{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T15:23:04Z","timestamp":1780672984003,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,9]],"date-time":"2021-08-09T00:00:00Z","timestamp":1628467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,9]]},"DOI":"10.1145\/3474718.3474722","type":"proceedings-article","created":{"date-parts":[[2021,9,7]],"date-time":"2021-09-07T16:42:08Z","timestamp":1631032928000},"page":"41-48","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":31,"title":["Probabilistic Attack Sequence Generation and Execution Based on MITRE ATT&CK for ICS Datasets"],"prefix":"10.1145","author":[{"given":"Seungoh","family":"Choi","sequence":"first","affiliation":[{"name":"The Affiliated Institute of ETRI, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jeong-Han","family":"Yun","sequence":"additional","affiliation":[{"name":"The Affiliated Institute of ETRI, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Byung-Gil","family":"Min","sequence":"additional","affiliation":[{"name":"The Affiliated Institute of ETRI, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,9,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"An Analysis of LockerGoga Ransomware. In 2019 IEEE East-West Design Test Symposium (EWDTS). 1\u20135. https:\/\/doi.org\/10","author":"Adamov Alexander","year":"2019","unstructured":"Alexander Adamov , Anders Carlsson , and Tomasz Surmacz . 2019 . An Analysis of LockerGoga Ransomware. In 2019 IEEE East-West Design Test Symposium (EWDTS). 1\u20135. https:\/\/doi.org\/10 .1109\/EWDTS.2019.8884472 10.1109\/EWDTS.2019.8884472 Alexander Adamov, Anders Carlsson, and Tomasz Surmacz. 2019. An Analysis of LockerGoga Ransomware. In 2019 IEEE East-West Design Test Symposium (EWDTS). 1\u20135. https:\/\/doi.org\/10.1109\/EWDTS.2019.8884472"},{"key":"e_1_3_2_1_2_1","volume-title":"Design and Philosophy. Technical Papers MP01055863","author":"Alexander Otis","unstructured":"Otis Alexander , Misha Belisle , Miller, and Jacob Steele . 2020. MITRE ATT&CK for Industrial Control Systems : Design and Philosophy. Technical Papers MP01055863 . MITRE Corporation . Otis Alexander, Misha Belisle, Miller, and Jacob Steele. 2020. MITRE ATT&CK for Industrial Control Systems: Design and Philosophy. Technical Papers MP01055863. MITRE Corporation."},{"key":"e_1_3_2_1_4_1","volume-title":"Simple steps to protect yourself from the Conficker Worm. Retrieved","author":"Broadbent Carissa","year":"2021","unstructured":"Carissa Broadbent . 2015. Simple steps to protect yourself from the Conficker Worm. Retrieved May 1, 2021 from https:\/\/knowledge.broadcom.com\/external\/article?legacyId=tech93179 Carissa Broadbent. 2015. Simple steps to protect yourself from the Conficker Worm. Retrieved May 1, 2021 from https:\/\/knowledge.broadcom.com\/external\/article?legacyId=tech93179"},{"key":"e_1_3_2_1_5_1","volume-title":"Telling the Full Story with the MITRE ATT&CK for ICS Framework. Retrieved","author":"Broadbent Carissa","year":"2021","unstructured":"Carissa Broadbent . 2020. Telling the Full Story with the MITRE ATT&CK for ICS Framework. Retrieved May 1, 2021 from https:\/\/cyberx-labs.com\/blog\/telling-the-full-story-with-the-mitre-attck-for-ics-framework\/ Carissa Broadbent. 2020. Telling the Full Story with the MITRE ATT&CK for ICS Framework. Retrieved May 1, 2021 from https:\/\/cyberx-labs.com\/blog\/telling-the-full-story-with-the-mitre-attck-for-ics-framework\/"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/3485754.3485756"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3405447"},{"key":"e_1_3_2_1_8_1","volume-title":"An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security","author":"Deloglos Christopher","unstructured":"Christopher Deloglos , Carl Elks , and Ashraf Tantawy . 2020. An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security . In Computer Safety, Reliability, and Security, Ant\u00f3nio Casimiro, Frank Ortmeier, Friedemann Bitsch, and Pedro Ferreira (Eds.). Springer International Publishing , Cham , 150\u2013163. Christopher Deloglos, Carl Elks, and Ashraf Tantawy. 