{"id":"https://openalex.org/W4386108466","doi":"https://doi.org/10.1109/jsyst.2023.3303361","title":"Extracting Novel Attack Strategies for Industrial Cyber-Physical Systems Based on Cyber Range","display_name":"Extracting Novel Attack Strategies for Industrial Cyber-Physical Systems Based on Cyber Range","publication_year":2023,"publication_date":"2023-08-23","ids":{"openalex":"https://openalex.org/W4386108466","doi":"https://doi.org/10.1109/jsyst.2023.3303361"},"language":"en","primary_location":{"id":"doi:10.1109/jsyst.2023.3303361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jsyst.2023.3303361","pdf_url":null,"source":{"id":"https://openalex.org/S95999327","display_name":"IEEE Systems Journal","issn_l":"1932-8184","issn":["1932-8184","1937-9234","2373-7816"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Systems Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027271229","display_name":"Songxuan Wei","orcid":"https://orcid.org/0009-0003-4114-1643"},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Songxuan Wei","raw_affiliation_strings":["Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen, China","Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"Shenzhen Institute for Advanced Study, University of Electronic Science and Technology of China, Shenzhen, China","institution_ids":[]},{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101605746","display_name":"Yan Jia","orcid":"https://orcid.org/0000-0002-1233-1507"},"institutions":[{"id":"https://openalex.org/I158809036","display_name":"Shenzhen Institute of Information Technology","ror":"https://ror.org/03wrf9427","country_code":"CN","type":"education","lineage":["https://openalex.org/I158809036"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yan Jia","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, China","Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, China","institution_ids":["https://openalex.org/I158809036","https://openalex.org/I204983213"]},{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070856186","display_name":"Zhaoquan Gu","orcid":"https://orcid.org/0000-0001-7546-852X"},"institutions":[{"id":"https://openalex.org/I158809036","display_name":"Shenzhen Institute of Information Technology","ror":"https://ror.org/03wrf9427","country_code":"CN","type":"education","lineage":["https://openalex.org/I158809036"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhaoquan Gu","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, China","Department of New Networks, Peng Cheng Laboratory, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, China","institution_ids":["https://openalex.org/I158809036","https://openalex.org/I204983213"]},{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100771200","display_name":"Muhammad Shafiq","orcid":null},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Muhammad Shafiq","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology (CIAT), Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology (CIAT), Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100350793","display_name":"Le Wang","orcid":"https://orcid.org/0000-0002-3610-9185"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Le Wang","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology (CIAT), Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology (CIAT), Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5027271229"],"corresponding_institution_ids":["https://openalex.org/I4210136793"],"apc_list":null,"apc_paid":null,"fwci":1.7899,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.85861722,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"17","issue":"4","first_page":"5292","last_page":"5302"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.7337196469306946},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7264273166656494},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6783602237701416},{"id":"https://openalex.org/keywords/cyber-physical-system","display_name":"Cyber-physical system","score":0.6329160928726196},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.5980978608131409},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.5583413243293762},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.553935170173645},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.4952334463596344},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.44548219442367554},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.2488727569580078},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15330412983894348}],"concepts":[{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.7337196469306946},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7264273166656494},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6783602237701416},{"id":"https://openalex.org/C179768478","wikidata":"https://www.wikidata.org/wiki/Q1120057","display_name":"Cyber-physical