:\/\/www.accenture.com\/t20180123T095554Z__w__\/us-en\/_acnmedia\/PDF-46\/Accenture-Security-Triton-Trisis-Threat-Analysis.pdf Accenture. 2018. Threat Ananlysis | Accenture. Accenture (2018), 22. https:\/\/www.accenture.com\/t20180123T095554Z__w__\/us-en\/_acnmedia\/PDF-46\/Accenture-Security-Triton-Trisis-Threat-Analysis.pdf"},{"key":"e_1_3_2_1_3_1","volume-title":"Lee","author":"Assante Michael J.","year":"2015","unstructured":"Michael J. Assante and Robert M . Lee . 2015 . The Industrial Control System Cyber Kill Chain. SANS Institute InfoSec Reading Room ( 2015). https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/industrial-control-system-cyber-kill-chain-36297 Michael J. Assante and Robert M. Lee. 2015. The Industrial Control System Cyber Kill Chain. SANS Institute InfoSec Reading Room (2015). https:\/\/www.sans.org\/reading-room\/whitepapers\/ICS\/industrial-control-system-cyber-kill-chain-36297"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(18)30025-4"},{"key":"e_1_3_2_1_5_1","unstructured":"Matsukawa Bakuei Ryan Flores Vladimir Kropotov and Fyodor Yarochkin. 2019. Securing Smart Factories in the Era of Industry 4. 0. (2019).  Matsukawa Bakuei Ryan Flores Vladimir Kropotov and Fyodor Yarochkin. 2019. Securing Smart Factories in the Era of Industry 4. 0. (2019)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73003-5{_}71"},{"key":"e_1_3_2_1_7_1","volume-title":"The Diamond Model of Intrusion Analysis","author":"Caltagirone Sergio","year":"2013","unstructured":"Sergio Caltagirone , Andrew Pendergast , and Christopher Betz . 2013. The Diamond Model of Intrusion Analysis . Center For Cyber Intelligence Analysis and Threat Research Hanover Md . ( 2013 ), 1--61. https:\/\/apps.dtic.mil\/dtic\/tr\/fulltext\/u2\/a586960.pdf%0Ahttp:\/\/www.activeresponse.org\/wp-content\/uploads\/2013\/07\/diamond_summary.pdf Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 2013. The Diamond Model of Intrusion Analysis. Center For Cyber Intelligence Analysis and Threat Research Hanover Md. (2013), 1--61. https:\/\/apps.dtic.mil\/dtic\/tr\/fulltext\/u2\/a586960.pdf%0Ahttp:\/\/www.activeresponse.org\/wp-content\/uploads\/2013\/07\/diamond_summary.pdf"},{"key":"e_1_3_2_1_8_1","volume-title":"TRISIS Malware-Analysis of Safety System Targeted Malware. Dragos","author":"Dragos Inc. 2017.","year":"2017","unstructured":"Dragos Inc. 2017. TRISIS Malware-Analysis of Safety System Targeted Malware. Dragos ( 2017 ), 1--19. https:\/\/www.energy.senate.gov\/public\/index.cfm\/files\/serve?File_id=40B2ED59-D34E-47C3-B9E2-1E8D030C5748 Dragos Inc. 2017. TRISIS Malware-Analysis of Safety System Targeted Malware. Dragos (2017), 1--19. https:\/\/www.energy.senate.gov\/public\/index.cfm\/files\/serve?File_id=40B2ED59-D34E-47C3-B9E2-1E8D030C5748"},{"key":"e_1_3_2_1_9_1","volume-title":"Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics. 252 Int'l Conf. Security and Management SAM18","author":"Ertaul Levent","year":"2018","unstructured":"Levent Ertaul and Mina Mousa . 2018. Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics. 252 Int'l Conf. Security and Management SAM18 ( 2018 ), 252--258. Levent Ertaul and Mina Mousa. 2018. Applying the Kill Chain and Diamond Models to Microsoft Advanced Threat Analytics. 252 Int'l Conf. Security and Management SAM18 (2018), 252--258."},{"issue":"4","key":"e_1_3_2_1_10_1","first-page":"2011","article-title":"W32. Stuxnet Dossier, Symantec Security Response","volume":"1","author":"Falliere Nicolas","year":"2011","unstructured":"Nicolas Falliere , Liam O Murchu , and Eric Chien . 2011 . W32. Stuxnet Dossier, Symantec Security Response , Version 1 . 4 , February 2011 . Symantec Security Response 4, February (2011), 1--69. https:\/\/doi.org\/20September2015 Nicolas Falliere, Liam O Murchu, and Eric Chien. 2011. W32. Stuxnet Dossier, Symantec Security Response, Version 1.4, February 2011. Symantec Security Response 4, February (2011), 1--69. https:\/\/doi.org\/20September2015","journal-title":"Version"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-10543-3{_}10"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.100"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.86.1110"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jocs.2017.10.020"},{"key":"e_1_3_2_1_15_1","unstructured":"Eric D Knapp and Joel Thomas Langill. 2015. Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid SCADA and Other Industrial Control Systems. Syngress.  Eric D Knapp and Joel Thomas Langill. 2015. Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid SCADA and Other Industrial Control Systems. Syngress."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2771238"},{"key":"e_1_3_2_1_17_1","unstructured":"Koukounas Aggelos Malatras Apostolos Skouloudi Christina. 2019. INDUSTRY 4.0 CYBERSECURITY : CHALLENGES & RECOMMENDATIONS. (2019).  Koukounas Aggelos Malatras Apostolos Skouloudi Christina. 2019. INDUSTRY 4.0 CYBERSECURITY : CHALLENGES & RECOMMENDATIONS. (2019)."},{"key":"e_1_3_2_1_18_1","volume-title":"Norw. Inf. Secur. Conf.(NISK) 2014","author":"Mass Ola Fl\u00e5ten","year":"2014","unstructured":"Ola Fl\u00e5ten Mass and Soldal Lund . 