{"id":"https://openalex.org/W7135226001","doi":"https://doi.org/10.1007/s10207-026-01236-y","title":"Attack pattern mining to discover hidden threats to industrial control systems","display_name":"Attack pattern mining to discover hidden threats to industrial control systems","publication_year":2026,"publication_date":"2026-03-13","ids":{"openalex":"https://openalex.org/W7135226001","doi":"https://doi.org/10.1007/s10207-026-01236-y"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-026-01236-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01236-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01236-y.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01236-y.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5068481997","display_name":"Muhammad Umer","orcid":"https://orcid.org/0000-0003-2059-5681"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Muhammad Azmi Umer","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077409980","display_name":"Chuadhry Mujeeb Ahmed","orcid":"https://orcid.org/0000-0003-3644-0465"},"institutions":[{"id":"https://openalex.org/I84884186","display_name":"Newcastle University","ror":"https://ror.org/01kj2bm70","country_code":"GB","type":"education","lineage":["https://openalex.org/I84884186"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Chuadhry Mujeeb Ahmed","raw_affiliation_strings":["Newcastle University, Newcastle, UK"],"affiliations":[{"raw_affiliation_string":"Newcastle University, Newcastle, UK","institution_ids":["https://openalex.org/I84884186"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129082551","display_name":"Aditya P. Mathur","orcid":null},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Aditya P. Mathur","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025641654","display_name":"Muhammad Taha Jilani","orcid":"https://orcid.org/0000-0001-5253-2605"},"institutions":[{"id":"https://openalex.org/I59225215","display_name":"Bahria University","ror":"https://ror.org/02v8d7770","country_code":"PK","type":"education","lineage":["https://openalex.org/I59225215"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Muhammad Taha Jilani","raw_affiliation_strings":["Bahria University, Karachi, Pakistan"],"affiliations":[{"raw_affiliation_string":"Bahria University, Karachi, Pakistan","institution_ids":["https://openalex.org/I59225215"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5077409980"],"corresponding_institution_ids":["https://openalex.org/I84884186"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.86866719,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"25","issue":"2","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9390000104904175,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9390000104904175,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.022199999541044235,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.006399999838322401,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7207000255584717},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.6646999716758728},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6568999886512756},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6032999753952026},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.503000020980835},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.45590001344680786},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4214000105857849},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.4189999997615814},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.4129999876022339}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7946000099182129},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7207000255584717},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.6646999716758728},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6568999886512756},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6032999753952026},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5852000117301941},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.503000020980835},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.45590001344680786},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4214000105857849},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.4189999997615814},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.4129999876022339},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.33970001339912415},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.33480000495910645},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.33180001378059387},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.33169999718666077},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2976999878883362},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2939999997615814},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.29109999537467957},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.2777999937534332},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.27720001339912415},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.2718999981880188},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.2648000121116638},{"id":"https://openalex.org/C2776788033","wikidata":"https://www.wikidata.org/wiki/Q320769","display_name":"Eavesdropping","level":2,"score":0.2637999951839447},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.2556000053882599},{"id":"https://openalex.org/C172862783","wikidata":"https://www.wikidata.org/wiki/Q5165888","display_name":"Control system security","level":5,"score":0.2535000145435333},{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.25049999356269836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-026-01236-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01236-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01236-y.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-026-01236-y","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-026-01236-y","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-026-01236-y.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Clean water and sanitation","id":"https://metadata.un.org/sdg/6","score":0.4937160015106201}],"awards":[{"id":"https://openalex.org/G6137700754","display_name":null,"funder_award_id":"NRF-NCR25-NSOE05-0001","funder_id":"https://openalex.org/F4320320709","funder_display_name":"National Research Foundation Singapore"}],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"},{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7135226001.pdf","grobid_xml":"https://content.openalex.org/works/W7135226001.grobid-xml"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W2034778365","https://openalex.org/W2056006386","https://openalex.org/W2138890315","https://openalex.org/W2148143831","https://openalex.org/W2407991977","https://openalex.org/W2512094555","https://openalex.org/W2519655440","https://openalex.org/W2604247107","https://openalex.org/W2768947629","https://openalex.org/W2896487165","https://openalex.org/W2998574808","https://openalex.org/W3007808067","https://openalex.org/W3092287343","https://openalex.org/W3104227430","https://openalex.org/W3113163052","https://openalex.org/W3127696688","https://openalex.org/W3129524550","https://openalex.org/W3164513951","https://openalex.org/W3164841614","https://openalex.org/W3196828088","https://openalex.org/W4206071945","https://openalex.org/W4283364245","https://openalex.org/W4409799254","https://openalex.org/W7084089630"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"This":[1,109],"work":[2],"focuses":[3],"on":[4,78],"the":[5,12,28,79,94,124,127,132,142,162],"validation":[6],"of":[7,14,24,30,33,99,126,144],"attack":[8,34,47,61,71,163],"pattern":[9],"mining":[10],"in":[11,130],"context":[13],"Industrial":[15],"Control":[16],"System":[17],"(ICS)":[18],"security.":[19],"A":[20],"comprehensive":[21],"security":[22],"assessment":[23],"an":[25,50,135],"ICS":[26],"requires":[27],"generation":[29],"a":[31,42,66,156],"variety":[32],"patterns.":[35,164],"For":[36],"this":[37,152],"purpose,":[38],"we":[39,154],"have":[40],"proposed":[41,53,121],"data-driven":[43],"technique":[44,54,122],"to":[45,58,75,86,134,160],"generate":[46,59],"patterns":[48,62,72,128],"for":[49,148],"ICS.":[51],"The":[52,120],"has":[55],"been":[56],"used":[57,74],"117,960":[60],"from":[63,65],"data":[64],"water":[67],"treatment":[68],"plant.":[69],"These":[70],"were":[73],"launch":[76],"attacks":[77,92,98,114],"operational":[80,118],"testbed":[81],"that":[82,111],"typically":[83],"lasted":[84],"2":[85],"4":[87,102],"minutes.":[88],"Interestingly,":[89],"some":[90,97],"2-minute":[91],"impacted":[93],"plant,":[95],"while":[96],"3":[100],"or":[101],"minutes":[103],"duration":[104],"had":[105],"no":[106],"observable":[107],"effect.":[108],"suggests":[110],"even":[112],"short-lived":[113],"can":[115],"significantly":[116],"impact":[117],"plants.":[119,150],"and":[123],"effectiveness":[125],"generated":[129],"moving":[131],"plant":[133],"anomalous":[136],"state":[137],"are":[138],"valuable":[139],"when":[140],"assessing":[141],"quality":[143],"Intrusion":[145],"Detection":[146],"Systems":[147],"physical":[149],"In":[151],"work,":[153],"present":[155],"detailed":[157],"case":[158],"study":[159],"validate":[161]},"counts_by_year":[],"updated_date":"2026-03-21T08:13:44.787528","created_date":"2026-03-14T00:00:00"}