{"id":"https://openalex.org/W4411446879","doi":"https://doi.org/10.1109/tifs.2025.3581434","title":"SSTAF: Security Settings-Based Threat Assessment Framework of Programmable Logic Controllers","display_name":"SSTAF: Security Settings-Based Threat Assessment Framework of Programmable Logic Controllers","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4411446879","doi":"https://doi.org/10.1109/tifs.2025.3581434"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3581434","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3581434","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100670645","display_name":"Jie Meng","orcid":"https://orcid.org/0000-0002-4485-4812"},"institutions":[{"id":"https://openalex.org/I4391767838","display_name":"State Key Laboratory of Industrial Control Technology","ror":"https://ror.org/03a33a786","country_code":null,"type":"facility","lineage":["https://openalex.org/I4391767838","https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jie Meng","raw_affiliation_strings":["State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I4391767838"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035143434","display_name":"Zhenyong Zhang","orcid":"https://orcid.org/0000-0003-0950-1525"},"institutions":[{"id":"https://openalex.org/I178232147","display_name":"Guizhou University","ror":"https://ror.org/02wmsc916","country_code":"CN","type":"education","lineage":["https://openalex.org/I178232147"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenyong Zhang","raw_affiliation_strings":["State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang, China"],"raw_orcid":"https://orcid.org/0000-0003-0950-1525","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang, China","institution_ids":["https://openalex.org/I178232147"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089925426","display_name":"Hengye Zhu","orcid":"https://orcid.org/0009-0004-3487-7182"},"institutions":[{"id":"https://openalex.org/I4391767838","display_name":"State Key Laboratory of Industrial Control Technology","ror":"https://ror.org/03a33a786","country_code":null,"type":"facility","lineage":["https://openalex.org/I4391767838","https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hengye Zhu","raw_affiliation_strings":["State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0004-3487-7182","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I4391767838"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039792504","display_name":"Zeyu Yang","orcid":"https://orcid.org/0000-0002-1596-6890"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zeyu Yang","raw_affiliation_strings":["iTrust, Singapore University of Technology and Design, Tampines, Singapore","iTrust, Singapore University of Technology and Design, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-1596-6890","affiliations":[{"raw_affiliation_string":"iTrust, Singapore University of Technology and Design, Tampines, Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"iTrust, Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083185861","display_name":"Ruilong Deng","orcid":"https://orcid.org/0000-0002-8158-150X"},"institutions":[{"id":"https://openalex.org/I4391767838","display_name":"State Key Laboratory of Industrial Control Technology","ror":"https://ror.org/03a33a786","country_code":null,"type":"facility","lineage":["https://openalex.org/I4391767838","https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruilong Deng","raw_affiliation_strings":["State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-8158-150X","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I4391767838"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051951845","display_name":"Peng Cheng","orcid":"https://orcid.org/0000-0002-4221-2162"},"institutions":[{"id":"https://openalex.org/I4391767838","display_name":"State Key Laboratory of Industrial Control Technology","ror":"https://ror.org/03a33a786","country_code":null,"type":"facility","lineage":["https://openalex.org/I4391767838","https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Cheng","raw_affiliation_strings":["State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-4221-2162","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Industrial Control Technology and the College of Control Science and Engineering, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I4391767838"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008266220","display_name":"Jianying Zhou","orcid":"https://orcid.org/0000-0003-0594-0432"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jianying Zhou","raw_affiliation_strings":["iTrust, Singapore University of Technology and Design, Tampines, Singapore","iTrust, Singapore University of Technology and Design, Singapore"],"raw_orcid":"https://orcid.org/0000-0003-0594-0432","affiliations":[{"raw_affiliation_string":"iTrust, Singapore University of Technology and