{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T02:15:25Z","timestamp":1776132925704,"version":"3.50.1"},"reference-count":107,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2024,7,4]],"date-time":"2024-07-04T00:00:00Z","timestamp":1720051200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/linproxy.fan.workers.dev:443\/http\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/501100001501","name":"University Grants Commission","doi-asserted-by":"publisher","award":["200510090572"],"award-info":[{"award-number":["200510090572"]}],"id":[{"id":"10.13039\/501100001501","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Security and Privacy"],"published-print":{"date-parts":[[2024,11]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Since the inception of the Industrial 4.0 revolution, industrial cyber\u2010physical systems (CPSs) have become integral to critical infrastructures and industrial sectors, including water treatment and distribution systems. Integrating physical and digital worlds has made communication systems within these plants\u2014comprising actuators, sensors, and controllers\u2014vulnerable to advanced cyber\u2010attacks. Safeguarding the nation's critical infrastructure has thus attracted significant interest from both academia and industry. This article thoroughly examines water treatment and distribution CPSs, detailing their architectural design, devices, applications, and security standards. It analyzes various cyber\u2010attacks and explores CPS security vulnerabilities and their detection and mitigation techniques. Additionally, it reviews the trends in machine learning (ML) and deep learning (DL) intrusion detection system (IDS) solutions, highlighting their advantages and disadvantages. The article evaluates current datasets and testbeds, identifying some of the best\u2010performing IDS algorithms tested on each dataset compared to previous research, which could serve as benchmarks in this field. Finally, it proposes data augmentation techniques to generate comprehensive datasets, identifies research gaps, and suggests potential improvements to enhance IDS performance.<\/jats:p>","DOI":"10.1002\/spy2.440","type":"journal-article","created":{"date-parts":[[2024,7,4]],"date-time":"2024-07-04T23:51:21Z","timestamp":1720137081000},"update-policy":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["An analytical survey of cyber\u2010physical systems in water treatment and distribution: Security challenges, intrusion detection, and future directions"],"prefix":"10.1002","volume":"7","author":[{"ORCID":"https:\/\/linproxy.fan.workers.dev:443\/https\/orcid.org\/0009-0006-2440-3156","authenticated-orcid":false,"given":"Qawsar","family":"Gulzar","sequence":"first","affiliation":[{"name":"Department of Computer Science Jamia Millia Islamia  New Delhi India"}]},{"given":"Khurram","family":"Mustafa","sequence":"additional","affiliation":[{"name":"Department of Computer Science Jamia Millia Islamia  New Delhi India"}]}],"member":"311","published-online":{"date-parts":[[2024,7,4]]},"reference":[{"key":"e_1_2_10_2_1","volume-title":"Principles of Cyber\u2010Physical Systems","author":"Alur R.","year":"2015"},{"key":"e_1_2_10_3_1","doi-asserted-by":"publisher","DOI":"10.1201\/b19206"},{"key":"e_1_2_10_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3422369"},{"key":"e_1_2_10_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.micpro.2020.103201"},{"key":"e_1_2_10_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.04.005"},{"key":"e_1_2_10_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978\u20103\u2010319\u201012544\u20102_4"},{"key":"e_1_2_10_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/S12652\u2010015\u20100269\u20108"},{"key":"e_1_2_10_9_1","unstructured":"StoufferK FalcoJ.Guide to Industrial Control Systems (ICS) Security. Publication KSN special 2011 undefined.https:\/\/linproxy.fan.workers.dev:443\/http\/www.gocs.com.de\/pages\/fachberichte\/archiv\/164\u2010sp800_82_r2_draft.pdf"},{"key":"e_1_2_10_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/iThings\/CPSCom.2011.34"},{"key":"e_1_2_10_11_1","unstructured":"FilkinsB WylieD Institute ADST.U. Sans 2019 state of OT\/ICS cybersecurity survey.SANS Inst. 2019.2019https:\/\/linproxy.fan.workers.dev:443\/https\/industrialcyber.co\/wp\u2010content\/uploads\/2020\/05\/Survey_ICS\u20102019_Radiflow.pdf"},{"key":"e_1_2_10_12_1","article-title":"Top ten differences between ICS and IT cybersecurity","author":"Neitzel L","year":"2014","journal-title":"InTech Mag"},{"key":"e_1_2_10_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.IJCIP.2022.100516"},{"key":"e_1_2_10_14_1","unstructured":"Association for Computing Machinery.Special Interest Group on Information Technology Education EMC Academic Alliance Piazza et al. RIIT'12\u2009: proceedings of the ACM Research in Information Technology: October 11\u201313 2012 Calgary Alberta Canada. 2012:64."},{"key":"e_1_2_10_15_1","first-page":"1","volume-title":"Symantec Security Response","author":"Falliere N","year":"2011"},{"key":"e_1_2_10_16_1","unstructured":"Israeli Test on Worm Called Crucial in Iran Nuclear Delay. New York Times. Published January 16.2011https:\/\/linproxy.fan.workers.dev:443\/https\/www.nytimes.com\/2011\/01\/16\/world\/middleeast\/16stuxnet.html"},{"key":"e_1_2_10_17_1","unstructured":"What is BlackEnergy Malware? | Security Encyclopedia.https:\/\/linproxy.fan.workers.dev:443\/https\/www.hypr.com\/security\u2010encyclopedia\/blackenergy"},{"key":"e_1_2_10_18_1","unstructured":"diPintoA DragoniY USA ACPBH.TRITON: The first ICS cyber attack on safety instrument systems;2018.https:\/\/linproxy.fan.workers.dev:443\/https\/scadahacker.com\/library\/Documents\/Cyber_Events\/Nozomi%20\u2010%20TRITON%20\u2010%20The%20First%20SIS%20Cyberattack.pdf"},{"key":"e_1_2_10_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978\u20103\u2010030\u201004537\u20101_12"},{"key":"e_1_2_10_20_1","doi-asserted-by":"crossref","unstructured":"KalashnikovA SakrutinaE.The model of evaluating the risk potential for critical infrastructure plants of nuclear power plants.Proc201811th Int Conf &Quot;Management Large\u2010Scale Syst Dev MLSD 1\u20134.2018. doi:10.1109\/MLSD.2018.8551910","DOI":"10.1109\/MLSD.2018.8551910"},{"key":"e_1_2_10_21_1","unstructured":"BarbieriG ContiM TippenhauerNO TurrinF.Assessing the use of insecure ICS protocols via IXP network traffic analysis.2021.https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/9522219\/?casa_token=1GWKpHFrrMAAAAAA:ELasffqluLVJBVZFwJt7zMnxUzvICciKbNk4tnUDsibkwkdWU8PdrTjOba7BeggennDZyCuK4LOwMQ"},{"key":"e_1_2_10_22_1","doi-asserted-by":"crossref","unstructured":"NawrockiM SchmidtTC WahlischM.Uncovering Vulnerable Industrial Control Systems from the Internet Core.Proc IEEE\/IFIP Netw Oper Manag Symp2020 Manag Age Softwarization Artif Intell NOMS 2020.2020. doi:10.1109\/NOMS47738.2020.9110256","DOI":"10.1109\/NOMS47738.2020.9110256"},{"key":"e_1_2_10_23_1","unstructured":"Cost of OT Cyber Security Incidents\u00a0\u2013\u00a0Nozomi Networks.https:\/\/linproxy.fan.workers.dev:443\/https\/www.nozominetworks.com\/solutions\/topic\/cost\u2010of\u2010ot\u2010cyber\u2010security\u2010incidents\/"},{"key":"e_1_2_10_24_1","unstructured":"IBM \u2010 India | IBM.https:\/\/linproxy.fan.workers.dev:443\/https\/www.ibm.com\/in\u2010en"},{"key":"e_1_2_10_25_1","unstructured":"Ransomware Costs Double in Q4 as Ryuk Sodinokibi Proliferate. Accessed July 30 2023.https:\/\/linproxy.fan.workers.dev:443\/https\/www.coveware.com\/blog\/2020\/1\/22\/ransomware\u2010costs\u2010double\u2010in\u2010q4\u2010as\u2010ryuk\u2010sodinokibi\u2010proliferate"},{"key":"e_1_2_10_26_1","unstructured":"EKANS.Ransomware