{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T18:32:44Z","timestamp":1770834764698,"version":"3.50.1"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,1,9]],"date-time":"2024-01-09T00:00:00Z","timestamp":1704758400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62072408"],"award-info":[{"award-number":["62072408"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Zhejiang Provincial Natural Science Foundation of China","award":["LY20F020030"],"award-info":[{"award-number":["LY20F020030"]}]},{"name":"New Century 151 Talent Project of Zhejiang Province"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Sen. Netw."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"ICPS software and hardware suffer from low update frequency, making it easier for insiders to bypass external defenses and launch concealed destructive attacks. To address these concerns, we design a device fingerprinting method based on multi-physical features, augmenting current intrusion detection techniques in the ICPS environment. In this article, we use the sorting system as an example, demonstrating that the proposed device fingerprinting technology has generality in the intrusion detection of ICPS control flow. Specifically, we first formalize the physical model of the sorting system to analyze the critical device features. Then, we extract these physical features from the sensor data collected in a physical testbed. Utilizing featurized data, we train a classifier that generates fingerprints in real-time in the production environment. Moreover, we develop a differential detection model based on device fingerprints to discover stealthy insider attacks efficiently. We evaluate the proposed method in a real-world testbed. Experiment results show that the detecting performance of classifiers approaches 100% when the the number of component types is small.<\/jats:p>","DOI":"10.1145\/3582691","type":"journal-article","created":{"date-parts":[[2023,2,20]],"date-time":"2023-02-20T11:48:38Z","timestamp":1676893718000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Detect Insider Attacks in Industrial Cyber-physical Systems Using Multi-physical Features-based Fingerprinting"],"prefix":"10.1145","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9956-3732","authenticated-orcid":false,"given":"Zhen","family":"Hong","sequence":"first","affiliation":[{"name":"Zhejiang University of Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4454-8046","authenticated-orcid":false,"given":"Lingling","family":"Lu","sequence":"additional","affiliation":[{"name":"Zhejiang University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7656-3342","authenticated-orcid":false,"given":"Dehua","family":"Zheng","sequence":"additional","affiliation":[{"name":"Zhejiang Sci-Tech University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4830-0032","authenticated-orcid":false,"given":"Jiahui","family":"Suo","sequence":"additional","affiliation":[{"name":"Zhejiang University of Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5412-1233","authenticated-orcid":false,"given":"Peng","family":"Sun","sequence":"additional","affiliation":[{"name":"Zhejiang University of Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9188-3464","authenticated-orcid":false,"given":"Raheem","family":"Beyah","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2914-912X","authenticated-orcid":false,"given":"Zhenyu","family":"Wen","sequence":"additional","affiliation":[{"name":"Zhejiang University of Technology, China"}]}],"member":"320","published-online":{"date-parts":[[2024,1,9]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"publisher","DOI":"10.1002\/dac.4706"},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.23919\/SICE.2017.8105603"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2017.89"},{"key":"e_1_3_1_5_2","volume-title":"A Basic Course in Probability Theory","author":"Bhattacharya Rabindra Nath","year":"2007","unstructured":"Rabindra Nath Bhattacharya and Edward C. Waymire. 2007. A Basic Course in Probability Theory, Vol. 69. Springer."},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162669"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2017.10.009"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.automatica.2016.04.016"},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.automatica.2016.04.016"},{"key":"e_1_3_1_10_2","volume-title":"Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS\u201916)","author":"Formby David","year":"2016","unstructured":"David Formby, Preethi Srinivasan, Andrew M. Leonard, Jonathan D. Rogers, and Raheem A. Beyah. 2016. Who\u2019s in control of your control system? Device fingerprinting for cyber-physical systems. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS\u201916). Internet Society."},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2011.5990703"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/0003-4916(60)90105-6"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.3761722"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2020.3029488"},{"key":"e_1_3_1_15_2","volume-title":"Maximum-entropy Models in Science and Engineering","author":"Kapur Jagat Narain","year":"1989","unstructured":"Jagat Narain Kapur. 1989. Maximum-entropy Models in Science and Engineering. John Wiley & Sons."},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3422369"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/2658999"},{"key":"e_1_3_1_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3536423"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2779447"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/Blockchain.2019.00074"},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.122"},{"issue":"11","key":"e_1_3_1_23_2","first-page":"b18\u2013b22","article-title":"Securing a control systems network","volume":"55","author":"Neilson C.","year":"2013","unstructured":"C. Neilson. 2013. Securing a control systems network. ASHRAE J. 55, 11 (2013), b18\u2013b22.","journal-title":"ASHRAE J."},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2509994"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2017.2725482"},{"key":"e_1_3_1_26_2","first-page":"127","volume-title":"Proceedings of the International Workshop on Formal Aspects in Security and Trust","author":"Probst Christian W.","year":"2006","unstructured":"Christian W. Probst, Ren\u00e9 Rydhof Hansen, and Flemming Nielson. 2006. Where can an insider attack? In Proceedings of the International Workshop on Formal Aspects in Security and Trust. Springer, 127\u2013142."},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2400426"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25465-X_9"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2011.2165269"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2021.3056704"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978388"},{"key":"e_1_3_1_32_2","first-page":"349","volume-title":"Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201921)","author":"Yang Youngseok","year":"2021","unstructured":"Youngseok Yang, Taesoo Kim, and Byung-Gon Chun. 2021. Finding consensus bugs in ethereum via multi-transaction differential fuzzing. In Proceedings of the 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201921). 349\u2013365."},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2013.1729"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.13195\/j.kzyjc.2019.1302"}],"container-title":["ACM Transactions on Sensor Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582691","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3582691","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:15Z","timestamp":1750183755000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3582691"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,9]]},"references-count":33,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3582691"],"URL":"https:\/\/doi.org\/10.1145\/3582691","relation":{},"ISSN":["1550-4859","1550-4867"],"issn-type":[{"value":"1550-4859","type":"print"},{"value":"1550-4867","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,9]]},"assertion":[{"value":"2022-08-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-01-25","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}