{"id":"https://openalex.org/W4283219743","doi":"https://doi.org/10.1109/infocom48880.2022.9796697","title":"CoToRu: Automatic Generation of Network Intrusion Detection Rules from Code","display_name":"CoToRu: Automatic Generation of Network Intrusion Detection Rules from Code","publication_year":2022,"publication_date":"2022-05-02","ids":{"openalex":"https://openalex.org/W4283219743","doi":"https://doi.org/10.1109/infocom48880.2022.9796697"},"language":"en","primary_location":{"id":"doi:10.1109/infocom48880.2022.9796697","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom48880.2022.9796697","pdf_url":null,"source":{"id":"https://openalex.org/S4363607980","display_name":"IEEE INFOCOM 2022 - IEEE Conference on Computer Communications","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2022 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008404882","display_name":"Heng Chuan Tan","orcid":"https://orcid.org/0000-0002-1780-4078"},"institutions":[{"id":"https://openalex.org/I4210108443","display_name":"Advanced Digital Sciences Center","ror":"https://ror.org/01xaqx887","country_code":"SG","type":"facility","lineage":["https://openalex.org/I4210108443"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Heng Chuan Tan","raw_affiliation_strings":["Advanced Digital Sciences Center,Singapore","Advanced Digital Sciences Center, Singapore"],"affiliations":[{"raw_affiliation_string":"Advanced Digital Sciences Center,Singapore","institution_ids":["https://openalex.org/I4210108443"]},{"raw_affiliation_string":"Advanced Digital Sciences Center, Singapore","institution_ids":["https://openalex.org/I4210108443"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016592996","display_name":"Carmen Cheh","orcid":"https://orcid.org/0000-0002-8510-7274"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Carmen Cheh","raw_affiliation_strings":["Singapore University of Technology and Design,Singapore","Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design,Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100687673","display_name":"Binbin Chen","orcid":"https://orcid.org/0000-0002-9584-0082"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]},{"id":"https://openalex.org/I4210108443","display_name":"Advanced Digital Sciences Center","ror":"https://ror.org/01xaqx887","country_code":"SG","type":"facility","lineage":["https://openalex.org/I4210108443"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Binbin Chen","raw_affiliation_strings":["Advanced Digital Sciences Center,Singapore","Advanced Digital Sciences Center, Singapore","Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Advanced Digital Sciences Center,Singapore","institution_ids":["https://openalex.org/I4210108443"]},{"raw_affiliation_string":"Advanced Digital Sciences Center, Singapore","institution_ids":["https://openalex.org/I4210108443"]},{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5008404882"],"corresponding_institution_ids":["https://openalex.org/I4210108443"],"apc_list":null,"apc_paid":null,"fwci":1.938,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.86471158,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"720","last_page":"729"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8188735246658325},{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.6144355535507202},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5862492322921753},{"id":"https://openalex.org/keywords/toolchain","display_name":"Toolchain","score":0.5796927213668823},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4830056428909302},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.4329332113265991},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.41749319434165955},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.273544043302536},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2668747901916504},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2230987548828125},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21025848388671875},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.14240148663520813}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8188735246658325},{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.6144355535507202},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5862492322921753},{"id":"https://openalex.org/C2777062904","wikidata":"https://www.wikidata.org/wiki/Q545406","display_name":"Toolchain","level":3,"score":0.5796927213668823},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4830056428909302},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.4329332113265991},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.41749319434165955},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.273544043302536},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2668747901916504},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2230987548828125},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21025848388671875},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.14240148663520813}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infocom48880.2022.9796697","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom48880.2022.9796697","pdf_url":null,"source":{"id":"https://openalex.org/S4363607980","display_name":"IEEE