{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T10:50:05Z","timestamp":1761130205741,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3709017.3737710","type":"proceedings-article","created":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T16:18:38Z","timestamp":1752596318000},"page":"64-73","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Critical IEC 61850 MMS Feature Selection for ML-Driven IDS"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-9555-5974","authenticated-orcid":false,"given":"Kishan","family":"Baranwal","sequence":"first","affiliation":[{"name":"Indian Institute of Science, Bengaluru, Karnataka, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1810-6416","authenticated-orcid":false,"given":"Haresh","family":"Dagale","sequence":"additional","affiliation":[{"name":"Indian Institute of Science, Bengaluru, Karnataka, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7160-2638","authenticated-orcid":false,"given":"Vikas","family":"Bishnoi","sequence":"additional","affiliation":[{"name":"Power Grid Corporation of India Limited, Gurugram, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,8,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alex scroxton. 2017. CrashOverride Malware. https:\/\/www.cisa.gov\/news-events\/alerts\/2017\/06\/12\/crashoverride-malware. [Online]."},{"key":"e_1_3_2_1_2_1","unstructured":"Alex scroxton. 2022. Sandworm rolls out Industroyer2 malware against Ukraine. https:\/\/www.computerweekly.com\/news\/252515855\/Sandworm-rolls-out-Industroyer2-malware-against-Ukraine. [Online]."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Souradeep Bhattacharya Nazmus Saqib and Manimaran Govindarasu. 2024. ML-based Anomaly Detection System for IEC 61850 Communication in Substations. 1--5. doi:10.1109\/PESGM51994.2024.10688773","DOI":"10.1109\/PESGM51994.2024.10688773"},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/github.com\/CSCRC-SCREED\/QUT-ZSS- 2023-Simulation Accessed","author":"Simulation CSCRC-SCREED.","year":"2025","unstructured":"CSCRC-SCREED. 2024. QUT-ZSS-2023-Simulation. https:\/\/github.com\/CSCRC-SCREED\/QUT-ZSS- 2023-Simulation Accessed: March 16, 2025."},{"key":"e_1_3_2_1_5_1","unstructured":"Antonin Delhomme Livinus Nweke and Sule Yildirim Yayilgan. 2024. Detecting Denial of Service Attacks in Smart Grids Using Machine Learning: A Study of IEC 61850 Protocols."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.14090146"},{"key":"e_1_3_2_1_7_1","unstructured":"OMICRON electronics. 2025. IEDScout. https:\/\/www.omicronenergy.com\/en\/products\/iedscout\/ Accessed: 2025-05-31."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","unstructured":"M. Elrawy L. Hadjidemetriou C. Laoudias and M. K. Michael. 2023. Datasets of Man-in-the-Middle Attacks Targeting Modbus TCP\/IP and MMS Protocols in the Smart Grid. doi:10.5281\/zenodo.8375657","DOI":"10.5281\/zenodo.8375657"},{"key":"e_1_3_2_1_9_1","unstructured":"ESET. 2017. Industroyer\/CrashOverride - A New Threat to the Power Grid. https:\/\/www.welivesecurity.com\/2017\/06\/12\/industroyer-biggest-threat-industrial-control-systems-since-stuxnet\/. [Online]."},{"volume-title":"Machine Learning-Based Feature Selection for Intrusion Detection Systems in IEC 61850-Based Digital Substations. Bachelor's thesis","author":"Eynawi Ahmad","key":"e_1_3_2_1_10_1","unstructured":"Ahmad Eynawi. 2024. Machine Learning-Based Feature Selection for Intrusion Detection Systems in IEC 61850-Based Digital Substations. Bachelor's thesis, Karlsruhe Institute of Technology. Available: https:\/\/gitlab.com\/ahmad.en\/machine-learning-based-feature-selection-for-intrusion-detection-systems-in-digital-substations."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","unstructured":"Ahmad Eynawi Aneeqa Mumrez Ghada Elbez and V. Hagenmeyer. 2024. Machine Learning-Based Feature Selection for Intrusion Detection Systems in IEC 61850-Based Digital Substations. 1--7. doi:10.1109\/SmartGridComm60555.2024.10738031","DOI":"10.1109\/SmartGridComm60555.2024.10738031"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","unstructured":"Ziran Gao Mahesh Illindala and Jiankang Wang. 2023. Intrusion Detection System with Updated Structure and Feature Selection Algorithm for Man-In-The-Middle Attacks in the Smart Grid. In 2023 IEEE Industry Applications Society Annual Meeting (IAS). 