{"id":"https://openalex.org/W4412082652","doi":"https://doi.org/10.1109/host64725.2025.11050053","title":"WaveSleuth: Retrospective PLC Memory for Anomaly Detection in Industrial Control Systems","display_name":"WaveSleuth: Retrospective PLC Memory for Anomaly Detection in Industrial Control Systems","publication_year":2025,"publication_date":"2025-05-05","ids":{"openalex":"https://openalex.org/W4412082652","doi":"https://doi.org/10.1109/host64725.2025.11050053"},"language":"en","primary_location":{"id":"doi:10.1109/host64725.2025.11050053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host64725.2025.11050053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057738039","display_name":"Nehal Ameen","orcid":null},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nehal Ameen","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,USA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,USA","institution_ids":["https://openalex.org/I184840846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034974487","display_name":"Ramyapandian Vijayakanthan","orcid":"https://orcid.org/0000-0003-0105-5647"},"institutions":[{"id":"https://openalex.org/I4322298","display_name":"Towson University","ror":"https://ror.org/044w7a341","country_code":"US","type":"education","lineage":["https://openalex.org/I4322298"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ramyapandian Vijayakanthan","raw_affiliation_strings":["Towson University,Department of Computer &#x0026; Information Sciences,USA"],"affiliations":[{"raw_affiliation_string":"Towson University,Department of Computer &#x0026; Information Sciences,USA","institution_ids":["https://openalex.org/I4322298"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057398935","display_name":"Adeen Ayub","orcid":"https://orcid.org/0000-0002-9623-5810"},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adeen Ayub","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,USA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,USA","institution_ids":["https://openalex.org/I184840846"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032852782","display_name":"Aisha Ali-Gombe","orcid":"https://orcid.org/0000-0002-2563-0557"},"institutions":[{"id":"https://openalex.org/I121820613","display_name":"Louisiana State University","ror":"https://ror.org/05ect4e57","country_code":"US","type":"education","lineage":["https://openalex.org/I121820613"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aisha Ali-Gombe","raw_affiliation_strings":["Louisiana State University,Computer Science and Engineering,USA"],"affiliations":[{"raw_affiliation_string":"Louisiana State University,Computer Science and Engineering,USA","institution_ids":["https://openalex.org/I121820613"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063509441","display_name":"Irfan Ahmed","orcid":"https://orcid.org/0000-0001-5648-388X"},"institutions":[{"id":"https://openalex.org/I184840846","display_name":"Virginia Commonwealth University","ror":"https://ror.org/02nkdxk79","country_code":"US","type":"education","lineage":["https://openalex.org/I184840846"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Irfan Ahmed","raw_affiliation_strings":["Virginia Commonwealth University,Department of Computer Science,USA"],"affiliations":[{"raw_affiliation_string":"Virginia Commonwealth University,Department of Computer Science,USA","institution_ids":["https://openalex.org/I184840846"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5057738039"],"corresponding_institution_ids":["https://openalex.org/I184840846"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.23052756,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"170","last_page":"181"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10876","display_name":"Fault Detection and Control Systems","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10876","display_name":"Fault Detection and Control Systems","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9811000227928162,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9516000151634216,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6849910616874695},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6199511289596558},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.5026066303253174},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.4922131597995758},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4753451347351074},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.17953184247016907},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.16400480270385742}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6849910616874695},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6199511289596558},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.5026066303253174},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.4922131597995758},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4753451347351074},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.17953184247016907},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.16400480270385742},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/host64725.2025.11050053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host64725.2025.11050053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3120251014"],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"WaveSleuth":[3,54,81,162,182,211,246],"for":[4],"industrial":[5,198],"control":[6,186,201],"systems":[7],"(ICS),":[8],"a":[9,58,72,83,125,140,164,202,213],"novel":[10],"intrusion":[11],"detection":[12],"system":[13],"(IDS)":[14],"that":[15,230],"leverages":[16],"the":[17,92,110,116,129,151,170,231],"volatile":[18,122],"memory":[19,70,86,123,132,160,174,224,236],"of":[20,109,142],"controller":[21],"devices,":[22],"transforming":[23],"it":[24,119],"into":[25,134],"audio":[26,89,97,135],"signals":[27,90],"to":[28,39,56,99,149,167,200,221],"detect":[29,57,100],"cyberattacks.":[30],"Attackers":[31],"target":[32],"programmable":[33],"logic":[34,187],"controllers":[35],"(PLCs)":[36],"in":[37,50,115,197],"ICS":[38],"sabotage":[40],"underlying":[41],"physical":[42],"processes;":[43],"their":[44,68],"attack":[45],"footprints":[46],"are":[47,63],"often":[48],"present":[49],"PLC":[51,84,126,195,223,235],"memory,":[52],"which":[53,217],"utilizes":[55],"compromised":[59],"PLC.":[60],"Since":[61],"PLCs":[62],"proprietary":[64],"and":[65,77,95,113,137,188,243,249],"heterogeneous,":[66],"analyzing":[67],"device":[69,85,189],"at":[71,91],"semantic":[73,107,219],"level":[74,94],"is":[75],"challenging":[76],"does":[78],"not":[79],"scale.":[80],"models":[82],"as":[87,239],"lossless":[88],"byte":[93],"deploys":[96],"fingerprinting":[98],"anomalies":[101],"with":[102,212],"high":[103],"confidence":[104],"without":[105],"requiring":[106],"knowledge":[108,220],"data":[111,133],"structures":[112],"firmware":[114,190,240],"memory.":[117],"Specifically,":[118],"periodically":[120],"extracts":[121,139],"from":[124],"device,":[127],"converts":[128],"acquired":[130,173],"raw":[131],"signals,":[136],"then":[138],"set":[141],"features":[143],"called":[144],"Mel-frequency":[145],"cepstral":[146],"coefficients":[147],"(MFCCs)":[148],"measure":[150],"dynamic":[152],"time":[153],"warping":[154],"(DTW)":[155],"distance":[156,165],"between":[157],"two":[158],"consecutive":[159],"snapshots.":[161],"uses":[163],"threshold":[166],"determine":[168],"whether":[169],"most":[171],"recently":[172],"snapshot":[175],"has":[176],"been":[177],"altered":[178],"unexpectedly.":[179],"We":[180,208],"evaluate":[181],"on":[183,192],"four":[184],"real-world":[185],"attacks":[191,232,252],"an":[193],"actual":[194],"used":[196],"settings":[199],"laboratory-scale,":[203],"fully":[204],"functional":[205],"four-floor":[206],"elevator.":[207],"also":[209],"benchmark":[210],"state-of-the-art":[214],"solution,":[215],"PEM,":[216],"requires":[218],"analyze":[222],"contents.":[225],"Our":[226],"evaluation":[227],"results":[228],"show":[229],"modify":[233],"different":[234],"regions,":[237],"such":[238],"jump":[241],"table":[242],"I/O":[244],"data;":[245],"outperforms":[247],"PEM":[248],"detects":[250],"all":[251],"successfully.":[253]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}