{"id":"https://openalex.org/W3160032723","doi":"https://doi.org/10.1109/tifs.2021.3078261","title":"Threat Intelligence Generation Using Network Telescope Data for Industrial Control Systems","display_name":"Threat Intelligence Generation Using Network Telescope Data for Industrial Control Systems","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3160032723","doi":"https://doi.org/10.1109/tifs.2021.3078261","mag":"3160032723"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2021.3078261","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3078261","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008962499","display_name":"Olivier Cabana","orcid":"https://orcid.org/0000-0002-9151-0975"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Olivier Cabana","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr M. Youssef","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028605138","display_name":"Mourad Debbabi","orcid":"https://orcid.org/0000-0003-3015-3043"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mourad Debbabi","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087855812","display_name":"Bernard Lebel","orcid":"https://orcid.org/0000-0002-8287-2587"},"institutions":[{"id":"https://openalex.org/I4210095320","display_name":"Thales (Canada)","ror":"https://ror.org/00nnd3206","country_code":"CA","type":"company","lineage":["https://openalex.org/I4210095320","https://openalex.org/I4210140930"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Bernard Lebel","raw_affiliation_strings":["Thales Canada Inc., Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Thales Canada Inc., Montreal, Canada","institution_ids":["https://openalex.org/I4210095320"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075761726","display_name":"Marthe Kassouf","orcid":"https://orcid.org/0000-0002-3007-2350"},"institutions":[{"id":"https://openalex.org/I47099075","display_name":"Hydro-Qu\u00e9bec","ror":"https://ror.org/01nhzsw25","country_code":"CA","type":"government","lineage":["https://openalex.org/I47099075"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Marthe Kassouf","raw_affiliation_strings":["Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada"],"affiliations":[{"raw_affiliation_string":"Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]},{"raw_affiliation_string":"Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057593270","display_name":"Ribal Atallah","orcid":"https://orcid.org/0000-0001-9582-6478"},"institutions":[{"id":"https://openalex.org/I47099075","display_name":"Hydro-Qu\u00e9bec","ror":"https://ror.org/01nhzsw25","country_code":"CA","type":"government","lineage":["https://openalex.org/I47099075"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ribal Atallah","raw_affiliation_strings":["Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada"],"affiliations":[{"raw_affiliation_string":"Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]},{"raw_affiliation_string":"Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011863516","display_name":"Basile L. Agba","orcid":"https://orcid.org/0000-0003-2284-6026"},"institutions":[{"id":"https://openalex.org/I47099075","display_name":"Hydro-Qu\u00e9bec","ror":"https://ror.org/01nhzsw25","country_code":"CA","type":"government","lineage":["https://openalex.org/I47099075"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Basile L. Agba","raw_affiliation_strings":["Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada"],"affiliations":[{"raw_affiliation_string":"Institut de recherche d\u2019Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]},{"raw_affiliation_string":"Institut de recherche d'Hydro-Qu\u00e9bec, Varennes, Canada","institution_ids":["https://openalex.org/I47099075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5008962499"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":2.7541,"has_fulltext":false,"cited_by_count":28,"citation_normalized_percentile":{"value":0.90419986,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":93,"max":99},"biblio":{"volume":"16","issue":null,"first_page":"3355","last_page":"3370"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7456963062286377},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7258460521697998},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.643034040927887},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.6057908535003662},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5692028999328613},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.4855082035064697},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4692162275314331},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.4187670350074768},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1781388819217682},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.16673752665519714}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7456963062286377},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7258460521697998},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.643034040927887},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.6057908535003662},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5692028999328613},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.4855082035064697},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4692162275314331},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.4187670350074768},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1781388819