{"id":"https://openalex.org/W7123355127","doi":"https://doi.org/10.1109/tdsc.2026.3652652","title":"Replica-Based Moving Target Defense Against Injection Attacks in Software-Defined Industrial Control Systems","display_name":"Replica-Based Moving Target Defense Against Injection Attacks in Software-Defined Industrial Control Systems","publication_year":2026,"publication_date":"2026-01-12","ids":{"openalex":"https://openalex.org/W7123355127","doi":"https://doi.org/10.1109/tdsc.2026.3652652"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2026.3652652","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3652652","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5122858993","display_name":"Xabier Etxezarreta","orcid":null},"institutions":[{"id":"https://openalex.org/I162361429","display_name":"Mondragon Unibertsitatea","ror":"https://ror.org/00wvqgd19","country_code":"ES","type":"education","lineage":["https://openalex.org/I162361429"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Xabier Etxezarreta","raw_affiliation_strings":["Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain"],"raw_orcid":"https://orcid.org/0000-0002-8241-7453","affiliations":[{"raw_affiliation_string":"Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain","institution_ids":["https://openalex.org/I162361429"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073358800","display_name":"Federico Turrin","orcid":"https://orcid.org/0000-0001-5660-2447"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Federico Turrin","raw_affiliation_strings":["Department of Mathematics, University of Padova, Padua, Italy"],"raw_orcid":"https://orcid.org/0000-0001-5660-2447","affiliations":[{"raw_affiliation_string":"Department of Mathematics, University of Padova, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122896051","display_name":"I\u00f1aki Garitano","orcid":null},"institutions":[{"id":"https://openalex.org/I162361429","display_name":"Mondragon Unibertsitatea","ror":"https://ror.org/00wvqgd19","country_code":"ES","type":"education","lineage":["https://openalex.org/I162361429"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"I\u00f1aki Garitano","raw_affiliation_strings":["Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain"],"raw_orcid":"https://orcid.org/0000-0002-0387-9167","affiliations":[{"raw_affiliation_string":"Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain","institution_ids":["https://openalex.org/I162361429"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092681792","display_name":"Mikel Iturbe","orcid":null},"institutions":[{"id":"https://openalex.org/I162361429","display_name":"Mondragon Unibertsitatea","ror":"https://ror.org/00wvqgd19","country_code":"ES","type":"education","lineage":["https://openalex.org/I162361429"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Mikel Iturbe","raw_affiliation_strings":["Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain"],"raw_orcid":"https://orcid.org/0000-0001-9641-5646","affiliations":[{"raw_affiliation_string":"Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain","institution_ids":["https://openalex.org/I162361429"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122887359","display_name":"Urko Zurutuza","orcid":null},"institutions":[{"id":"https://openalex.org/I162361429","display_name":"Mondragon Unibertsitatea","ror":"https://ror.org/00wvqgd19","country_code":"ES","type":"education","lineage":["https://openalex.org/I162361429"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Urko Zurutuza","raw_affiliation_strings":["Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain"],"raw_orcid":"https://orcid.org/0000-0003-3720-6048","affiliations":[{"raw_affiliation_string":"Electronics and Computing Department, Data Analytics and Cybersecurity (DANZ) research group, Mondragon University, Arrasate-Mondragon, Spain","institution_ids":["https://openalex.org/I162361429"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009516310","display_name":"Mauro Conti","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["Department of Mathematics, University of Padova, Padua, Italy"],"raw_orcid":"https://orcid.org/0000-0002-3612-1934","affiliations":[{"raw_affiliation_string":"Department of Mathematics, University of Padova, Padua, Italy","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5122858993"],"corresponding_institution_ids":["https://openalex.org/I162361429"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.05323007,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"3","first_page":"5163","last_page":"5180"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.5612999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.5612999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.361299991607666,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.026100000366568565,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6973999738693237},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.6643999814987183},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6632999777793884},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.527999997138977},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5052000284194946},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4726000130176544},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.45739999413490295},{"id":"https://openalex.org/keywords/path","display_name":"Path (computing)","score":0.4377000033855438},{"id":"https://openalex.org/keywords/game-theory","display_name":"Game theory","score":0.3596999943256378}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7365999817848206},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6973999738693237},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.6643999814987183},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6632999777793884},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6161999702453613},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.527999997138977},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5052000284194946},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4726000130176544},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.45739999413490295},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.4377000033855438},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4002000093460083},{"id":"https://openalex.org/C177142836","wikidata":"https://www.wikidata.org/wiki/Q44455","display_name":"Game