{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T16:57:12Z","timestamp":1774630632181,"version":"3.50.1"},"reference-count":43,"publisher":"IEEE","license":[{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.23919\/softcom.2019.8903672","type":"proceedings-article","created":{"date-parts":[[2019,11,25]],"date-time":"2019-11-25T14:21:37Z","timestamp":1574691697000},"page":"1-6","source":"Crossref","is-referenced-by-count":93,"title":["Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests"],"prefix":"10.23919","author":[{"given":"Simon D. Duque","family":"Anton","sequence":"first","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for AI,Kaiserslautern,Germany"}]},{"given":"Sapna","family":"Sinha","sequence":"additional","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for AI,Kaiserslautern,Germany"}]},{"given":"Hans","family":"Dieter Schotten","sequence":"additional","affiliation":[{"name":"Intelligent Networks Research Group, German Research Center for AI,Kaiserslautern,Germany"}]}],"member":"263","reference":[{"key":"ref39","first-page":"1","article-title":"C4. 5, class imbalance, and cost sensitivity: why under-sampling beats over-sampling","volume":"11","author":"drummond","year":"2003","journal-title":"Workshop on learning from imbalanred datasets II"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2008.2002909"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/BF00994018"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/130385.130401"},{"key":"ref30","article-title":"Implementing scada scenarios and introducing attacks to obtain training data for intrusion detection methods","author":"duque anton","year":"0","journal-title":"International Conference on Cyber Warfare and Security"},{"key":"ref37","first-page":"149","article-title":"The effects of the irregular sample and missing data in time series analysis","author":"kreindler","year":"2016","journal-title":"Nonlinear Dynamical Systems Analysis for the Behavioral Sciences using Real Data"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1207\/s15327906mbr3304_5"},{"key":"ref35","article-title":"Network intrusion detection using random forests","author":"zhang","year":"2005","journal-title":"Pst Citeseer"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2004.843247"},{"key":"ref10","article-title":"Evaluation of machine learning-based anomaly detection algorithms on an industrial Modbus\/TCP data set","author":"duque anton","year":"0","journal-title":"Proceedings of the International Conference on Availability Reliability and Security (AReS)"},{"key":"ref40","article-title":"scikit learn","year":"2019","journal-title":"Tuning the hyper-parameters of an estimator"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2018.00008"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.09.009"},{"key":"ref13","author":"zhu","year":"2010","journal-title":"SCADA-specific Intrusion Detection\/Prevention Systems A Survey and Taxonomy"},{"key":"ref14","first-page":"18","article-title":"Anomaly-based network intrusion detection: Techniques, systems and challenges","author":"igure","year":"2009","journal-title":"Computers & Security"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2732198.2732200"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.jprocont.2015.04.005"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2014.1162"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.78"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.050113.00191"},{"key":"ref28","article-title":"Industrial control system simulation and data logging for intrusion detection system research","author":"morris","year":"2015","journal-title":"7th Annual Southeastern Cyber Security Summit"},{"key":"ref4","year":"2012","journal-title":"Modbus application protocol specification v 1 1 b3"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2002.1007774"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.protcy.2013.12.050"},{"key":"ref6","year":"2017","journal-title":"PROFINET Specification"},{"key":"ref29","year":"2019","journal-title":"Model and simulate fluid systems"},{"key":"ref5","year":"2006","journal-title":"MODBUS Messaging on TCP\/IP Implementation Guide V1 0b"},{"key":"ref8","article-title":"Chrashoverride - analysis of the threat to electric grid operations","year":"2016","journal-title":"Dragos"},{"key":"ref7","article-title":"Win32\/Industroyer - a new threat for industrial control systems","author":"cherepanov","year":"2017","journal-title":"ESET"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.03.001"},{"key":"ref9","article-title":"Analysis of the cyber attack on the ukrainian power grid","author":"lee","year":"2016","journal-title":"Electricity Information Sharing and Analysis Center (E-ISAC)"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/AINS.2017.8270432"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TIE.2012.2196010"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2010.2051556"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/JCN.2012.6253092"},{"key":"ref42","article-title":"Putting together the pieces: A concept for holistic industrial intrusion detection","author":"duque anton","year":"0","journal-title":"18th European Conference on Cyber Warfare and Security (ECCWS) ACPI ACPI"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53806-7_8"},{"key":"ref41","article-title":"Modern problems require modern solutions: Hybrid concepts for industrial intrusion detection","author":"duque anton","year":"2019","journal-title":"ITG-Fachtagung Mobilkommunikation - Technologien und Anwendungen (ITG-17) Informationstechnische Gesellschaft im VDE (ITG) VDE Verlag GmbH"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1023\/A:1024600519144"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2013.105"},{"key":"ref43","article-title":"Using temporal and topological features for intrusion detection in operational networks","author":"duque anton","year":"0","journal-title":"ARES ‘19 Proceedings of the 13th International Conference on Availability Reliability and Security"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38998-6_8"}],"event":{"name":"2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","location":"Split, Croatia","start":{"date-parts":[[2019,9,19]]},"end":{"date-parts":[[2019,9,21]]}},"container-title":["2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8892589\/8903594\/08903672.pdf?arnumber=8903672","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T19:37:07Z","timestamp":1753731427000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8903672\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9]]},"references-count":43,"URL":"https:\/\/doi.org\/10.23919\/softcom.2019.8903672","relation":{},"subject":[],"published":{"date-parts":[[2019,9]]}}}