{"id":"https://openalex.org/W2972765956","doi":"https://doi.org/10.1109/tifs.2019.2940890","title":"Temporal Execution Behavior for Host Anomaly Detection in Programmable Logic Controllers","display_name":"Temporal Execution Behavior for Host Anomaly Detection in Programmable Logic Controllers","publication_year":2019,"publication_date":"2019-09-11","ids":{"openalex":"https://openalex.org/W2972765956","doi":"https://doi.org/10.1109/tifs.2019.2940890","mag":"2972765956"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2019.2940890","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2940890","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057203407","display_name":"David Formby","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"David Formby","raw_affiliation_strings":["School of Electrical and Computer Engineering, Georgia Institute of Technology College of Engineering, Atlanta, USA"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Georgia Institute of Technology College of Engineering, Atlanta, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033073212","display_name":"Raheem Beyah","orcid":"https://orcid.org/0000-0002-9188-3464"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Raheem Beyah","raw_affiliation_strings":["Georgia Institute of Technology, Atlanta, USA"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology, Atlanta, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5057203407"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":1.9903,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.87461642,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"15","issue":null,"first_page":"1455","last_page":"1469"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8630397319793701},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7374318838119507},{"id":"https://openalex.org/keywords/spoofing-attack","display_name":"Spoofing attack","score":0.5731635689735413},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.5592338442802429},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5535172820091248},{"id":"https://openalex.org/keywords/checksum","display_name":"Checksum","score":0.49270299077033997},{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.4504110813140869},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.351498007774353},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.34250664710998535},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3242928683757782},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20614907145500183}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8630397319793701},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7374318838119507},{"id":"https://openalex.org/C167900197","wikidata":"https://www.wikidata.org/wiki/Q11081100","display_name":"Spoofing attack","level":2,"score":0.5731635689735413},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.5592338442802429},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5535172820091248},{"id":"https://openalex.org/C162372511","wikidata":"https://www.wikidata.org/wiki/Q218341","display_name":"Checksum","level":2,"score":0.49270299077033997},{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.4504110813140869},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.351498007774353},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.34250664710998535},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3242928683757782},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20614907145500183},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2019.2940890","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2019.2940890","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1974853427","https://openalex.org/W2002578057","https://openalex.org/W2011728129","https://openalex.org/W2021362805","https://openalex.org/W2024094925","https://openalex.org/W2041929698","https://openalex.org/W2043504176","https://openalex.org/W2051903196","https://openalex.org/W2056451850","https://openalex.org/W2068693276","https://openalex.org/W2099613071","https://openalex.org/W2104948281","https://openalex.org/W2124631616","https://openalex.org/W2141050228","https://openalex.org/W2156186849","https://openalex.org/W2169633417","https://openalex.org/W2473842208","https://openalex.org/W2560211752","https://openalex.org/W2578943040","https://openalex.org/W2613412685","https://openalex.org/W2623396859","https://openalex.org/W2625110865","https://openalex.org/W2751592946","https://openalex.org/W2771494169","https://openalex.org/W2775534077","https://openalex.org/W2998254967","https://openalex.org/W4250874986","https://openalex.org/W6678601690"],"related_works":["https://openalex.org/W2584928298","https://openalex.org/W2073512695","https://openalex.org/W4285328204","https://openalex.org/W2039130246","https://openalex.org/W2126447415","https://openalex.org/W2188809546","https://openalex.org/W2896906200","https://openalex.org/W2136646084","https://openalex.org/W2078451911","https://openalex.org/W228222500"],"abstract_inverted_index":{"Programmable":[0],"logic":[1],"controllers":[2],"(PLCs)":[3],"make":[4,72],"up":[5],"the":[6,18,22,80,127,143,173],"majority":[7],"of":[8,58,89],"endpoints":[9],"on":[10],"industrial":[11],"control":[12,139],"system":[13],"(ICS)":[14],"networks":[15],"and":[16,24,48,68,82,109,145,166],"are":[17,30,33,151,169],"vital":[19],"bridge":[20],"between":[21],"cyber":[23],"physical":[25],"worlds.":[26],"Although":[27],"these":[28,93,118],"devices":[29,78],"critical,":[31],"they":[32,102],"often":[34],"insecure":[35],"by":[36],"design:":[37],"communicating":[38],"over":[39],"unauthenticated":[40],"protocols,":[41],"failing":[42],"to":[43,75,85,116,134,138,153,171],"provide":[44],"standard":[45],"password":[46],"protection,":[47],"using":[49,130],"trivially":[50],"spoofed":[51],"checksums":[52],"for":[53,107,121,126,158],"detecting":[54],"program":[55,131],"changes":[56,137],"instead":[57],"cryptographic":[59],"hashes.":[60],"Furthermore,":[61],"extreme":[62],"resource":[63,119],"limitations,":[64],"long":[65],"life":[66],"cycles,":[67],"strict":[69],"downtime":[70],"requirements":[71],"it":[73],"difficult":[74],"patch":[76],"existing":[77],"in":[79],"field":[81],"virtually":[83],"impossible":[84],"install":[86],"any":[87],"kind":[88],"endpoint":[90],"protection.":[91],"While":[92],"limitations":[94,120],"have":[95],"traditionally":[96],"been":[97],"considered":[98],"a":[99],"security":[100],"weakness,":[101],"may":[103],"also":[104],"be":[105],"leveraged":[106],"change":[108],"anomaly":[110,124],"detection.":[111],"Specifically,":[112],"this":[113],"research":[114],"proposes":[115],"leverage":[117],"continuous":[122],"behavior":[123,162],"detection":[125],"PLCs":[128],"themselves,":[129],"execution":[132,161],"times":[133],"detect":[135],"single-instruction":[136],"programs":[140],"from":[141,163],"both":[142],"network":[144],"local":[146],"access.":[147],"The":[148],"basic":[149],"techniques":[150],"extended":[152],"include":[154],"white":[155],"box":[156],"modeling":[157],"estimating":[159],"rare":[160],"source":[164],"code,":[165],"proof-of-work":[167],"functions":[168],"utilized":[170],"increase":[172],"techniques'":[174],"resiliency":[175],"against":[176],"mimicry":[177],"attacks.":[178]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":6},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}