{"id":"https://openalex.org/W3129324828","doi":"https://doi.org/10.1109/icccn52240.2021.9522219","title":"Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis","display_name":"Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis","publication_year":2021,"publication_date":"2021-07-01","ids":{"openalex":"https://openalex.org/W3129324828","doi":"https://doi.org/10.1109/icccn52240.2021.9522219","mag":"3129324828"},"language":"en","primary_location":{"id":"doi:10.1109/icccn52240.2021.9522219","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn52240.2021.9522219","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2007.01114","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110545865","display_name":"G. Barbieri","orcid":"https://orcid.org/0009-0004-8543-0444"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Giovanni Barbieri","raw_affiliation_strings":["Department of Matemathics, University of Padua, Padua, Italy","University of Padua,Department of Matemathics,Padua,Italy"],"affiliations":[{"raw_affiliation_string":"Department of Matemathics, University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua,Department of Matemathics,Padua,Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063847107","display_name":"Mauro Conti","orcid":"https://orcid.org/0000-0002-3612-1934"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["Department of Matemathics, University of Padua, Padua, Italy","University of Padua,Department of Matemathics,Padua,Italy"],"affiliations":[{"raw_affiliation_string":"Department of Matemathics, University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua,Department of Matemathics,Padua,Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073540044","display_name":"Nils Ole Tippenhauer","orcid":"https://orcid.org/0000-0001-8424-2602"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nils Ole Tippenhauer","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany","CISPA Helmholtz Center for Information Security,Saarbr\u00fccken,Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security,Saarbr\u00fccken,Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5073358800","display_name":"Federico Turrin","orcid":"https://orcid.org/0000-0001-5660-2447"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Federico Turrin","raw_affiliation_strings":["Department of Matemathics, University of Padua, Padua, Italy","University of Padua,Department of Matemathics,Padua,Italy"],"affiliations":[{"raw_affiliation_string":"Department of Matemathics, University of Padua, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]},{"raw_affiliation_string":"University of Padua,Department of Matemathics,Padua,Italy","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5110545865"],"corresponding_institution_ids":["https://openalex.org/I138689650"],"apc_list":null,"apc_paid":null,"fwci":0.4779,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.64765727,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6970680952072144},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.663970947265625},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6011667251586914},{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.5230998992919922},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5042792558670044},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.4949900507926941},{"id":"https://openalex.org/keywords/traffic-shaping","display_name":"Traffic shaping","score":0.45307183265686035},{"id":"https://openalex.org/keywords/internet-traffic","display_name":"Internet traffic","score":0.438036173582077},{"id":"https://openalex.org/keywords/traffic-generation-model","display_name":"Traffic generation model","score":0.43698734045028687},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.43595123291015625},{"id":"https://openalex.org/keywords/internet-protocol","display_name":"Internet Protocol","score":0.41576775908470154},{"id":"https://openalex.org/keywords/network-traffic-control","display_name":"Network traffic control","score":0.20711523294448853},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.19992491602897644},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15098658204078674},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.1069478988647461}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6970680952072144},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.663970947265625},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6011667251586914},{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.5230998992919922},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5042792558670044},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.4949900507926941},{"id":"https://openalex.org/C46451311","wikidata":"https://www.wikidata.org/wiki/Q262550","display_name":"Traffic shaping","level":4,"score":0.45307183265686035},{"id":"https://openalex.org/C63969886","wikidata":"https://www.wikidata.org/wiki/Q3536440","display_name":"Internet traffic","level":3,"score":0.438036173582077},{"id":"https://openalex.org/C176715033","wikidata":"https://www.wikidata.org/wiki/Q2080768","display_name":"Traffic generation model","level":2,"score":0.43698734045028687},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.43595123291015625},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.41576775908470154},{"id":"https://openalex.org/C201100257","wikidata":"https://www.wikidata.org/wiki/Q393287","display_name":"Network traffic