{"id":"https://openalex.org/W4387029074","doi":"https://doi.org/10.1109/jiot.2023.3318988","title":"Control Logic Attack Detection and Forensics Through Reverse-Engineering and Verifying PLC Control Applications","display_name":"Control Logic Attack Detection and Forensics Through Reverse-Engineering and Verifying PLC Control Applications","publication_year":2023,"publication_date":"2023-09-25","ids":{"openalex":"https://openalex.org/W4387029074","doi":"https://doi.org/10.1109/jiot.2023.3318988"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2023.3318988","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3318988","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063638481","display_name":"Yangyang Geng","orcid":"https://orcid.org/0000-0002-7639-3686"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yangyang Geng","raw_affiliation_strings":["Information Engineering University, Zhengzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-7639-3686","affiliations":[{"raw_affiliation_string":"Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101526139","display_name":"Xin Che","orcid":"https://orcid.org/0000-0002-5532-8287"},"institutions":[{"id":"https://openalex.org/I4391767838","display_name":"State Key Laboratory of Industrial Control Technology","ror":"https://ror.org/03a33a786","country_code":null,"type":"facility","lineage":["https://openalex.org/I4391767838","https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin Che","raw_affiliation_strings":["State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I4391767838"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056524306","display_name":"Rongkuan Ma","orcid":"https://orcid.org/0000-0002-4791-6847"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rongkuan Ma","raw_affiliation_strings":["Information Engineering University, Zhengzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-4791-6847","affiliations":[{"raw_affiliation_string":"Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011825909","display_name":"Qiang Wei","orcid":"https://orcid.org/0000-0003-4891-8657"},"institutions":[{"id":"https://openalex.org/I169689159","display_name":"PLA Information Engineering University","ror":"https://ror.org/00mm1qk40","country_code":"CN","type":"education","lineage":["https://openalex.org/I169689159"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiang Wei","raw_affiliation_strings":["Information Engineering University, Zhengzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4891-8657","affiliations":[{"raw_affiliation_string":"Information Engineering University, Zhengzhou, China","institution_ids":["https://openalex.org/I169689159"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083863847","display_name":"Mufeng Wang","orcid":"https://orcid.org/0000-0001-5706-8960"},"institutions":[{"id":"https://openalex.org/I4210118281","display_name":"National Earthquake Response Support Service","ror":"https://ror.org/02gzvm828","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210118281"]},{"id":"https://openalex.org/I4387152112","display_name":"China Industrial Control Systems Cyber Emergency Response Team","ror":"https://ror.org/010gf3m33","country_code":null,"type":"other","lineage":["https://openalex.org/I4387152112"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mufeng Wang","raw_affiliation_strings":["China Industrial Control Systems Cyber Emergency Response Team, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"China Industrial Control Systems Cyber Emergency Response Team, Beijing, China","institution_ids":["https://openalex.org/I4210118281","https://openalex.org/I4387152112"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100752256","display_name":"Yuqi Chen","orcid":"https://orcid.org/0000-0001-9769-1167"},"institutions":[{"id":"https://openalex.org/I30809798","display_name":"ShanghaiTech University","ror":"https://ror.org/030bhh786","country_code":"CN","type":"education","lineage":["https://openalex.org/I30809798"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuqi Chen","raw_affiliation_strings":["School of Information Science and Technology, ShanghaiTech University, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Information Science and Technology, ShanghaiTech University, Shanghai, China","institution_ids":["https://openalex.org/I30809798"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5063638481"],"corresponding_institution_ids":["https://openalex.org/I169689159"],"apc_list":null,"apc_paid":null,"fwci":0.852,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.79006568,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"11","issue":"5","first_page":"8386","last_page":"8400"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7901804447174072},{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.6682716608047485},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5932360291481018},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5663895606994629},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.5315209627151489},{"id":"https://openalex.org/keywords/control-logic","display_name":"Control logic","score":0.4756578803062439},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4705890715122223},{"id":"https://openalex.org/keywords/control-system","display_name":"Control system","score":0.4368036389350891},{"id":"https://openalex.org/keywords/ladder-logic","display_name":"Ladder