{"id":"https://openalex.org/W4399381491","doi":"https://doi.org/10.1109/host55342.2024.10545392","title":"Charlie, Charlie, Charlie on Industrial Control Systems: PLC Control Logic Attacks by Design, Not by Chance","display_name":"Charlie, Charlie, Charlie on Industrial Control Systems: PLC Control Logic Attacks by Design, Not by Chance","publication_year":2024,"publication_date":"2024-05-06","ids":{"openalex":"https://openalex.org/W4399381491","doi":"https://doi.org/10.1109/host55342.2024.10545392"},"language":"en","primary_location":{"id":"doi:10.1109/host55342.2024.10545392","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55342.2024.10545392","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057398935","display_name":"Adeen Ayub","orcid":"https://orcid.org/0000-0002-9623-5810"},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Adeen Ayub","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,Richmond,VA","Department of Computer Science, Virginia Commonwealth University, Richmond, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,Richmond,VA","institution_ids":["https://openalex.org/I184840846"]},{"raw_affiliation_string":"Department of Computer Science, Virginia Commonwealth University, Richmond, VA","institution_ids":["https://openalex.org/I184840846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047917288","display_name":"Wooyeon Jo","orcid":"https://orcid.org/0000-0002-6595-0117"},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wooyeon Jo","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,Richmond,VA","Department of Computer Science, Virginia Commonwealth University, Richmond, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,Richmond,VA","institution_ids":["https://openalex.org/I184840846"]},{"raw_affiliation_string":"Department of Computer Science, Virginia Commonwealth University, Richmond, VA","institution_ids":["https://openalex.org/I184840846"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063509441","display_name":"Irfan Ahmed","orcid":"https://orcid.org/0000-0001-5648-388X"},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Irfan Ahmed","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,Richmond,VA","Department of Computer Science, Virginia Commonwealth University, Richmond, VA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,Richmond,VA","institution_ids":["https://openalex.org/I184840846"]},{"raw_affiliation_string":"Department of Computer Science, Virginia Commonwealth University, Richmond, VA","institution_ids":["https://openalex.org/I184840846"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5057398935"],"corresponding_institution_ids":["https://openalex.org/I184840846"],"apc_list":null,"apc_paid":null,"fwci":1.1124,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.75734983,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"182","last_page":"193"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.7370152473449707},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6833881139755249},{"id":"https://openalex.org/keywords/control-logic","display_name":"Control logic","score":0.5890175104141235},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5587965846061707},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.5388720631599426},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.49151811003685},{"id":"https://openalex.org/keywords/programmable-logic-device","display_name":"Programmable logic device","score":0.4751672148704529},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.4641517400741577},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.4405364990234375},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.38518449664115906},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.31621357798576355},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2987954020500183},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.2660744786262512},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.253900408744812}],"concepts":[{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.7370152473449707},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6833881139755249},{"id":"https://openalex.org/C2776350369","wikidata":"https://www.wikidata.org/wiki/Q843479","display_name":"Control logic","level":2,"score":0.5890175104141235},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5587965846061707},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.5388720631599426},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.49151811003685},{"id":"https://openalex.org/C206274596","wikidata":"https://www.wikidata.org/wiki/Q1063837","display_name":"Programmable logic device","level":2,"score":0.4751672148704529},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.4641517400741577},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.4405364990234375},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.38518449664115906},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.31621357798576355},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2987954020500183},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.2660744786262512},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.253900408744812},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/host55342.2024.10545392","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55342.2024.10545392","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1751168927","display_name":null,"funder_award_id":"17STCIN00001-05-00","funder_id":"https://openalex.org/F4320338279","funder_display_name":"Air Force Office of Scientific