2020. An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security. In Computer Safety, Reliability, and Security, Ant\u00f3nio Casimiro, Frank Ortmeier, Friedemann Bitsch, and Pedro Ferreira (Eds.). Springer International Publishing, Cham, 150\u2013163."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/DS-RT50469.2020.9213690"},{"key":"e_1_3_2_1_13_1","volume-title":"Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved","author":"Hanel Alexander","year":"2021","unstructured":"Alexander Hanel . 2019. Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 1, 2021 from https:\/\/www.crowdstrike.com\/blog\/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware\/ Alexander Hanel. 2019. Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 1, 2021 from https:\/\/www.crowdstrike.com\/blog\/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware\/"},{"key":"e_1_3_2_1_14_1","volume-title":"WannaCry on industrial networks: error correction. Retrieved","author":"Kaspersky ICS-CERT.","year":"2021","unstructured":"Kaspersky ICS-CERT. 2017. WannaCry on industrial networks: error correction. Retrieved May 1, 2021 from https:\/\/ics-cert.kaspersky.com\/reports\/2017\/06\/22\/wannacry-on-industrial-networks\/ Kaspersky ICS-CERT. 2017. WannaCry on industrial networks: error correction. Retrieved May 1, 2021 from https:\/\/ics-cert.kaspersky.com\/reports\/2017\/06\/22\/wannacry-on-industrial-networks\/"},{"key":"e_1_3_2_1_15_1","volume-title":"Retrieved","author":"Industroyer CK","year":"2021","unstructured":"Kaspersky. 2020. ATT& CK for ICS: Industroyer . Retrieved May 1, 2021 from https:\/\/www.kaspersky.com\/enterprise-security\/mitre\/industroyer Kaspersky. 2020. ATT&CK for ICS: Industroyer. Retrieved May 1, 2021 from https:\/\/www.kaspersky.com\/enterprise-security\/mitre\/industroyer"},{"key":"e_1_3_2_1_17_1","volume-title":"VPNFilter Update - VPNFilter exploits endpoints, targets new devices. Retrieved","author":"Largent William","year":"2021","unstructured":"William Largent . 2018. VPNFilter Update - VPNFilter exploits endpoints, targets new devices. Retrieved May 1, 2021 from https:\/\/blog.talosintelligence.com\/2018\/06\/vpnfilter-update.html William Largent. 2018. VPNFilter Update - VPNFilter exploits endpoints, targets new devices. Retrieved May 1, 2021 from https:\/\/blog.talosintelligence.com\/2018\/06\/vpnfilter-update.html"},{"key":"e_1_3_2_1_18_1","unstructured":"Yamila Levalle. 2020. Understanding ATT&CK for Industrial Control Systems (Part II). Retrieved May 1 2021 from https:\/\/dreamlab.net\/en\/blog\/post\/understanding-attck-for-industrial-control-systems-part-ii-1\/  Yamila Levalle. 2020. Understanding ATT&CK for Industrial Control Systems (Part II). Retrieved May 1 2021 from https:\/\/dreamlab.net\/en\/blog\/post\/understanding-attck-for-industrial-control-systems-part-ii-1\/"},{"key":"e_1_3_2_1_19_1","volume-title":"Bad Rabbit ransomware. Retrieved","author":"Mamedov Orkhan","year":"2021","unstructured":"Orkhan Mamedov , Fedor Sinitsyn , and Fedor Ivanov . 2017. Bad Rabbit ransomware. Retrieved May 1, 2021 from https:\/\/securelist.com\/bad-rabbit-ransomware\/82851\/ Orkhan Mamedov, Fedor Sinitsyn, and Fedor Ivanov. 2017. Bad Rabbit ransomware. Retrieved May 1, 2021 from https:\/\/securelist.com\/bad-rabbit-ransomware\/82851\/"},{"key":"e_1_3_2_1_20_1","unstructured":"Doug Miller Ron Alford Andy Applebaum Henry Foster Caleb Little and Blake\u00a0E. Strom. 2018. Automated Adversary Emulation : A Case for Planning and Acting with Unknowns.  Doug Miller Ron Alford Andy Applebaum Henry Foster Caleb Little and Blake\u00a0E. Strom. 2018. Automated Adversary Emulation : A Case for Planning and Acting with Unknowns."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2019.8870147"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASSP.1986.1165342"},{"key":"e_1_3_2_1_23_1","volume-title":"Implementation of Programmable CPS Testbed for Anomaly Detection. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19)","author":"Shin Hyeok-Ki","year":"2019","unstructured":"Hyeok-Ki Shin , Woomyo Lee , Jeong-Han Yun , and HyoungChun Kim . 2019 . Implementation of Programmable CPS Testbed for Anomaly Detection. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19) . USENIX Association. https:\/\/www.usenix.org\/conference\/cset19\/presentation\/shin Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun, and HyoungChun Kim. 2019. Implementation of Programmable CPS Testbed for Anomaly Detection. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19). USENIX Association. https:\/\/www.usenix.org\/conference\/cset19\/presentation\/shin"},{"key":"e_1_3_2_1_24_1","volume-title":"13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20)","author":"Shin Hyeok-Ki","year":"2020","unstructured":"Hyeok-Ki Shin , Woomyo Lee , Jeong-Han Yun , and HyoungChun Kim . 2020 . HAI 1.0: HIL-based Augmented ICS Security Dataset . In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20) . USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/shin Hyeok-Ki Shin, Woomyo Lee, Jeong-Han Yun, and HyoungChun Kim. 2020. HAI 1.0: HIL-based Augmented ICS Security Dataset. In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/shin"},{"key":"e_1_3_2_1_27_1","first-page":"1","article-title":"PLC-blaster: A worm living solely in the PLC","volume":"16","author":"Spenneberg Ralf","year":"2016","unstructured":"Ralf Spenneberg , Maik Br\u00fcggemann , and Hendrik Schwartke . 2016 . PLC-blaster: A worm living solely in the PLC . Black Hat Asia 16 (2016), 1 \u2013 16 . Ralf Spenneberg, Maik Br\u00fcggemann, and Hendrik Schwartke. 2016. PLC-blaster: A worm living solely in the PLC. Black Hat Asia 16(2016), 1\u201316.","journal-title":"Black Hat Asia"},{"key":"e_1_3_2_1_28_1","volume-title":"Design and philosophy. Technical Papers MP180360","author":"Strom E.","unstructured":"Blake\u00a0 E. Strom , Andy Applebaum , Doug\u00a0 P Miller , Kathryn\u00a0 C Nickels , Adam\u00a0 G Pennington , and Cody\u00a0 B Thomas . 2018. MITRE ATT&CK : Design and philosophy. Technical Papers MP180360 . MITRE Corporation . Blake\u00a0E. Strom, Andy Applebaum, Doug\u00a0P Miller, Kathryn\u00a0C Nickels, Adam\u00a0G Pennington, and Cody\u00a0B Thomas. 2018. MITRE ATT&CK: Design and philosophy. Technical Papers MP180360. MITRE Corporation."},{"key":"e_1_3_2_1_30_1","volume-title":"Technical Report. Retrieved","year":"2021","unstructured":"Symantec. 2011. W32.Duqu. Technical Report. Retrieved May 1, 2021 from https:\/\/docs.broadcom.com\/doc\/w32-duqu-11-en Symantec. 2011. W32.Duqu. Technical Report. Retrieved May 1, 2021 from https:\/\/docs.broadcom.com\/doc\/w32-duqu-11-en"},{"key":"e_1_3_2_1_31_1","volume-title":"13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20)","author":"Takahashi Yusuke","year":"2020","unstructured":"Yusuke Takahashi , Shigeyoshi Shima , Rui Tanabe , and Katsunari Yoshioka . 2020 . APTGen: An Approach towards Generating Practical Dataset Labelled with Targeted Attack Sequences . In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20) . USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/takahashi Yusuke Takahashi, Shigeyoshi Shima, Rui Tanabe, and Katsunari Yoshioka. 2020. APTGen: An Approach towards Generating Practical Dataset Labelled with Targeted Attack Sequences. In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association. https:\/\/www.usenix.org\/conference\/cset20\/presentation\/takahashi"},{"key":"e_1_3_2_1_32_1","volume-title":"Advanced Threat Analytics security research network technical analysis: NotPetya. Retrieved","author":"Team Microsoft\u00a0Security","year":"2021","unstructured":"Microsoft\u00a0Security Team . 2017. Advanced Threat Analytics security research network technical analysis: NotPetya. Retrieved May 1, 2021 from https:\/\/www.microsoft.com\/security\/blog\/2017\/10\/03\/advanced-threat-analytics-security-research-network-technical-analysis-notpetya\/ Microsoft\u00a0Security Team. 2017. Advanced Threat Analytics security research network technical analysis: NotPetya. Retrieved May 1, 2021 from https:\/\/www.microsoft.com\/security\/blog\/2017\/10\/03\/advanced-threat-analytics-security-research-network-technical-analysis-notpetya\/"},{"key":"e_1_3_2_1_33_1","volume-title":"Security flaws in software-based PLC enable remote code execution on Windows box. Retrieved","author":"Claroty\u00a0Research Team The","year":"2021","unstructured":"The Claroty\u00a0Research Team . 