1--6. doi:10.1109\/IAS54024.2023.10406766","DOI":"10.1109\/IAS54024.2023.10406766"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.egyr.2023.12.040"},{"key":"e_1_3_2_1_14_1","volume-title":"CRASHOVERRIDE: Analyzing the Malware that Attacks Power Grids. https:\/\/www.dragos.com\/resources\/whitepaper\/crashoverride-analyzing-the-malware-that-attacks-power-grids\/. [Online].","author":"Dragos Inc.","year":"2017","unstructured":"Dragos Inc. 2017. CRASHOVERRIDE: Analyzing the Malware that Attacks Power Grids. https:\/\/www.dragos.com\/resources\/whitepaper\/crashoverride-analyzing-the-malware-that-attacks-power-grids\/. [Online]."},{"key":"e_1_3_2_1_15_1","unstructured":"Kaspersky Inc. 2025. ATT&CK for ICS: Industroyer. https:\/\/www.kaspersky.com\/enterprise-security\/mitre\/industroyer. [Online]."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2016.14"},{"key":"e_1_3_2_1_17_1","unstructured":"KimiNewt. [n. d.]. Pyshark: Python Wrapper for TShark. https:\/\/github.com\/KimiNewt\/pyshark. Accessed: 2024-03-16."},{"key":"e_1_3_2_1_18_1","volume-title":"Accessed","author":"Developers Scikit","year":"2025","unstructured":"Scikit learn Developers. [n.d.]. Novelty detection with Local Outlier Factor (LOF). https:\/\/scikit-learn.org\/stable\/auto_examples\/neighbors\/plot_lof_novelty_detection.html. Accessed: March 16, 2025."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","unstructured":"Petr Matou\u0161ek Ond\u0159ej Ry\u0161av\u00fd and Peter Grof\u010d\u00edk. 2022. ICS Dataset for Smart Grid Anomaly Detection. doi:10.21227\/1trw-n685","DOI":"10.21227\/1trw-n685"},{"key":"e_1_3_2_1_20_1","unstructured":"Jacqueline Meyer and Giovanni Apruzzese. 2022. Cybersecurity in the Smart Grid: Practitioners' Perspective. arXiv:2210.13119 [cs.CR] https:\/\/arxiv.org\/abs\/2210.13119"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSG.2019.2949998"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3336857"},{"key":"e_1_3_2_1_23_1","first-page":"582","article-title":"Support Vector Method for Novelty Detection","volume":"12","author":"Sch\u00f6lkopf Bernhard","year":"1999","unstructured":"Bernhard Sch\u00f6lkopf, Robert Williamson, Alex Smola, John Shawe-Taylor, and John Platt. 1999. Support Vector Method for Novelty Detection. NIPS 12, 582--588.","journal-title":"NIPS"},{"key":"e_1_3_2_1_24_1","unstructured":"Snort Project. [n. d.]. Snort MMS Rule Writing Guide. https:\/\/docs.snort.org\/rules\/options\/payload\/mms. Accessed: 2025-03-15."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SmartGridComm51999.2021.9632304"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_4"},{"key":"e_1_3_2_1_27_1","unstructured":"ttgzs and SourceForge. 2019. IEDExplorer. https:\/\/sourceforge.net\/projects\/iedexplorer\/ Also available at: https:\/\/github.com\/ttgzs\/iedexplorer Accessed: 2025-03-15."},{"key":"e_1_3_2_1_28_1","unstructured":"Wireshark Foundation. [n. d.]. Tshark: Terminal-based Network Protocol Analyzer. https:\/\/tshark.dev\/. Accessed: 2024-03-16."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2022.103262"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.3390\/app122111193"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3047341"}],"event":{"name":"ASIA CCS '25: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Hanoi Vietnam","acronym":"ASIA CCS '25"},"container-title":["Proceedings of the 11th ACM Cyber-Physical System Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3709017.3737710","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T16:20:20Z","timestamp":1758817220000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3709017.3737710"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,25]]},"references-count":31,"alternative-id":["10.1145\/3709017.3737710","10.1145\/3709017"],"URL":"https:\/\/doi.org\/10.1145\/3709017.3737710","relation":{},"subject":[],"published":{"date-parts":[[2025,8,25]]},"assertion":[{"value":"2025-08-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}