Research"}],"funders":[{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":74,"referenced_works":["https://openalex.org/W152620456","https://openalex.org/W1500851093","https://openalex.org/W1594536929","https://openalex.org/W1797288984","https://openalex.org/W1975554273","https://openalex.org/W2002578057","https://openalex.org/W2015655574","https://openalex.org/W2019553608","https://openalex.org/W2039427951","https://openalex.org/W2068693276","https://openalex.org/W2070813941","https://openalex.org/W2116065364","https://openalex.org/W2121035740","https://openalex.org/W2123845384","https://openalex.org/W2146232384","https://openalex.org/W2159936918","https://openalex.org/W2162800072","https://openalex.org/W2171600224","https://openalex.org/W2184570813","https://openalex.org/W2350778671","https://openalex.org/W2521150000","https://openalex.org/W2561791320","https://openalex.org/W2570205435","https://openalex.org/W2579367737","https://openalex.org/W2594635183","https://openalex.org/W2613412685","https://openalex.org/W2613654158","https://openalex.org/W2765773944","https://openalex.org/W2771494169","https://openalex.org/W2791587036","https://openalex.org/W2890126253","https://openalex.org/W2890195198","https://openalex.org/W2895346253","https://openalex.org/W2905044737","https://openalex.org/W2945937333","https://openalex.org/W2946606376","https://openalex.org/W2948592548","https://openalex.org/W2952754944","https://openalex.org/W2962808527","https://openalex.org/W2971297766","https://openalex.org/W2977408792","https://openalex.org/W3009587295","https://openalex.org/W3036981874","https://openalex.org/W3092287343","https://openalex.org/W3108707471","https://openalex.org/W3171138449","https://openalex.org/W3173257008","https://openalex.org/W3177650213","https://openalex.org/W3178062611","https://openalex.org/W3200028754","https://openalex.org/W3212521566","https://openalex.org/W4206484832","https://openalex.org/W4213419689","https://openalex.org/W4220890144","https://openalex.org/W4221103416","https://openalex.org/W4249709304","https://openalex.org/W4292002670","https://openalex.org/W4292971819","https://openalex.org/W4292973360","https://openalex.org/W4308318535","https://openalex.org/W4312908360","https://openalex.org/W4327939593","https://openalex.org/W4377710638","https://openalex.org/W4378191980","https://openalex.org/W4383498518","https://openalex.org/W4385412380","https://openalex.org/W4391408648","https://openalex.org/W4401148983","https://openalex.org/W6606141063","https://openalex.org/W6681652963","https://openalex.org/W6724752663","https://openalex.org/W6730803111","https://openalex.org/W6850899880","https://openalex.org/W7005058424"],"related_works":["https://openalex.org/W2794067684","https://openalex.org/W2966748955","https://openalex.org/W2009190171","https://openalex.org/W2183772682","https://openalex.org/W3203500078","https://openalex.org/W4206484832","https://openalex.org/W2041879832","https://openalex.org/W4391319798","https://openalex.org/W2477634289","https://openalex.org/W2536325749"],"abstract_inverted_index":{"Programmable":[0],"logic":[1,12,33,116,150,169,240,290],"controllers":[2],"(PLCs)":[3],"in":[4,20,61,96,176,180,222,283],"industrial":[5],"control":[6,11,17,32,52,115,149,168,239,289],"systems":[7,44],"(ICS)":[8],"run":[9],"a":[10,62,87,104,113,143,181,203,245,280],"program":[13],"to":[14,35,49,99,124,193,213,229,233,244,279,288],"monitor":[15],"and":[16,26,66,81,85,138,173,241,254,265,273],"critical":[18],"infrastructures":[19],"real-time,":[21],"such":[22,77],"as":[23,78,117,142,196],"nuclear":[24],"plants":[25],"power":[27],"grids.":[28],"Attackers":[29],"target":[30],"PLC":[31,88,293],"remotely":[34],"sabotage":[36],"or":[37,159],"disrupt":[38],"physical":[39],"processes.":[40],"Network":[41],"intrusion":[42,284],"detection":[43,285],"(IDS)":[45],"are":[46,68,263],"increasingly":[47],"used":[48],"detect":[50],"malicious":[51,109,210],"logic.":[53],"This":[54,276],"paper":[55],"demonstrates":[56],"that":[57,147,260,286],"standard":[58,270],"IDS":[59,101,268],"features":[60],"protocol":[63],"message":[64,271],"header":[65,272],"payload":[67,155,219,274],"not":[69],"resilient":[70],"for":[71,102],"detecting":[72],"(control":[73],"logic)":[74],"binary":[75],"programs,":[76],"entropy,":[79],"n-gram,":[80],"decompilation.":[82],"It":[83],"identifies":[84],"utilizes":[86],"design":[89,294],"feature,":[90],"redundant":[91],"address":[92],"pins":[93],"(RAP),":[94],"unexplored":[95],"the":[97,167,185,188,191,207,218,226],"literature,":[98],"bypass":[100,214],"injecting":[103],"small":[105,171],"piece":[106],"of":[107,145,190],"programmable":[108],"code":[110,211],"(PMC)":[111],"into":[112,170],"PLC's":[114,246],"an":[118],"initial":[119],"attack":[120,134,165,201,237],"vector,":[121],"allowing":[122],"it":[123,243],"execute":[125,194],"with":[126,151,187],"every":[127],"scan":[128],"cycle.":[129],"We":[130],"propose":[131],"three":[132],"unique":[133],"methods":[135],"(GizmoSplit,":[136],"BuffWarp,":[137],"EnigmaFlow)":[139],"using":[140],"PMC":[141,183,252],"proof":[144],"concept":[146],"blends":[148],"network":[152],"traffic":[153],"via":[154],"encoding,":[156],"small-size":[157,204],"payloads,":[158],"sparse":[160],"memory":[161,178,231,249],"addressing.":[162],"The":[163,199,235,256],"GizmoSplit":[164],"divides":[166],"gadgets":[172,192],"writes":[174,209],"them":[175,195],"random":[177],"locations":[179,232],"PLC;":[182],"modifies":[184],"stack":[186],"location":[189],"return-oriented":[197],"programming.":[198],"BuffWarp":[200],"employs":[202],"buffer":[205,227],"where":[206],"attacker":[208],"periodically":[212],"stateful":[215],"inspection":[216],"at":[217],"level;":[220],"PMC,":[221],"turn,":[223],"keeps":[224],"moving":[225],"content":[228],"consecutive":[230],"execute.":[234],"EnigmaFlow":[236],"encodes":[238],"sends":[242],"typically":[247],"unused":[248],"region,":[250],"which":[251],"decodes":[253],"executes.":[255],"evaluation":[257],"results":[258],"indicate":[259],"these":[261],"attacks":[262,291],"stealthy":[264],"can":[266],"subvert":[267],"utilizing":[269],"features.":[275,295],"work":[277],"points":[278],"research":[281],"gap":[282],"caters":[287],"exploiting":[292]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-03-05T09:29:38.588285","created_date":"2025-10-10T00:00:00"}