INFOCOM 2022 - IEEE Conference on Computer Communications","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2022 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320671","display_name":"National Research Foundation","ror":"https://ror.org/05s0g1g46"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W182707955","https://openalex.org/W1516506771","https://openalex.org/W1720848645","https://openalex.org/W1991376999","https://openalex.org/W1997146051","https://openalex.org/W2002578057","https://openalex.org/W2024094925","https://openalex.org/W2052631265","https://openalex.org/W2068693276","https://openalex.org/W2321407374","https://openalex.org/W2344429718","https://openalex.org/W2512362618","https://openalex.org/W2567728531","https://openalex.org/W2594635183","https://openalex.org/W2608911009","https://openalex.org/W2611698539","https://openalex.org/W2613412685","https://openalex.org/W2617246254","https://openalex.org/W2782500360","https://openalex.org/W2783069543","https://openalex.org/W2803355698","https://openalex.org/W2805774329","https://openalex.org/W2887195793","https://openalex.org/W2896487165","https://openalex.org/W2897104255","https://openalex.org/W2908132907","https://openalex.org/W2908174900","https://openalex.org/W2930135659","https://openalex.org/W2940888709","https://openalex.org/W2947820052","https://openalex.org/W2963723316","https://openalex.org/W2982140757","https://openalex.org/W2991644437","https://openalex.org/W3007808067","https://openalex.org/W3017165746","https://openalex.org/W3017341171","https://openalex.org/W3103553961","https://openalex.org/W4200523731","https://openalex.org/W4236839279","https://openalex.org/W6649490552","https://openalex.org/W6725988714","https://openalex.org/W6734670938","https://openalex.org/W6739180335","https://openalex.org/W6751093677","https://openalex.org/W6754955308","https://openalex.org/W6775819428"],"related_works":["https://openalex.org/W2013037783","https://openalex.org/W2909413202","https://openalex.org/W1999008563","https://openalex.org/W4385243142","https://openalex.org/W2561644314","https://openalex.org/W2794118724","https://openalex.org/W2912135124","https://openalex.org/W4206450104","https://openalex.org/W2883257033","https://openalex.org/W3116973444"],"abstract_inverted_index":{"Programmable":[0],"Logic":[1],"Controllers":[2],"(PLCs)":[3],"are":[4,14],"the":[5,44,103,132],"brains":[6],"of":[7,89,112],"Industrial":[8],"Control":[9],"Systems":[10],"(ICSes),":[11],"and":[12,65,135,170,190],"thus,":[13],"often":[15],"targeted":[16],"by":[17],"attackers.":[18],"While":[19],"many":[20],"intrusion":[21],"detection":[22,201],"systems":[23],"(IDSes)":[24],"have":[25],"been":[26],"adapted":[27],"to":[28,43,51,56,86,106,124,158,165,180],"monitor":[29],"ICS,":[30],"they":[31],"cannot":[32],"detect":[33,159],"malicious":[34],"network":[35,45,77],"packets":[36],"from":[37,76],"a":[38,58,72,87,98,109,126,137,166],"compromised":[39],"PLC":[40,122,147,206],"that":[41,80,100,120,139,172],"con-form":[42],"protocol.":[46],"A":[47],"domain":[48],"expert":[49],"needs":[50],"manually":[52],"construct":[53],"IDS":[54,113,141,157],"rules":[55,142,151,175,198],"model":[57,75,81],"PLC\u2019s":[59,73,104,133],"behavior.":[60,148],"That":[61],"approach":[62],"is":[63],"time-consuming":[64],"error-prone.":[66],"Alternatively,":[67],"machine":[68,191],"learning":[69],"can":[70,152],"infer":[71],"behavior":[74],"traces,":[78],"but":[79],"may":[82],"be":[83,153],"inaccurate":[84],"due":[85],"lack":[88],"high-quality":[90],"training":[91],"data.":[92],"This":[93],"paper":[94],"presents":[95],"CoToRu":[96,115,164],"-":[97],"toolchain":[99],"takes":[101],"in":[102,146],"code":[105,123],"automatically":[107],"generate":[108],"comprehensive":[110],"set":[111],"rules.":[114],"comprises":[116],"(1)":[117],"an":[118],"analyzer":[119],"parses":[121],"build":[125],"state":[127],"transition":[128],"table":[129],"for":[130,143,204],"modeling":[131],"behavior,":[134],"(2)":[136],"generator":[138],"instantiates":[140],"detecting":[144],"deviations":[145],"The":[149],"generated":[150,174,197],"imported":[154],"into":[155],"Zeek":[156],"various":[160],"attacks.":[161],"We":[162],"apply":[163],"power":[167],"grid":[168],"testbed":[169],"show":[171],"our":[173],"provide":[176,199],"superior":[177],"performance":[178],"compared":[179],"existing":[181],"IDSes,":[182],"including":[183],"those":[184],"based":[185],"on":[186],"statistical":[187],"analysis,":[188],"invariant-checking,":[189],"learning.":[192],"Our":[193],"prototype":[194],"with":[195],"CoToRu\u2019s":[196],"sub-millisecond":[200],"latency,":[202],"even":[203],"complex":[205],"logic.":[207]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}