and ICS Operations | Dragos Dragos.https:\/\/linproxy.fan.workers.dev:443\/https\/www.dragos.com\/blog\/industry\u2010news\/ekans\u2010ransomware\u2010and\u2010ics\u2010operations\/"},{"key":"e_1_2_10_27_1","article-title":"A survey on industrial control system testbeds and datasets for security research","author":"Conti M","year":"2021","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3165809"},{"key":"e_1_2_10_29_1","doi-asserted-by":"publisher","DOI":"10.3390\/s150304837"},{"key":"e_1_2_10_30_1","unstructured":"Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey | SANS Institute.https:\/\/linproxy.fan.workers.dev:443\/https\/www.sans.org\/white\u2010papers\/39385\/#addsearch=itsecurity%20spendingtrends"},{"key":"e_1_2_10_31_1","doi-asserted-by":"publisher","DOI":"10.3390\/FI10080076"},{"key":"e_1_2_10_32_1","unstructured":"Amarudin FerdianaR Widyawan.A systematic literature review of intrusion detection systems for network security: research trends datasets and methods.Proceedings of the 4th International Conference on Information and Communication.2020https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/9299068\/?casa_token=zqDMihXMIQAAAAA:\u20107NTFHWjo86d68H4loVg2ER0aeAKtm2vNpvLnXalzjFLzK4Wp\u2010ZMkZcQ65OE8zzfDTq0UjZK9FrvaA"},{"key":"e_1_2_10_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2872784"},{"key":"e_1_2_10_34_1","unstructured":"on JA 2021 22nd IAC.Intrusion detection systems trends to counteract growing cyber\u2010attacks on cyber\u2010physical systems.2021https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/9677429\/"},{"key":"e_1_2_10_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.04.004"},{"key":"e_1_2_10_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2015.02.002"},{"key":"e_1_2_10_37_1","unstructured":"KeeleBK.Procedures for performing systematic reviews. University of Keele.2004https:\/\/linproxy.fan.workers.dev:443\/https\/www.researchgate.net\/profile\/Barbara\u2010Kitchenham\/publication\/228756057_Procedures_for_Performing_Systematic_Reviews\/links\/618cfae961f09877207f8471\/Procedures\u2010for\u2010Performing\u2010Systematic\u2010Reviews.pdf"},{"key":"e_1_2_10_38_1","article-title":"A systematic review of the internet of things in the oil and gas industry","author":"Wanasinghe T","year":"2020","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_39_1","unstructured":"Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) | CISA.https:\/\/linproxy.fan.workers.dev:443\/https\/www.cisa.gov\/news\u2010events\/ics\u2010alerts\/ics\u2010alert\u201014\u2010281\u201001e"},{"key":"e_1_2_10_40_1","unstructured":"Advantech\/Broadwin WebAccess RPC Vulnerability (Update B) | CISA.https:\/\/linproxy.fan.workers.dev:443\/https\/www.cisa.gov\/news\u2010events\/ics\u2010advisories\/icsa\u201011\u2010094\u201002b"},{"key":"e_1_2_10_41_1","unstructured":"Exploitation of Remote Services Technique T1210 \u2010 Enterprise | MITRE ATT&CK\u00ae.https:\/\/linproxy.fan.workers.dev:443\/https\/attack.mitre.org\/techniques\/T1210\/"},{"key":"e_1_2_10_42_1","unstructured":"Implications of IT Ransomware for ICS Environments | Dragos.https:\/\/linproxy.fan.workers.dev:443\/https\/www.dragos.com\/blog\/industry\u2010news\/implications\u2010of\u2010it\u2010ransomware\u2010for\u2010ics\u2010environments\/"},{"key":"e_1_2_10_43_1","unstructured":"Yokogawa announcement warns of counterfeit transmitters | Control Global.https:\/\/linproxy.fan.workers.dev:443\/https\/www.controlglobal.com\/measure\/pressure\/news\/11301415\/yokogawa\u2010announcement\u2010warns\u2010of\u2010counterfeit\u2010transmitters"},{"key":"e_1_2_10_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2960497"},{"key":"e_1_2_10_45_1","unstructured":"Symantec Security Response.Dragonfly: cyberespionage attacks against energy