{"id":"https://openalex.org/W4205935849","doi":"https://doi.org/10.1109/jiot.2021.3138534","title":"CapBad: Content-Agnostic, Payload-Based Anomaly Detector for Industrial Control Protocols","display_name":"CapBad: Content-Agnostic, Payload-Based Anomaly Detector for Industrial Control Protocols","publication_year":2021,"publication_date":"2021-12-27","ids":{"openalex":"https://openalex.org/W4205935849","doi":"https://doi.org/10.1109/jiot.2021.3138534"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2021.3138534","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2021.3138534","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100743430","display_name":"Jun Cai","orcid":"https://orcid.org/0000-0003-1695-483X"},"institutions":[{"id":"https://openalex.org/I4210122543","display_name":"Guangdong Polytechnic Normal University","ror":"https://ror.org/02pcb5m77","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210122543"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jun Cai","raw_affiliation_strings":["School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-1695-483X","affiliations":[{"raw_affiliation_string":"School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China","institution_ids":["https://openalex.org/I4210122543"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083355417","display_name":"Qi Wang","orcid":"https://orcid.org/0000-0002-6792-887X"},"institutions":[{"id":"https://openalex.org/I4210122543","display_name":"Guangdong Polytechnic Normal University","ror":"https://ror.org/02pcb5m77","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210122543"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Wang","raw_affiliation_strings":["School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China","institution_ids":["https://openalex.org/I4210122543"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017488654","display_name":"Jianzhen Luo","orcid":"https://orcid.org/0000-0002-5123-1306"},"institutions":[{"id":"https://openalex.org/I4210122543","display_name":"Guangdong Polytechnic Normal University","ror":"https://ror.org/02pcb5m77","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210122543"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianzhen Luo","raw_affiliation_strings":["School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-5123-1306","affiliations":[{"raw_affiliation_string":"School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China","institution_ids":["https://openalex.org/I4210122543"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100351112","display_name":"Yan Liu","orcid":"https://orcid.org/0000-0002-8257-2701"},"institutions":[{"id":"https://openalex.org/I4210122543","display_name":"Guangdong Polytechnic Normal University","ror":"https://ror.org/02pcb5m77","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210122543"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yan Liu","raw_affiliation_strings":["School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8257-2701","affiliations":[{"raw_affiliation_string":"School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China","institution_ids":["https://openalex.org/I4210122543"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028875300","display_name":"Liping Liao","orcid":"https://orcid.org/0000-0002-1188-3123"},"institutions":[{"id":"https://openalex.org/I4210122543","display_name":"Guangdong Polytechnic Normal University","ror":"https://ror.org/02pcb5m77","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210122543"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Liping Liao","raw_affiliation_strings":["School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-1188-3123","affiliations":[{"raw_affiliation_string":"School of Cyber Security, Guangdong Polytechnic Normal University, Guangzhou, China","institution_ids":["https://openalex.org/I4210122543"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100743430"],"corresponding_institution_ids":["https://openalex.org/I4210122543"],"apc_list":null,"apc_paid":null,"fwci":3.2026,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.92157514,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"9","issue":"14","first_page":"12542","last_page":"12554"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8495322465896606},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.8420439958572388},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.7383264899253845},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.673520565032959},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6118637919425964},{"id":"https://openalex.org/keywords/application-layer","display_name":"Application layer","score":0.49159225821495056},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4811026453971863},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.361183226108551},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3374615013599396}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8495322465896606},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.8420439958572388},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.7383264899253845},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.673520565032959},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6118637919425964},{"id":"https://openalex.org/C190793597","wikidata":"https://www.wikidata.org/wiki/Q189768","display_name":"Application