theory","level":2,"score":0.3596999943256378},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3521000146865845},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.3474000096321106},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.34599998593330383},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.3303000032901764},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.31439998745918274},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.30959999561309814},{"id":"https://openalex.org/C34947359","wikidata":"https://www.wikidata.org/wiki/Q665189","display_name":"Complex network","level":2,"score":0.298799991607666},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2793000042438507},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.26840001344680786},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.267300009727478},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.265500009059906},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.25769999623298645},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.2513999938964844}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2026.3652652","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3652652","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W107867273","https://openalex.org/W1952698709","https://openalex.org/W2023093563","https://openalex.org/W2085457667","https://openalex.org/W2115747715","https://openalex.org/W2119891141","https://openalex.org/W2291150993","https://openalex.org/W2407991977","https://openalex.org/W2605571852","https://openalex.org/W2614176030","https://openalex.org/W2765400833","https://openalex.org/W2774100094","https://openalex.org/W2783169723","https://openalex.org/W2792029691","https://openalex.org/W2793800929","https://openalex.org/W2794691759","https://openalex.org/W2795786455","https://openalex.org/W2890112720","https://openalex.org/W2899703161","https://openalex.org/W2907753699","https://openalex.org/W2943852008","https://openalex.org/W2949160428","https://openalex.org/W2959889059","https://openalex.org/W2990623250","https://openalex.org/W2996903041","https://openalex.org/W2998298992","https://openalex.org/W3008059000","https://openalex.org/W3013219028","https://openalex.org/W3034480370","https://openalex.org/W3041393010","https://openalex.org/W3083350651","https://openalex.org/W3092554548","https://openalex.org/W3125869297","https://openalex.org/W3128032258","https://openalex.org/W3134685325","https://openalex.org/W3182007606","https://openalex.org/W3198297486","https://openalex.org/W3212789951","https://openalex.org/W4206747394","https://openalex.org/W4225729123","https://openalex.org/W4285109089","https://openalex.org/W4312241957","https://openalex.org/W4313650586","https://openalex.org/W4320015848","https://openalex.org/W4381187158","https://openalex.org/W4386590858","https://openalex.org/W4386881452","https://openalex.org/W4390579047","https://openalex.org/W4409473811"],"related_works":[],"abstract_inverted_index":{"Recent":[0],"incidents":[1],"have":[2,35],"demonstrated":[3],"the":[4,40,47,56,135,140,170,189],"increasing":[5,188],"vulnerability":[6],"of":[7,39,52,75,142,172,181],"Industrial":[8],"Control":[9],"Systems":[10],"(ICSs)":[11],"to":[12,44,59,71,79,133,166,177,193],"sophisticated":[13],"and":[14,24,77,122,149,155,196],"targeted":[15],"attacks":[16,34,65],"orchestrated":[17],"by":[18],"adversaries":[19,192],"with":[20],"high":[21,73],"motivation,":[22],"resources,":[23],"domain":[25],"knowledge.":[26],"Among":[27],"these":[28],"threats,":[29],"False":[30],"Data":[31],"Injection":[32],"(FDI)":[33],"emerged":[36],"as":[37],"one":[38],"main":[41],"security":[42],"threats":[43],"ICSs,":[45],"involving":[46],"deliberate":[48],"manipulation":[49],"or":[50,61],"injection":[51],"false":[53],"data":[54],"into":[55],"control":[57],"system":[58],"deceive":[60],"disrupt":[62],"operations.":[63],"FDI":[64,109,173],"pose":[66],"a":[67,98,125,129],"significant":[68],"risk":[69],"due":[70],"their":[72],"capacity":[74],"concealment":[76],"ability":[78],"evade":[80],"intrusion":[81],"detection":[82],"systems":[83],"that":[84,160],"rely":[85],"on":[86,151],"accurate":[87],"ICS":[88,152],"models.":[89],"In":[90],"this":[91],"paper,":[92],"we":[93],"present":[94],"<sc":[95,111,161],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[96,112,162],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">defclon</small>,":[97],"novel":[99],"Software-Defined":[100],"Networking":[101],"(SDN)-based":[102],"Moving":[103],"Target":[104],"Defense":[105],"(MTD)":[106],"approach":[107,144],"against":[108],"attacks.":[110,198],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Defclon</small>":[113],"proactively":[114],"replicates":[115],"network":[116,120,153,185],"packets":[117],"across":[118],"multiple":[119],"paths":[121],"adaptively":[123],"selects":[124],"single":[126],"path":[127],"using":[128],"signaling":[130],"game":[131],"model":[132],"reach":[134],"destination":[136],"end-device.":[137],"We":[138],"demonstrate":[139],"effectiveness":[141],"our":[143],"through":[145],"simulations,":[146],"numerical":[147],"analysis,":[148],"experiments":[150],"traffic":[154],"topologies.":[156],"Experimental":[157],"results":[158],"show":[159],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">defclon</small>":[163],"is":[164],"able":[165],"not":[167],"only":[168],"mitigate":[169],"effects":[171],"attacks,":[174],"but":[175],"also":[176],"introduce":[178],"different":[179],"levels":[180],"uncertainty":[182],"without":[183],"degrading":[184],"performance,":[186],"significantly":[187],"difficulty":[190],"for":[191],"gather":[194],"information":[195],"launch":[197]},"counts_by_year":[],"updated_date":"2026-05-15T06:05:50.897203","created_date":"2026-01-14T00:00:00"}