suppliers.2014:1\u201318.https:\/\/linproxy.fan.workers.dev:443\/http\/www.symantec.com\/connect\/blogs\/dragonfly\u2010western\u2010energy\u2010companies\u2010under\u2010sabotage\u2010threat"},{"key":"e_1_2_10_46_1","unstructured":"AbramsM WeissJ.Malicious control system cyber security attack case study: Maroochy Water Services Australia. MITRE Corp.2008https:\/\/linproxy.fan.workers.dev:443\/http\/csrc.nist.gov\/groups\/SMA\/fisma\/ics\/documents\/Maroochy\u2010Water\u2010Services\u2010Case\u2010Study_report.pdf"},{"key":"e_1_2_10_47_1","unstructured":"BolshevA.ICSCorsair: how I Will PWN your ERP through 4\u201320 mA Current Loop. Black Hat USA.2014."},{"key":"e_1_2_10_48_1","unstructured":"StoufferK PillitteriV LightmanS AbramsM HahnA.Guide to industrial control systems (ICS) security NIST special publication 800\u201382 revision 2.NIST Spec Publ 800\u201382 Rev 2 1\u2013157.2015https:\/\/linproxy.fan.workers.dev:443\/http\/industryconsulting.org\/pdfFiles\/NISTDraft\u2010SP800\u201082.pdf"},{"issue":"800","key":"e_1_2_10_49_1","first-page":"53","article-title":"Security and privacy controls for federal information systems and organizations","volume":"2020","author":"FORCE JTTI","year":"2013","journal-title":"NIST Spec Publ"},{"key":"e_1_2_10_50_1","unstructured":"Moving Beyond EMET II\u00a0\u2013\u00a0Windows Defender Exploit Guard | MSRC Blog | Microsoft Security Response Center.https:\/\/linproxy.fan.workers.dev:443\/https\/msrc.microsoft.com\/blog\/2017\/08\/moving\u2010beyond\u2010emet\u2010ii\u2010windows\u2010defender\u2010exploit\u2010guard\/"},{"key":"e_1_2_10_51_1","doi-asserted-by":"crossref","unstructured":"CaselliM ZambonE.Workshop FKP of the 1st A 2015. Sequence\u2010aware intrusion detection in industrial control systems 13\u201324.2015. doi:10.1145\/2732198.2732200","DOI":"10.1145\/2732198.2732200"},{"key":"e_1_2_10_52_1","unstructured":"ShahidH.Radio frequency detection spectrum analysis and direction finding equipment market survey report.2019www.dhs.gov\/science\u2010and\u2010technology\/saver"},{"key":"e_1_2_10_53_1","unstructured":"Cyber Attack \u2010 Glossary | CSRC.https:\/\/linproxy.fan.workers.dev:443\/https\/csrc.nist.gov\/glossary\/term\/cyber_attack"},{"key":"e_1_2_10_54_1","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2014.1169"},{"key":"e_1_2_10_55_1","unstructured":"ChengL DonghongL LiangM.The spear to break the security wall of S7CommPlus.Defcon 25.2017.https:\/\/linproxy.fan.workers.dev:443\/https\/media.defcon.org\/DEFCON25\/DEFCON25presentations\/ChengLei\/DEFCON\u201025\u2010Cheng\u2010Lei\u2010The\u2010Spear\u2010to\u2010Break\u2010the\u2010Security\u2010Wall\u2010of\u2010S7CommPlus\u2010WP.pdf"},{"key":"e_1_2_10_56_1","unstructured":"Downloads.https:\/\/linproxy.fan.workers.dev:443\/https\/de.profibus.com\/downloads\/pi\u2010white\u2010paper\u2010security\u2010extensions\u2010for\u2010profinet"},{"key":"e_1_2_10_57_1","doi-asserted-by":"crossref","unstructured":"RenjieH FengL DongboP.Research on OPC UA security. In: 2010 5th IEEE Conference on Industrial\u00a0Electronics and Applications (ICIEA). June 2010 1439\u20131444.2010. doi:10.1109\/ICIEA.2010.5514836","DOI":"10.1109\/ICIEA.2010.5514836"},{"key":"e_1_2_10_58_1","volume-title":"Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems","author":"Clarke G","year":"2004"},{"key":"e_1_2_10_59_1","doi-asserted-by":"crossref","unstructured":"MaynardP McLaughlinK HaberlerB.Towards understanding man\u2010in\u2010the\u2010middle attacks on IEC 60870\u20105\u2010104 SCADA networks 30\u201342.2014. doi:10.14236\/ewic\/ics\u2010csr2014.5","DOI":"10.14236\/ewic\/ics-csr2014.5"},{"key":"e_1_2_10_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2019.2956734"},{"key":"e_1_2_10_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2975066"},{"key":"e_1_2_10_62_1","article-title":"Real\u2010time