217682},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.16673752665519714}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2021.3078261","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3078261","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W313385724","https://openalex.org/W1539673791","https://openalex.org/W1614298861","https://openalex.org/W1634005169","https://openalex.org/W1669806660","https://openalex.org/W1974269546","https://openalex.org/W1998960172","https://openalex.org/W2001637908","https://openalex.org/W2005703400","https://openalex.org/W2043241530","https://openalex.org/W2073148641","https://openalex.org/W2095897464","https://openalex.org/W2096474000","https://openalex.org/W2101234009","https://openalex.org/W2115775347","https://openalex.org/W2131744502","https://openalex.org/W2146577751","https://openalex.org/W2153579005","https://openalex.org/W2155372789","https://openalex.org/W2157305458","https://openalex.org/W2250539671","https://openalex.org/W2480068437","https://openalex.org/W2498874063","https://openalex.org/W2533980614","https://openalex.org/W2540831950","https://openalex.org/W2552542906","https://openalex.org/W2579739707","https://openalex.org/W2585743567","https://openalex.org/W2608113618","https://openalex.org/W2613843087","https://openalex.org/W2734593181","https://openalex.org/W2738334271","https://openalex.org/W2750815311","https://openalex.org/W2765449478","https://openalex.org/W2766170424","https://openalex.org/W2766240540","https://openalex.org/W2798389100","https://openalex.org/W2946143761","https://openalex.org/W2948694540","https://openalex.org/W2950577311","https://openalex.org/W2962773292","https://openalex.org/W2963514026","https://openalex.org/W3012425390","https://openalex.org/W3039975887","https://openalex.org/W3045534557","https://openalex.org/W3108707471","https://openalex.org/W4231029117","https://openalex.org/W4294170691","https://openalex.org/W6636510571","https://openalex.org/W6637397297","https://openalex.org/W6675354045","https://openalex.org/W6679775712","https://openalex.org/W6682691769","https://openalex.org/W6743621839","https://openalex.org/W6922540667"],"related_works":["https://openalex.org/W1971040605","https://openalex.org/W1523103140","https://openalex.org/W3160314615","https://openalex.org/W4293863310","https://openalex.org/W2398634398","https://openalex.org/W2082456656","https://openalex.org/W4226031521","https://openalex.org/W2381288267","https://openalex.org/W2155469080","https://openalex.org/W2299887038"],"abstract_inverted_index":{"Industrial":[0],"Control":[1],"Systems":[2],"(ICSs)":[3],"are":[4,76],"cyber-physical":[5],"systems":[6],"that":[7,24,43,52],"offer":[8],"attractive":[9],"targets":[10,44],"to":[11,15,36,54,72,130,155,181,203,207],"threat":[12,89,111,190,248],"actors":[13,191],"due":[14],"the":[16,49,66,88,119,136,141,144,159,174,183,186,216,247],"scale":[17],"of":[18,48,65,91,121,135,143,215,227,246],"damages,":[19],"both":[20],"physical":[21],"and":[22,79,96,109,157,167,171,188,199],"cyber,":[23],"successful":[25],"exploitation":[26],"can":[27],"cause.":[28],"As":[29,58],"such,":[30],"ICSs":[31,117],"often":[32],"find":[33],"themselves":[34],"victims":[35],"reconnaissance":[37],"campaigns":[38,60,115,146,187,206],"-":[39,51],"coordinated":[40],"scanning":[41,114],"activity":[42],"a":[45,148,201,243],"wide":[46],"subset":[47],"Internet":[50],"aim":[53],"discover":[55],"vulnerable":[56],"systems.":[57,252],"these":[59,238],"likely":[61],"scan":[62],"broad":[63],"netblocks":[64],"Internet,":[67],"some":[68],"traffic":[69,103,108,229],"is":[70],"directed":[71],"network":[73,98,102,228],"telescopes,":[74],"which":[75,124],"routable,":[77],"allocated,":[78],"unused":[80],"IP":[81,235],"space.":[82,236],"In":[83],"this":[84],"paper,":[85],"we":[86,125,220,241],"explore":[87],"landscape":[90,249],"ICS":[92,251],"devices":[93],"by":[94,172,231],"analyzing":[95],"investigating":[97],"telescope":[99],"traffic.":[100],"Our":[101],"analysis":[104,214],"tool":[105],"takes":[106],"darknet":[107,234],"generates":[110],"intelligence":[112],"on":[113],"targeting":[116,218,250],"in":[118,127],"form":[120],"campaign":[122,175],"fragments,":[123],"leverage":[126],"new":[128],"ways":[129],"get":[131],"more":[132],"in-depth":[133],"knowledge":[134],"cybersecurity":[137],"threats.":[138],"We":[139,161,177],"investigate":[140],"payloads":[142],"identified":[145],"using":[147],"custom":[149],"Deep":[150],"Packet":[151],"Inspection":[152],"(DPI)":[153],"technique":[154],"dissect":[156],"analyze":[158],"packets.":[160],"found":[162],"13":[163],"distinct":[164],"payload":[165],"templates":[166],"deduced":[168],"their":[169],"purpose,":[170],"extension":[173],"goals.":[176],"use":[178],"machine":[179],"learning":[180],"classify":[182],"sources":[184],"behind":[185],"identify":[189],"such":[192],"as":[193],"botnets,":[194],"malicious":[195],"attackers,":[196],"or":[197],"researchers,":[198],"establish":[200],"methodology":[202],"rank":[204],"our":[205,209,213,232],"prioritize":[208],"analysis.":[210],"To":[211],"conduct":[212],"threats":[217],"ICSs,":[219],"have":[221],"leveraged":[222],"12.85":[223],"TB":[224],"(330":[225],"days)":[226],"received":[230],"observed":[233],"Combining":[237],"investigative":[239],"threads,":[240],"provide":[242],"thorough":[244],"overview":[245]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-01T08:55:55.761014","created_date":"2025-10-10T00:00:00"}