logic","score":0.4244774580001831},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3658110499382019},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3328337073326111},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20422840118408203},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14644524455070496},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.10672792792320251}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7901804447174072},{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.6682716608047485},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5932360291481018},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5663895606994629},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.5315209627151489},{"id":"https://openalex.org/C2776350369","wikidata":"https://www.wikidata.org/wiki/Q843479","display_name":"Control logic","level":2,"score":0.4756578803062439},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4705890715122223},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.4368036389350891},{"id":"https://openalex.org/C44986683","wikidata":"https://www.wikidata.org/wiki/Q1411875","display_name":"Ladder logic","level":3,"score":0.4244774580001831},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3658110499382019},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3328337073326111},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20422840118408203},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14644524455070496},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.10672792792320251},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2023.3318988","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3318988","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.6000000238418579}],"awards":[{"id":"https://openalex.org/G5065734402","display_name":null,"funder_award_id":"61833015","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5884828426","display_name":null,"funder_award_id":"2020YFB2010900","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W2002578057","https://openalex.org/W2039427951","https://openalex.org/W2049695835","https://openalex.org/W2068693276","https://openalex.org/W2140839850","https://openalex.org/W2490506697","https://openalex.org/W2594635183","https://openalex.org/W2613978545","https://openalex.org/W2614176030","https://openalex.org/W2742236820","https://openalex.org/W2791587036","https://openalex.org/W2890126253","https://openalex.org/W2892772309","https://openalex.org/W2905044737","https://openalex.org/W2930135659","https://openalex.org/W2945937333","https://openalex.org/W2948592548","https://openalex.org/W2952754944","https://openalex.org/W2962808527","https://openalex.org/W2971297766","https://openalex.org/W3013638858","https://openalex.org/W3036981874","https://openalex.org/W3107123323","https://openalex.org/W4220764088","https://openalex.org/W4256497308","https://openalex.org/W4292971819","https://openalex.org/W4385679677","https://openalex.org/W6606141063","https://openalex.org/W6640497962","https://openalex.org/W6765763219"],"related_works":["https://openalex.org/W2120722979","https://openalex.org/W2183772682","https://openalex.org/W2106496413","https://openalex.org/W2394472197","https://openalex.org/W1527893442","https://openalex.org/W3203500078","https://openalex.org/W4206484832","https://openalex.org/W99842341","https://openalex.org/W2594635183","https://openalex.org/W2615384553"],"abstract_inverted_index":{"Industrial":[0],"control":[1,25,67,82,92,108,116,126,134,150,155,161,187,201,211],"systems":[2],"(ICSs)":[3],"are":[4,17],"prevalent":[5],"in":[6,56,98,167,203],"critical":[7],"infrastructures,":[8],"where":[9],"programmable":[10],"logic":[11,26,68,83,93,188],"controllers":[12],"(PLCs)":[13],"and":[14,43,64,80,86,96,136,141,157,172,207,223],"physical":[15],"instruments":[16],"integrated.":[18],"However,":[19],"multiple":[20],"successful":[21],"attacks":[22,69,222],"against":[23],"PLC":[24,114,120,149],"programs":[27],"have":[28,53],"caused":[29],"significant":[30],"damage":[31],"to":[32,37,90,112,131],"ICSs,":[33],"which":[34],"has":[35],"led":[36],"an":[38,138],"urgent":[39],"need":[40],"for":[41,144],"detection":[42,85,95,140],"forensics":[44,87,97,142],"of":[45,60,103,148,184],"such":[46],"attacks.":[47,189],"Although":[48],"several":[49],"off-the-shelf":[50],"defending":[51],"mechanisms":[52],"been":[54],"presented":[55],"the":[57,66,101,146,153,159,198,221,225],"past,":[58],"few":[59],"them":[61],"can":[62,195,218],"detect":[63,220],"locate":[65,224],"at":[70],"run":[71],"time.":[72],"In":[73],"this":[74],"article,":[75],"we":[76,180],"propose":[77],"a":[78,107,125],"practical":[79],"automatic":[81],"attack":[84,94,139],"framework":[88],"(CLADF)":[89],"conduct":[91],"ICSs.":[99],"Specifically,":[100],"core":[102],"CLADF":[104,166,194,217],"includes:":[105],"1)":[106],"application":[109,127,170,202,205],"extraction":[110],"module":[111,130,143],"extract":[113,197],"binary":[115,133,200,210],"applications":[117,212],"by":[118],"simulating":[119],"normal":[121,154],"upload":[122],"functionality;":[123],"2)":[124],"reverse":[128],"engineering":[129],"disassemble":[132,208],"applications;":[135],"3)":[137],"verifying":[145],"integrity":[147],"applications,":[151],"recovering":[152],"application,":[156],"locating":[158],"modified":[160,226],"instructions.":[162,215],"We":[163],"extensively":[164],"evaluated":[165],"five":[168],"different":[169,204],"scenarios":[171,206],"two":[173],"real-world":[174],"Schneider":[175],"PLCs.":[176],"For":[177],"each":[178],"PLC,":[179],"generated":[181],"three":[182],"types":[183],"150":[185],"mutated":[186],"The":[190],"results":[191],"demonstrate":[192],"that":[193],"effectively":[196],"run-time":[199],"these":[209],"into":[213],"assembly":[214],"Moreover,":[216],"accurately":[219],"subroutines.":[227]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}