anomaly intrusion detection for a clean water supply system, utilizing machine learning with novel energy\u2010based features","author":"Robles\u2010Durazno A","year":"2020","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_63_1","doi-asserted-by":"crossref","unstructured":"UrbinaDI GiraldoJ CardenasAA et al.Limiting the impact of stealthy attacks on industrial control systems. In:Proceedings of the ACM Conference on Computer and Communications Security. Vol 24\u201028\u2010October.2016. doi:10.1145\/2976749.2978388","DOI":"10.1145\/2976749.2978388"},{"key":"e_1_2_10_64_1","article-title":"Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph\u2010based convolution neural network (EPCA\u2010HG)","author":"Krithivasan K","year":"2020","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_65_1","doi-asserted-by":"crossref","unstructured":"KreimelP EignerO.Anomaly\u2010based detection & classification of attacks in cyber\u2010physical systems. ACM Int Conf Proceeding Ser 2017; Part F130521.2017. doi:10.1145\/3098954.3103155","DOI":"10.1145\/3098954.3103155"},{"key":"e_1_2_10_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3391486"},{"key":"e_1_2_10_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2992249"},{"key":"e_1_2_10_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2021.3053304"},{"key":"e_1_2_10_69_1","volume-title":"Deep Autoencoders as Anomaly Detectors: Method and Case Study in a Distributed Water Treatment Plant","author":"Raman M","year":"2020"},{"key":"e_1_2_10_70_1","doi-asserted-by":"publisher","DOI":"10.1186\/S42400\u2010021\u201000071\u2010Z"},{"key":"e_1_2_10_71_1","unstructured":"InoueJ YamagataY ChenY PoskittCM SunJ.Anomaly detection for a water treatment system using unsupervised machine learning.2017https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/8215783\/?casa_token=sxXisYMui0sAAAAA:CH5aDx24EWdpFz031maxXIBOy36Ng9xeueFxNhCa4fnInWYUnGn_wIj1OmxVcaXJ64nPUU22Mhuzxw"},{"key":"e_1_2_10_72_1","unstructured":"KissI GengeB.A clustering\u2010based approach to detect cyber attacks in process control systems. In: Proceedings of the 13th International Conference on Intelligent Engineering Systems.2015https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/7281725\/?casa_token=Rs29Ba9M13IAAAAA:5PA7VWir4TRoiHx_E1zNXLmVEA8CYs3c3SpGuVhT2QPhvk3uAOH0GxGUY5Ms0ixgfwf99qVEUOct4Q"},{"key":"e_1_2_10_73_1","unstructured":"FranciaGA.A machine learning test data set for continuous security monitoring of industrial control systems.Proceedings of the 7th International Conference on Availability Reliability and Security.2017https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/8446474\/?casa_token=jY43pqhIogsAAAAA:7dart6FO5Jtt03aXuEb5LIki2BVRtymRMUKWxOcfQ1beX45Hxd5dkUAaTe2C_GP\u2010tNJmGp0naMOhw"},{"key":"e_1_2_10_74_1","doi-asserted-by":"crossref","unstructured":"KravchikM BiggioB ShabtaiA.Poisoning attacks on cyber attack detectors for industrial control systems.Proc ACM Symp Appl Comput 116\u2013125.2021. doi:10.1145\/3412841.3441892","DOI":"10.1145\/3412841.3441892"},{"key":"e_1_2_10_75_1","unstructured":"MacasM OnCW.An unsupervised framework for anomaly detection in a water treatment system.Proceedings of the 18th International Interdisciplinary Conference on the Environment. IEEE Xplore.2019https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/8999210\/?casa_token=oj8Uz0EGfpMAAAAA:5vLqTi9ob1dUQH6Yj4TgApQXdKJmLKmxoKaDmYuC7F1b2f1pLxH6HKBeKZEPHRpn3334tC\u2010HsTdN3w"},{"key":"e_1_2_10_76_1","article-title":"Toward detection and attribution of cyber\u2010attacks in IoT\u2010enabled cyber\u2013physical systems","volume":"8","author":"Jahromi A","year":"2021","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_77_1","doi-asserted-by":"crossref","unstructured":"KravchikM ShabtaiA.Detecting cyber attacks in industrial control systems