2014 . How Good are Attack Trees for Modelling Advanced Cyber Threats? Norw. Inf. Secur. Conf.(NISK) 2014 (2014). Ola Fl\u00e5ten Mass and Soldal Lund. 2014. How Good are Attack Trees for Modelling Advanced Cyber Threats? Norw. Inf. Secur. Conf.(NISK) 2014 (2014)."},{"key":"e_1_3_2_1_19_1","volume-title":"Breaking Research: LockerGoga Ransomware Impacts Norsk Hydro.","author":"Labs Nozomi Networks","year":"2019","unstructured":"Nozomi Networks Labs . 2019 . Breaking Research: LockerGoga Ransomware Impacts Norsk Hydro. (2019). https:\/\/www.nozominetworks.com\/blog\/breaking-research-lockergoga-ransomware-impacts-norsk-hydro\/ Nozomi Networks Labs. 2019. Breaking Research: LockerGoga Ransomware Impacts Norsk Hydro. (2019). https:\/\/www.nozominetworks.com\/blog\/breaking-research-lockergoga-ransomware-impacts-norsk-hydro\/"},{"key":"e_1_3_2_1_20_1","first-page":"1","article-title":"InfoSec Reading Room Secure Architecture for Industrial Control Systems. SANS Institute InfoSec","volume":"1","author":"Obregon Luciana","year":"2014","unstructured":"Luciana Obregon . 2014 . InfoSec Reading Room Secure Architecture for Industrial Control Systems. SANS Institute InfoSec , GIAC (GSEC) Gold Certification 1 (2014), 1 -- 27 . Luciana Obregon. 2014. InfoSec Reading Room Secure Architecture for Industrial Control Systems. SANS Institute InfoSec, GIAC (GSEC) Gold Certification 1 (2014), 1--27.","journal-title":"GIAC (GSEC) Gold Certification"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3329786"},{"key":"e_1_3_2_1_22_1","volume-title":"TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Black-hat 2018","author":"Pinto Alessandro Di","year":"2018","unstructured":"Alessandro Di Pinto , Younes Dragoni , and Andrea Carcano . 2018 . TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Black-hat 2018 (2018). https:\/\/www.nozominetworks.com\/downloads\/US\/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf Alessandro Di Pinto, Younes Dragoni, and Andrea Carcano. 2018. TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Black-hat 2018 (2018). https:\/\/www.nozominetworks.com\/downloads\/US\/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2781562.2781567"},{"key":"e_1_3_2_1_24_1","volume-title":"The State of Industrial Cybersecurity","author":"Schwab Wolfgang","year":"2017","unstructured":"Wolfgang Schwab . 2017. The State of Industrial Cybersecurity 2017 . Scientist June (2017), 23. Wolfgang Schwab. 2017. The State of Industrial Cybersecurity 2017. Scientist June (2017), 23."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.02.149"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.01.002"},{"key":"e_1_3_2_1_27_1","volume-title":"Design and Philosophy Authors :. July","author":"Strom Blake E","year":"2018","unstructured":"Blake E Strom , Doug P Miller , Kathryn C Nickels , Adam G Pennington , and Cody B Thomas . 2018. MITRE ATT & C K\u2122 : Design and Philosophy Authors :. July ( 2018 ). Blake E Strom, Doug P Miller, Kathryn C Nickels, Adam G Pennington, and Cody B Thomas. 2018. MITRE ATT & CK\u2122 : Design and Philosophy Authors :. July (2018)."},{"key":"e_1_3_2_1_28_1","volume-title":"Contact Information, and Yara Signature","author":"Summary Executive","year":"2018","unstructured":"Executive Summary , Technical Details , Contact Information, and Yara Signature . 2018 . Malware Analysis MAR-17-352-01 HatMan --- Safety System Targeted Malware (Update A) . (2018), 1--24. Executive Summary, Technical Details, Contact Information, and Yara Signature. 2018. Malware Analysis MAR-17-352-01 HatMan --- Safety System Targeted Malware (Update A). (2018), 1--24."},{"key":"e_1_3_2_1_29_1","volume-title":"Dragonfly: Cyberespionage Attacks Against Energy Suppliers Symantec Security Response.","year":"2014","unstructured":"Symantec. 2014 . Dragonfly: Cyberespionage Attacks Against Energy Suppliers Symantec Security Response. (2014). http:\/\/www.symantec.com\/connect\/blogs\/dragonfly-western-energy-companies-under-sabotage-threat Symantec. 2014. Dragonfly: Cyberespionage Attacks Against Energy Suppliers Symantec Security Response. (2014). http:\/\/www.symantec.com\/connect\/blogs\/dragonfly-western-energy-companies-under-sabotage-threat"}],"event":{"name":"CF '21: Computing Frontiers Conference","location":"Virtual Event Italy","acronym":"CF '21","sponsor":["SIGMICRO ACM Special Interest Group on Microarchitectural Research and Processing"]},"container-title":["Proceedings of the 18th ACM International Conference on Computing Frontiers"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3457388.3458868","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3457388.3458868","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:28:07Z","timestamp":1750195687000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3457388.3458868"}},"subtitle":["the TRISIS case"],"short-title":[],"issued":{"date-parts":[[2021,5,11]]},"references-count":29,"alternative-id":["10.1145\/3457388.3458868","10.1145\/3457388"],"URL":"https:\/\/doi.org\/10.1145\/3457388.3458868","relation":{},"subject":[],"published":{"date-parts":[[2021,5,11]]},"assertion":[{"value":"2021-05-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}