layer","level":3,"score":0.49159225821495056},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4811026453971863},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.361183226108551},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3374615013599396},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2021.3138534","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2021.3138534","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5799999833106995,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G1322029584","display_name":null,"funder_award_id":"2018YFB1802200","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G1441881227","display_name":null,"funder_award_id":"62002072","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1497426858","display_name":null,"funder_award_id":"61702120","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3448235815","display_name":null,"funder_award_id":"61902080","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3471170100","display_name":null,"funder_award_id":"2019YFB1804403","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G5475629975","display_name":null,"funder_award_id":"61972104","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8687575384","display_name":null,"funder_award_id":"201803010081","funder_id":"https://openalex.org/F4320335480","funder_display_name":"Guangzhou Municipal Science and Technology Project"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335480","display_name":"Guangzhou Municipal Science and Technology Project","ror":null},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W1544418565","https://openalex.org/W1989226853","https://openalex.org/W1990005915","https://openalex.org/W1994920552","https://openalex.org/W2012005986","https://openalex.org/W2076618452","https://openalex.org/W2125838338","https://openalex.org/W2146162567","https://openalex.org/W2153331007","https://openalex.org/W2562173243","https://openalex.org/W2599557761","https://openalex.org/W2610875203","https://openalex.org/W2622127425","https://openalex.org/W2741271559","https://openalex.org/W2753352458","https://openalex.org/W2770072680","https://openalex.org/W2807918604","https://openalex.org/W2810960184","https://openalex.org/W2832952926","https://openalex.org/W2838525302","https://openalex.org/W2883514760","https://openalex.org/W2906714766","https://openalex.org/W2910314742","https://openalex.org/W2914048830","https://openalex.org/W2971492421","https://openalex.org/W2984531741","https://openalex.org/W3003685271","https://openalex.org/W3008825431","https://openalex.org/W3026902724","https://openalex.org/W3029939296","https://openalex.org/W4237377395","https://openalex.org/W4243983989","https://openalex.org/W6722594521"],"related_works":["https://openalex.org/W1535080110","https://openalex.org/W306312984","https://openalex.org/W857189463","https://openalex.org/W4288094128","https://openalex.org/W2979675132","https://openalex.org/W2790520092","https://openalex.org/W4306309337","https://openalex.org/W2312786236","https://openalex.org/W3160314615","https://openalex.org/W2116106897"],"abstract_inverted_index":{"Efficient":[0],"anomaly":[1,43],"detection":[2,24],"methods":[3],"are":[4,88,121],"urgently":[5],"needed":[6],"to":[7,50,71,108,114],"prevent":[8],"attacks":[9],"in":[10,29,54,154,158],"the":[11,15,35,46,55,59,73,81,93,98,102,110,115,132,144,148,159],"application":[12,56,160],"layer":[13,57],"of":[14,18,58,131],"Industrial":[16],"Internet":[17],"Things":[19],"(IIoT).":[20],"The":[21,85,118,136],"existing":[22],"intrusion":[23],"systems":[25],"have":[26],"certain":[27],"limitations":[28],"detecting":[30,155],"abnormal":[31,119,156],"packets":[32,53,77,120,157],"exploited":[33],"by":[34,97,124,141],"application-layer":[36],"attacks.":[37],"In":[38,100],"this":[39],"article,":[40],"a":[41,63],"content-agnostic-payload-based":[42],"detector":[44],"named":[45],"CapBad":[47,149],"is":[48,69,106,139],"proposed":[49,137],"detect":[51],"malicious":[52],"IIoT":[60],"system.":[61],"Specifically,":[62],"phase-aware":[64],"hidden":[65],"semi-Markov":[66],"model":[67,72],"(pHSMM)":[68],"used":[70],"industrial":[74],"control":[75],"protocol":[76],"and":[78,143],"automatically":[79],"learn":[80],"packets\u2019":[82,111],"payload":[83],"characteristics.":[84],"packet":[86,94],"types":[87],"then":[89],"inferred":[90],"based":[91],"on":[92],"likelihoods":[95],"obtained":[96],"pHSMM.":[99],"addition,":[101],"probabilistic":[103],"suffix":[104],"tree":[105],"employed":[107],"analyze":[109],"contextual":[112,127],"similarity":[113,128],"historical":[116,133],"packets.":[117,135],"finally":[122],"detected":[123],"comparing":[125],"their":[126],"with":[129],"that":[130,147],"normal":[134],"algorithm":[138],"verified":[140],"simulations,":[142],"results":[145],"show":[146],"has":[150],"an":[151],"excellent":[152],"performance":[153],"layer.":[161]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":11}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}