2020. Security flaws in software-based PLC enable remote code execution on Windows box. Retrieved May 1, 2021 from https:\/\/www.claroty.com\/2020\/05\/14\/security-flaws-in-software-based-plc-enable-remote-code-execution-on-windows-box\/ The Claroty\u00a0Research Team. 2020. Security flaws in software-based PLC enable remote code execution on Windows box. Retrieved May 1, 2021 from https:\/\/www.claroty.com\/2020\/05\/14\/security-flaws-in-software-based-plc-enable-remote-code-execution-on-windows-box\/"},{"key":"e_1_3_2_1_34_1","volume-title":"Security and Privacy in Communication Networks, Songqing Chen, Kim-Kwang\u00a0Raymond Choo","author":"Ullah Sharif","unstructured":"Sharif Ullah , Sachin Shetty , Anup Nayak , Amin Hassanzadeh , and Kamrul Hasan . 2019. Cyber Threat Analysis Based on Characterizing Adversarial Behavior for Energy Delivery System . In Security and Privacy in Communication Networks, Songqing Chen, Kim-Kwang\u00a0Raymond Choo , Xinwen Fu, Wenjing Lou, and Aziz Mohaisen (Eds.). Springer International Publishing , Cham , 146\u2013160. Sharif Ullah, Sachin Shetty, Anup Nayak, Amin Hassanzadeh, and Kamrul Hasan. 2019. Cyber Threat Analysis Based on Characterizing Adversarial Behavior for Energy Delivery System. In Security and Privacy in Communication Networks, Songqing Chen, Kim-Kwang\u00a0Raymond Choo, Xinwen Fu, Wenjing Lou, and Aziz Mohaisen (Eds.). Springer International Publishing, Cham, 146\u2013160."},{"key":"e_1_3_2_1_35_1","volume-title":"Lessons in Purple Teaming with ATT&CK. Retrieved","author":"Wyleczuk-Stern Daniel","year":"2021","unstructured":"Daniel Wyleczuk-Stern and Matt Southworth . 2019. Lessons in Purple Teaming with ATT&CK. Retrieved July 4, 2021 from https:\/\/www.slideshare.net\/attackcon2018\/mitre-attckcon-20-lessons-in-purple-team-testing-with-mitre-attck-daniel-wyleczukstern-praetorian-and-matt-southworth-priceline Daniel Wyleczuk-Stern and Matt Southworth. 2019. Lessons in Purple Teaming with ATT&CK. Retrieved July 4, 2021 from https:\/\/www.slideshare.net\/attackcon2018\/mitre-attckcon-20-lessons-in-purple-team-testing-with-mitre-attck-daniel-wyleczukstern-praetorian-and-matt-southworth-priceline"},{"key":"e_1_3_2_1_36_1","volume-title":"Cyber Attack and Defense Emulation Agents. Applied Sciences 10, 6","author":"Yoo Jeong\u00a0Do","year":"2020","unstructured":"Jeong\u00a0Do Yoo , Eunji Park , Gyungmin Lee , Myung\u00a0Kil Ahn , Donghwa Kim , Seongyun Seo , and Huy\u00a0Kang Kim . 2020. Cyber Attack and Defense Emulation Agents. Applied Sciences 10, 6 ( 2020 ). https:\/\/doi.org\/10.3390\/app10062140 10.3390\/app10062140 Jeong\u00a0Do Yoo, Eunji Park, Gyungmin Lee, Myung\u00a0Kil Ahn, Donghwa Kim, Seongyun Seo, and Huy\u00a0Kang Kim. 2020. Cyber Attack and Defense Emulation Agents. Applied Sciences 10, 6 (2020). https:\/\/doi.org\/10.3390\/app10062140"}],"event":{"name":"CSET '21: Cyber Security Experimentation and Test Workshop","location":"Virtual CA USA","acronym":"CSET '21"},"container-title":["Cyber Security Experimentation and Test Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474718.3474722","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3474718.3474722","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:11:46Z","timestamp":1750191106000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3474718.3474722"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,9]]},"references-count":28,"alternative-id":["10.1145\/3474718.3474722","10.1145\/3474718"],"URL":"https:\/\/doi.org\/10.1145\/3474718.3474722","relation":{},"subject":[],"published":{"date-parts":[[2021,8,9]]},"assertion":[{"value":"2021-09-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}