system","level":2,"score":0.6329160928726196},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.5980978608131409},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.5583413243293762},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.553935170173645},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.4952334463596344},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.44548219442367554},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2488727569580078},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15330412983894348},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jsyst.2023.3303361","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jsyst.2023.3303361","pdf_url":null,"source":{"id":"https://openalex.org/S95999327","display_name":"IEEE Systems Journal","issn_l":"1932-8184","issn":["1932-8184","1937-9234","2373-7816"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Systems Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6299999952316284,"id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G5584386892","display_name":null,"funder_award_id":"62250410365","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":34,"referenced_works":["https://openalex.org/W1226496485","https://openalex.org/W1418477825","https://openalex.org/W1976526581","https://openalex.org/W2068789742","https://openalex.org/W2077028504","https://openalex.org/W2127795553","https://openalex.org/W2283196293","https://openalex.org/W2389396357","https://openalex.org/W2464785945","https://openalex.org/W2725271592","https://openalex.org/W2771537552","https://openalex.org/W2783819197","https://openalex.org/W2799900537","https://openalex.org/W2829082624","https://openalex.org/W2907851756","https://openalex.org/W2944851425","https://openalex.org/W2960533260","https://openalex.org/W2979175888","https://openalex.org/W2983303583","https://openalex.org/W3016987480","https://openalex.org/W3044434834","https://openalex.org/W3119101352","https://openalex.org/W3129506420","https://openalex.org/W3157159577","https://openalex.org/W3185244527","https://openalex.org/W3190895447","https://openalex.org/W3211888892","https://openalex.org/W4213315944","https://openalex.org/W4290647841","https://openalex.org/W4321021812","https://openalex.org/W6667829943","https://openalex.org/W6678830454","https://openalex.org/W6719736774","https://openalex.org/W6799496288"],"related_works":["https://openalex.org/W2358245908","https://openalex.org/W2528597107","https://openalex.org/W2914662937","https://openalex.org/W2143949933","https://openalex.org/W4283768703","https://openalex.org/W1828018529","https://openalex.org/W2588560471","https://openalex.org/W4389319510","https://openalex.org/W2894757949","https://openalex.org/W4386108466"],"abstract_inverted_index":{"With":[0],"the":[1,18,26,42,66,106,110,118,125,145,149,156,169,185,218,235],"rapid":[2],"development":[3],"of":[4],"information":[5],"technologies,":[6],"more":[7,9,30,32],"and":[8,31,48,69,96,201,206,214,221,224],"cyberattacks":[10,27,58],"are":[11,28,55,153],"emerging":[12],"to":[13,17,78,99,105,143,167,177,191,237],"cause":[14],"serious":[15],"consequences":[16],"critical":[19],"infrastructures":[20],"in":[21,155,217],"industrial":[22],"cyber-physical":[23],"systems.":[24],"As":[25,109],"becoming":[29],"complicated,":[33],"which":[34,93,159],"might":[35],"be":[36,100],"composed":[37],"by":[38],"multiple":[39],"steps,":[40],"obtaining":[41],"attack":[43,67,80,95,139,146,164,170,175,180,186,194,213,226,240],"strategies":[44,122,140,147,165,187,241],"can":[45,88,113],"help":[46],"understand":[47],"better":[49],"defend":[50],"these":[51],"attacks.":[52],"However,":[53],"there":[54],"many":[56],"unknown":[57,193],"every":[59],"day,":[60],"while":[61],"attackers":[62],"will":[63],"not":[64],"reveal":[65],"steps":[68],"tools":[70],"normally,":[71],"it":[72],"is":[73,84],"a":[74,85,90,161],"persistent":[75],"challenging":[76],"problem":[77],"obtain":[79,144],"strategies.":[81,181],"Cyber":[82],"range":[83,112,127],"testbed":[86],"that":[87,152,172],"simulate":[89],"networked":[91],"system,":[92],"supports":[94],"defense":[97,215],"activities":[98,216],"conducted":[101],"with":[102,196],"no":[103],"harm":[104],"real":[107],"system.":[108],"cyber":[111,126,157,219],"record":[114],"process":[115],"data":[116],"within":[117],"activity,":[119],"extracting":[120],"cyberattack":[121],"based":[123],"on":[124,210],"has":[128,173,234],"become":[129],"one":[130],"effective":[131],"approach.":[132],"In":[133],"this":[134],"article,":[135],"we":[136],"propose":[137],"an":[138],"extraction":[141],"framework":[142,209,233],"from":[148,242],"security":[150,243],"alerts":[151],"generated":[154],"range,":[158,220],"uses":[160],"model":[162],"called":[163],"identifier":[166,188],"identify":[168],"sequence":[171],"similar":[174],"patterns":[176],"some":[178],"known":[179],"Through":[182,229],"our":[183,208,232],"experiments,":[184],"was":[189],"able":[190],"judge":[192],"sequences":[195],"98.26%":[197],"accuracy,":[198],"98.70%":[199],"recall,":[200],"98.44%":[202],"F1-score.":[203],"We":[204],"implemented":[205],"tested":[207],"two":[211],"network":[212],"obtained":[222],"45":[223],"47":[225],"strategies,":[227],"respectively.":[228],"manual":[230],"validation,":[231],"ability":[236],"extract":[238],"novel":[239],"alerts.":[244]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}