{"id":"https://openalex.org/W3196634763","doi":"https://doi.org/10.1109/csr51186.2021.9527936","title":"TRUSTY: A Solution for Threat Hunting Using Data Analysis in Critical Infrastructures","display_name":"TRUSTY: A Solution for Threat Hunting Using Data Analysis in Critical Infrastructures","publication_year":2021,"publication_date":"2021-07-26","ids":{"openalex":"https://openalex.org/W3196634763","doi":"https://doi.org/10.1109/csr51186.2021.9527936","mag":"3196634763"},"language":"en","primary_location":{"id":"doi:10.1109/csr51186.2021.9527936","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527936","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://zenodo.org/record/7317274","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025891312","display_name":"Panagiotis Radoglou\u2010Grammatikis","orcid":"https://orcid.org/0000-0003-1605-9413"},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Radoglou-Grammatikis","raw_affiliation_strings":["University of Western Macedonia, Kozani, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Western Macedonia, Kozani, Greece","institution_ids":["https://openalex.org/I89506807"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046929158","display_name":"Athanasios Liatifis","orcid":"https://orcid.org/0000-0002-8514-6636"},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Athanasios Liatifis","raw_affiliation_strings":["University of Western Macedonia, Kozani, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Western Macedonia, Kozani, Greece","institution_ids":["https://openalex.org/I89506807"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060696669","display_name":"Elisavet Grigoriou","orcid":"https://orcid.org/0000-0002-7322-6954"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Elisavet Grigoriou","raw_affiliation_strings":["Sidroco Holdings Ltd, Nicosia, Cyprus"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sidroco Holdings Ltd, Nicosia, Cyprus","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073123022","display_name":"Theocharis Saoulidis","orcid":"https://orcid.org/0000-0002-8088-4808"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Theocharis Saoulidis","raw_affiliation_strings":["Sidroco Holdings Ltd, Nicosia, Cyprus"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sidroco Holdings Ltd, Nicosia, Cyprus","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070585894","display_name":"Antonios Sarigiannidis","orcid":"https://orcid.org/0000-0002-0309-4079"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Antonios Sarigiannidis","raw_affiliation_strings":["Sidroco Holdings Ltd, Nicosia, Cyprus"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sidroco Holdings Ltd, Nicosia, Cyprus","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066475089","display_name":"\u0398\u03c9\u03bc\u03ac\u03c2 \u039b\u03ac\u03b3\u03ba\u03b1\u03c2","orcid":"https://orcid.org/0000-0002-0749-9794"},"institutions":[{"id":"https://openalex.org/I183898223","display_name":"International Hellenic University","ror":"https://ror.org/00708jp83","country_code":"GR","type":"education","lineage":["https://openalex.org/I183898223"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Thomas Lagkas","raw_affiliation_strings":["International Hellenic University, Kavala, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"International Hellenic University, Kavala, Greece","institution_ids":["https://openalex.org/I183898223"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050756789","display_name":"Panagiotis Sarigiannidis","orcid":"https://orcid.org/0000-0001-6042-0355"},"institutions":[{"id":"https://openalex.org/I89506807","display_name":"University of Western Macedonia","ror":"https://ror.org/00a5pe906","country_code":"GR","type":"education","lineage":["https://openalex.org/I89506807"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Panagiotis Sarigiannidis","raw_affiliation_strings":["University of Western Macedonia, Kozani, Greece"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Western Macedonia, Kozani, Greece","institution_ids":["https://openalex.org/I89506807"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.1224,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.79511002,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"485","last_page":"490"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.8675460815429688},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7211734056472778},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6393693685531616},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5528343915939331},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5437631607055664},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5346991419792175},{"id":"https://openalex.org/keywords/ethernet","display_name":"Ethernet","score":0.484336256980896},{"id":"https://openalex.org/keywords/modbus","display_name":"Modbus","score":0.4570290446281433},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4263034164905548},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4214813709259033},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.4185033440589905},{"id":"https://openalex.org/keywords/arp-spoofing","display_name":"ARP spoofing","score":0.4121738076210022},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.41198480129241943},{"id":"https://openalex.org/keywords/internet-protocol","display_name":"Internet Protocol","score":0.3234001398086548},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.29145348072052},{"id":"https://openalex.org/keywords/communications-protocol","display_name":"Communications