using convolutional neural networks. Proceedings of the ACM Conference on Computer and Communications Security;2018. doi:10.1145\/3264888.3264896","DOI":"10.1145\/3264888.3264896"},{"key":"e_1_2_10_78_1","doi-asserted-by":"crossref","unstructured":"GhaeiniH TippenhauerNO.Hamids: hierarchical monitoring intrusion detection system for industrial control systems. Conference: the 2nd ACM Workshop 103\u2013111;2016. doi:10.1145\/2994487.2994492","DOI":"10.1145\/2994487.2994492"},{"key":"e_1_2_10_79_1","unstructured":"KravchikM ASIT on D.Efficient cyber attack detection in industrial control systems using lightweight neural networks and pca;2021https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/9317834\/?casa_token=H_8UW00v0XUAAAAA:my0XVGVOkDcjRJGNCXnGrD1kABzkgpQ6Jr4MZEX\u2010FoPiLgh6X7he9Hxv\u20108qIgWWGS2kT66miRzkpfw"},{"key":"e_1_2_10_80_1","doi-asserted-by":"publisher","DOI":"10.1007\/978\u20103\u2010319\u201065172\u20109_11\/COVER"},{"key":"e_1_2_10_81_1","doi-asserted-by":"publisher","DOI":"10.1007\/S11633\u2010015\u20100923\u20109"},{"key":"e_1_2_10_82_1","doi-asserted-by":"crossref","unstructured":"HindyH BrossetD BayneE SeeamA BellekensX.Improving SIEM for critical SCADA water infrastructures using machine learning. In:Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Bioinformatics). Vol 11387 LNCS;2019. doi:10.1007\/978\u20103\u2010030\u201012786\u20102_1","DOI":"10.1007\/978-3-030-12786-2_1"},{"key":"e_1_2_10_83_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.IOTCPS.2021.12.002"},{"key":"e_1_2_10_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2958284"},{"key":"e_1_2_10_85_1","unstructured":"RodofileN.Generating attacks and labelling attack datasets for industrial control intrusion detection systems.2018. Accessed December 10 2022https:\/\/linproxy.fan.workers.dev:443\/https\/eprints.qut.edu.au\/121760"},{"key":"e_1_2_10_86_1","unstructured":"Reconnaissance.Tactic TA0043 \u2010 Enterprise | MITRE ATT&CK\u00ae.https:\/\/linproxy.fan.workers.dev:443\/https\/attack.mitre.org\/tactics\/TA0043\/"},{"key":"e_1_2_10_87_1","unstructured":"Collection Tactic TA0009 \u2010 Enterprise | MITRE ATT&CK\u00ae.https:\/\/linproxy.fan.workers.dev:443\/https\/attack.mitre.org\/tactics\/TA0009\/"},{"key":"e_1_2_10_88_1","doi-asserted-by":"publisher","DOI":"10.3103\/S0146411616010090"},{"key":"e_1_2_10_89_1","article-title":"A survey on industrial control system testbeds and datasets for security research","author":"Conti M","year":"2021","journal-title":"IEEE Xplore"},{"key":"e_1_2_10_90_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10462\u2010023\u201010437\u2010z"},{"key":"e_1_2_10_91_1","doi-asserted-by":"crossref","unstructured":"GhaeiniH TippenhauerN.Zero residual attacks on industrial control systems and stateful countermeasures 14th JZP of the 2019.2019. doi:10.1145\/3339252.3340331","DOI":"10.1145\/3339252.3340331"},{"key":"e_1_2_10_92_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2019.01.002"},{"key":"e_1_2_10_93_1","unstructured":"LisaMR.Snort: lightweight intrusion detection for networks.1999https:\/\/linproxy.fan.workers.dev:443\/https\/www.usenix.org\/legacy\/publications\/library\/proceedings\/lisa99\/full_papers\/roesch\/roesch.pdf"},{"key":"e_1_2_10_94_1","unstructured":"Home\u00a0\u2013\u00a0Suricata.https:\/\/linproxy.fan.workers.dev:443\/https\/suricata.io\/"},{"key":"e_1_2_10_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/2542049"},{"key":"e_1_2_10_96_1","doi-asserted-by":"crossref","unstructured":"HuY YangA LiH SunY SunL.A survey of intrusion detection on industrial control systems. YSIJ of 2018.2018. doi:10.1177\/1550147718794615","DOI":"10.1177\/1550147718794615"},{"key":"e_1_2_10_97_1","unstructured":"404 | MITRE ATT&CK\u00ae.