control","level":3,"score":0.20711523294448853},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.19992491602897644},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15098658204078674},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.1069478988647461},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":7,"locations":[{"id":"doi:10.1109/icccn52240.2021.9522219","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icccn52240.2021.9522219","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Computer Communications and Networks (ICCCN)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2007.01114","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2007.01114","pdf_url":"https://arxiv.org/pdf/2007.01114","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:3129324828","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/2007.01114.pdf","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:figshare.com:article/24613884","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Assessing_the_Use_of_Insecure_ICS_Protocols_via_IXP_Network_Traffic_Analysis/24613884","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.48550/arxiv.2007.01114","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2007.01114","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"doi:10.60882/cispa.24613884","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.24613884","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"},{"id":"doi:10.60882/cispa.24613884.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.24613884.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2007.01114","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2007.01114","pdf_url":"https://arxiv.org/pdf/2007.01114","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.4000000059604645,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2009429512","https://openalex.org/W2295108256","https://openalex.org/W2412811411","https://openalex.org/W2557884485","https://openalex.org/W2562876364","https://openalex.org/W2578943040","https://openalex.org/W2608113618","https://openalex.org/W2779139350","https://openalex.org/W2786245267","https://openalex.org/W2887434122","https://openalex.org/W2921920205","https://openalex.org/W2969402780","https://openalex.org/W2981959936","https://openalex.org/W3034480370","https://openalex.org/W3105915408","https://openalex.org/W3165888375","https://openalex.org/W3210282525","https://openalex.org/W6722594521","https://openalex.org/W6730584882","https://openalex.org/W6757653246"],"related_works":["https://openalex.org/W3198297486","https://openalex.org/W3039858569","https://openalex.org/W3139155658","https://openalex.org/W1615563185","https://openalex.org/W3111187927","https://openalex.org/W2087714154","https://openalex.org/W1590015132","https://openalex.org/W2288490641","https://openalex.org/W3100966310","https://openalex.org/W2084299023","https://openalex.org/W2407697225","https://openalex.org/W3185598625","https://openalex.org/W2536565196","https://openalex.org/W2133064421","https://openalex.org/W2960769290","https://openalex.org/W2781807624","https://openalex.org/W2120826046","https://openalex.org/W2159692262","https://openalex.org/W2522413441","https://openalex.org/W2184679130"],"abstract_inverted_index":{"Modern":[0],"Industrial":[1],"Control":[2],"Systems":[3],"(ICSs)":[4],"allow":[5,181],"remote":[6],"communication":[7,83],"through":[8],"the":[9,123,142,184,192,195],"Internet":[10,102,193],"using":[11],"industrial":[12,60,120,163,175,189],"protocols":[13,190],"that":[14,81,149,158,204],"were":[15],"not":[16,79,85,180],"designed":[17],"to":[18,28,114,129,182,222],"work":[19,32],"with":[20,95],"external":[21],"networks.":[22],"To":[23],"understand":[24,183],"security":[25,197],"issues":[26],"related":[27],"this":[29,89],"practice,":[30],"prior":[31],"usually":[33],"relies":[34],"on":[35,107,191,211],"active":[36,75],"scans":[37,47],"by":[38,74,141,171],"researchers":[39],"or":[40,70],"services":[41],"such":[42,46],"as":[43,161],"Shodan.":[44],"While":[45],"can":[48],"identify":[49,55,115],"publicly":[50],"open":[51],"ports,":[52],"they":[53],"cannot":[54],"legitimate":[56],"use":[57,186],"of":[58,137,156,168,187,206],"insecure":[59,82,188],"traffic.":[61,176],"In":[62],"particular,":[63],"source-based":[64],"filtering":[65],"in":[66,87,199],"Network":[67],"Address":[68],"Translation":[69],"Firewalls":[71],"prevent":[72],"detection":[73],"scanning,":[76],"but":[77],"do":[78],"ensure":[80],"is":[84,139],"manipulated":[86],"transit.In":[88],"work,":[90],"we":[91,126,159],"compare":[92],"Shodan-only":[93],"analysis":[94,98],"largescale":[96],"traffic":[97,121,138],"at":[99],"a":[100],"local":[101],"Exchange":[103],"Point":[104],"(IXP),":[105],"based":[106],"sFlow":[108],"sampling.":[109],"This":[110],"setup":[111],"allows":[112],"us":[113],"ICS":[116,200,207],"endpoints":[117],"actually":[118,173],"exchanging":[119,162],"over":[122],"Internet.":[124],"Besides,":[125],"are":[127],"able":[128],"detect":[130],"scanning":[131],"activities":[132],"and":[133,165,194],"what":[134],"other":[135],"type":[136],"exchanged":[140],"systems":[143,220],"(i.e.,":[144],"IT":[145],"traffic).":[146],"We":[147,202],"find":[148],"Shodan":[150,172,178],"only":[151,166],"listed":[152],"less":[153],"than":[154],"2%":[155],"hosts":[157,169,208],"identified":[160,170],"traffic,":[164],"7%":[167],"exchange":[174],"Therefore,":[177],"does":[179],"actual":[185],"current":[196],"practices":[198],"communications.":[201],"show":[203],"75.6%":[205],"still":[209],"rely":[210],"unencrypted":[212],"communications":[213],"without":[214],"integrity":[215],"protection,":[216],"leaving":[217],"those":[218],"critical":[219],"vulnerable":[221],"malicious":[223],"attacks.":[224]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2025-10-10T00:00:00"}