protocol","score":0.25439465045928955},{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.2049388885498047}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.8675460815429688},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7211734056472778},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6393693685531616},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5528343915939331},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5437631607055664},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5346991419792175},{"id":"https://openalex.org/C172173386","wikidata":"https://www.wikidata.org/wiki/Q79984","display_name":"Ethernet","level":2,"score":0.484336256980896},{"id":"https://openalex.org/C2776666747","wikidata":"https://www.wikidata.org/wiki/Q1135322","display_name":"Modbus","level":3,"score":0.4570290446281433},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4263034164905548},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4214813709259033},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.4185033440589905},{"id":"https://openalex.org/C86255107","wikidata":"https://www.wikidata.org/wiki/Q296847","display_name":"ARP spoofing","level":5,"score":0.4121738076210022},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.41198480129241943},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.3234001398086548},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.29145348072052},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.25439465045928955},{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.2049388885498047},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/csr51186.2021.9527936","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr51186.2021.9527936","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},{"id":"pmh:oai:zenodo.org:7317274","is_oa":true,"landing_page_url":"https://zenodo.org/record/7317274","pdf_url":"https://zenodo.org/record/7317274","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:7317274","is_oa":true,"landing_page_url":"https://zenodo.org/record/7317274","pdf_url":"https://zenodo.org/record/7317274","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/conferencePaper"},"sustainable_development_goals":[{"score":0.6499999761581421,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G7589443305","display_name":"SDN - microgrid reSilient Electrical eNergy SystEm","funder_award_id":"833955","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3196634763.pdf"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W1982782621","https://openalex.org/W2065806103","https://openalex.org/W2103487196","https://openalex.org/W2133217855","https://openalex.org/W2188280148","https://openalex.org/W2476275724","https://openalex.org/W2512166484","https://openalex.org/W2760509023","https://openalex.org/W2903220614","https://openalex.org/W2904972287","https://openalex.org/W2913281805","https://openalex.org/W2941500089","https://openalex.org/W2971065528","https://openalex.org/W2982616388","https://openalex.org/W2991419331","https://openalex.org/W3046155323","https://openalex.org/W3049442983","https://openalex.org/W3114053185","https://openalex.org/W3157826258","https://openalex.org/W3183194994","https://openalex.org/W4285719527","https://openalex.org/W6687199295","https://openalex.org/W6725194215","https://openalex.org/W6798718645"],"related_works":["https://openalex.org/W2997907595","https://openalex.org/W4389485405","https://openalex.org/W1578384606","https://openalex.org/W3208265074","https://openalex.org/W4297097635","https://openalex.org/W2796752342","https://openalex.org/W1967903162","https://openalex.org/W2990025694","https://openalex.org/W4213209911","https://openalex.org/W2291399296"],"abstract_inverted_index":{"The":[0,204],"rise":[1],"of":[2,6,16,45,83,115,123,170,210],"the":[3,14,21,56,81,94,99,120,168,199,208,211],"Industrial":[4],"Internet":[5],"Things":[7],"(IIoT)":[8],"plays":[9],"a":[10,43,106,149,160,181,191],"crucial":[11],"role":[12],"in":[13,176,180],"era":[15],"hyper-connected":[17],"digital":[18],"economies.":[19],"Despite":[20],"valuable":[22,64],"benefits,":[23],"such":[24,71],"as":[25,72],"increased":[26],"resiliency,":[27],"self-monitoring":[28],"and":[29,36,47,59,77,97,118,141],"pervasive":[30],"control,":[31],"IIoT":[32],"raises":[33],"severe":[34],"cybersecurity":[35],"privacy":[37],"risks,":[38],"allowing":[39],"cyberattackers":[40],"to":[41,52,128,152],"exploit":[42],"plethora":[44],"vulnerabilities":[46],"weaknesses":[48],"that":[49,172],"can":[50,92,173],"lead":[51],"disastrous":[53],"consequences.":[54],"Although":[55],"Intrusion":[57],"Detection":[58],"Prevention":[60],"Systems":[61],"(IDPS)":[62],"constitute":[63],"solutions,":[65],"they":[66],"suffer":[67],"from":[68],"several":[69],"gaps,":[70],"zero-day":[73],"attacks,":[74],"unknown":[75],"anomalies":[76],"false":[78],"positives.":[79],"Therefore,":[80],"presence":[82],"supporting":[84],"mechanisms":[85],"is":[86,113,188,196],"necessary.":[87],"To":[88],"this":[89,102,145,157,186],"end,":[90],"honeypots":[91,126,171],"protect":[93],"real":[95],"assets":[96],"trap":[98],"cyberattackers.":[100],"In":[101,184],"paper,":[103],"we":[104,147],"provide":[105,148],"web-based":[107],"platform":[108],"called":[109],"TRUSTY":[110],",":[111],"which":[112,165,195],"capable":[114],"aggregating,":[116],"storing":[117],"analysing":[119],"detection":[121],"results":[122],"multiple":[124],"industrial":[125,178],"related":[127,151],"Modbus/Transmission":[129],"Control":[130],"Protocol":[131],"(TCP),":[132],"IEC":[133],"60870-5-104,":[134],"BACnet,":[135],"Message":[136],"Queuing":[137],"Telemetry":[138],"Transport":[139],"(MQTT)":[140],"EtherNet/IP.":[142],"Based":[143],"on":[144],"analysis,":[146],"dataset":[150],"honeypot":[153],"security":[154],"events.":[155],"Moreover,":[156],"paper":[158],"provides":[159],"Reinforcement":[161],"Learning":[162],"(RL)":[163],"method,":[164],"decides":[166],"about":[167],"number":[169],"be":[174],"deployed":[175],"an":[177],"environment":[179],"strategic":[182],"way.":[183],"particular,":[185],"decision":[187],"converted":[189],"into":[190],"Multi-Armed":[192],"Bandit":[193],"(MAB),":[194],"solved":[197],"with":[198],"Thompson":[200],"Sampling":[201],"(TS)":[202],"method.":[203,213],"evaluation":[205],"analysis":[206],"demonstrates":[207],"efficiency":[209],"proposed":[212]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2026-06-22T08:00:12.763002","created_date":"2025-10-10T00:00:00"}