[1 Gardiner J. Cova M. Nagaraja S 2014 February Command & Control Understanding Denying and Detecting Retrieved.2016https:\/\/linproxy.fan.workers.dev:443\/https\/attack.mitre.org\/mitigations\/M0931\/"},{"key":"e_1_2_10_98_1","doi-asserted-by":"publisher","DOI":"10.1007\/978\u20103\u2010319\u201071368\u20107_8"},{"key":"e_1_2_10_99_1","unstructured":"ChoiS YunJH KimSK.A comparison of ICS datasets for security research based on attack paths.Lect Notes Comput Sci (Including Subser Lect Notes Artif Intell Lect Notes Bioinformatics);11260 LNCS:154\u2013166.2019. doi:10.1007\/978\u20103\u2010030\u201005849\u20104_12"},{"key":"e_1_2_10_100_1","doi-asserted-by":"publisher","DOI":"10.1007\/S00521\u2010021\u201005785\u20102"},{"key":"e_1_2_10_101_1","unstructured":"FilonovP LavrentyevA VorontsovA.Multivariate industrial time series with cyber\u2010attack simulation: fault detection using an LSTM\u2010based predictive data model. arXiv:1612.06676.2016https:\/\/linproxy.fan.workers.dev:443\/http\/arxiv.org\/abs\/1612.06676"},{"key":"e_1_2_10_102_1","unstructured":"GugulothuN MalhotraP VigL ShroffG.Sparse neural networks for anomaly detection in high\u2010dimensional time series."},{"key":"e_1_2_10_103_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2021.102590"},{"key":"e_1_2_10_104_1","unstructured":"TurnipseedI.A new scada dataset for intrusion detection research.2015https:\/\/linproxy.fan.workers.dev:443\/https\/search.proquest.com\/openview\/bf0b546cac9a109aecb94419f7ee65a3\/1?pq\u2010origsite=gscholar&cbl=18750"},{"key":"e_1_2_10_105_1","unstructured":"MPS PA.Compact Workstation with level flow rate pressure and temperature controlled systems\u00a0\u2013\u00a0Compact workstation\u00a0\u2013\u00a0Process automation & control theory\u00a0\u2013\u00a0Learning Systems\u00a0\u2013\u00a0Festo Didactic Training & Consulting Great Britain.https:\/\/linproxy.fan.workers.dev:443\/https\/www.festo\u2010didactic.co.uk\/gb\u2010en\/learning\u2010systems\/process\u2010automation\/compact\u2010workstation\/mps\u2010pa\u2010compact\u2010workstation\u2010with\u2010level flow\u2010rate pressure\u2010and\u2010temperature\u2010controlled\u2010systems.htm?fbid=Z2IuZW4uNTUwLjE3LjE4Ljg4Mi40Mzc2"},{"key":"e_1_2_10_106_1","unstructured":"BeaverJ BorgesR BucknerM.12th international 2013. An evaluation of machine learning methods to detect malicious SCADA communications. Conference: Proceedings of the 2013 12th International Conference on Machine Learning and Applications \u2013Volume 02.2013https:\/\/linproxy.fan.workers.dev:443\/https\/ieeexplore.ieee.org\/abstract\/document\/6786081\/?casa_token=hyE7cI9AiQcAAAAA:QbJvnB6IJWx\u2010Io9zjBvzZ7xZhHzCMfsk7r5OI9GSzT6mSHfO\u20106vMjsF_nCuZpGGn1xs\u2010ovPrHaAFUQ"},{"key":"e_1_2_10_107_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445969.3450432"},{"key":"e_1_2_10_108_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.gltp.2022.04.020"}],"container-title":["SECURITY AND PRIVACY"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.440","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,12]],"date-time":"2024-11-12T06:16:45Z","timestamp":1731392205000},"score":1,"resource":{"primary":{"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/onlinelibrary.wiley.com\/doi\/10.1002\/spy2.440"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,4]]},"references-count":107,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,11]]}},"alternative-id":["10.1002\/spy2.440"],"URL":"https:\/\/linproxy.fan.workers.dev:443\/https\/doi.org\/10.1002\/spy2.440","archive":["Portico"],"relation":{},"ISSN":["2475-6725","2475-6725"],"issn-type":[{"value":"2475-6725","type":"print"},{"value":"2475-6725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,4]]},"assertion":[{"value":"2024-03-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-20","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-07-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e440"}}