Design, Tampines, Singapore","institution_ids":["https://openalex.org/I152815399"]},{"raw_affiliation_string":"iTrust, Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.2763,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95232885,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"20","issue":null,"first_page":"7512","last_page":"7527"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9876999855041504,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9876000285148621,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8132273554801941},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5399420857429504},{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.5068593621253967},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.34022247791290283},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13939419388771057}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8132273554801941},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5399420857429504},{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.5068593621253967},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.34022247791290283},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13939419388771057}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3581434","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3581434","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/13","score":0.6200000047683716,"display_name":"Climate action"}],"awards":[{"id":"https://openalex.org/G2224863863","display_name":null,"funder_award_id":"62303411","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3545694276","display_name":null,"funder_award_id":"62293500","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4513079086","display_name":null,"funder_award_id":"62293511","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4647544079","display_name":null,"funder_award_id":"ICT2024A13","funder_id":"https://openalex.org/F4320326952","funder_display_name":"State Key Laboratory of Industrial Control Technology"},{"id":"https://openalex.org/G6147820277","display_name":null,"funder_award_id":"ICT2025C04","funder_id":"https://openalex.org/F4320326952","funder_display_name":"State Key Laboratory of Industrial Control Technology"},{"id":"https://openalex.org/G6442699438","display_name":null,"funder_award_id":"62293502","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G698852458","display_name":null,"funder_award_id":"62293503","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7098366126","display_name":null,"funder_award_id":"LR23F030001","funder_id":"https://openalex.org/F4320338464","funder_display_name":"Natural Science Foundation of Zhejiang Province"},{"id":"https://openalex.org/G7893011769","display_name":null,"funder_award_id":"62303126","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320326952","display_name":"State Key Laboratory of Industrial Control Technology","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null},{"id":"https://openalex.org/F4320338464","display_name":"Natural Science Foundation of Zhejiang Province","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1995598817","https://openalex.org/W2083810592","https://openalex.org/W2089365904","https://openalex.org/W2106291522","https://openalex.org/W2108646124","https://openalex.org/W2150341374","https://openalex.org/W2562876364","https://openalex.org/W2608113618","https://openalex.org/W2759656866","https://openalex.org/W2945937333","https://openalex.org/W2952754944","https://openalex.org/W2980096664","https://openalex.org/W2990623250","https://openalex.org/W3034480370","https://openalex.org/W3108707471","https://openalex.org/W3126952132","https://openalex.org/W3127710738","https://openalex.org/W3160032723","https://openalex.org/W4288057737","https://openalex.org/W4288079454","https://openalex.org/W4308479228","https://openalex.org/W4317927927","https://openalex.org/W4389279166","https://openalex.org/W4391993604","https://openalex.org/W4394627620","https://openalex.org/W6677217071","https://openalex.org/W6724780196","https://openalex.org/W6754140786","https://openalex.org/W6766491214","https://openalex.org/W6850834480"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W2356021081","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890"],"abstract_inverted_index":{"Industrial":[0],"control":[1],"systems":[2],"(ICSs)":[3],"govern":[4],"the":[5,35,41,56,78,91,123,132,139,170,178,197,201,236],"production":[6],"activities":[7],"of":[8,37,113,126,141,148,192,209,229,239],"various":[9,48],"critical":[10],"infrastructures,":[11],"where":[12],"programmable":[13],"logic":[14],"controllers":[15],"(PLCs)":[16],"are":[17,77,233],"essential":[18],"devices":[19,185],"for":[20,59,166],"controlling":[21],"industrial":[22],"processes.":[23],"However,":[24],"PLCs":[25,38,167,210],"have":[26,51,211],"many":[27,53],"vulnerabilities":[28],"and":[29,50,72,131,144,180,200],"might":[30,221],"be":[31,222],"configured":[32,214],"inappropriately.":[33],"With":[34],"trend":[36],"connecting":[39],"to":[40,47,94,105,120,137,169,188,224,235],"Internet,":[42],"such":[43,68],"weaknesses":[44],"will":[45],"lead":[46],"cyberattacks":[49],"prompted":[52],"studies":[54],"on":[55,151,177,196,227],"threat":[57,99,133,164,202],"assessment":[58,100,134,165,203],"PLCs.":[60],"Previous":[61],"research":[62],"has":[63],"ignored":[64],"PLCs\u2019":[65,84,107,152],"security":[66,80,97,127,153,193,216,240],"settings,":[67],"as":[69],"operating":[70],"mode":[71],"read/write":[73],"authentication":[74],"etc.,":[75],"which":[76,230],"general":[79],"functionalities":[81],"significantly":[82],"affecting":[83],"security.":[85,108],"In":[86],"this":[87],"paper,":[88],"we":[89,160,205],"make":[90],"first":[92],"attempt":[93],"propose":[95],"a":[96,117],"settings-based":[98],"framework":[101],"(<italic":[102],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[103,110,115,158,175],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">SSTAF</i>)":[104],"assess":[106,138],"<italic":[109,114,157,174],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">SSTAF</i>":[111],"consists":[112],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">SScanner</i>,":[116],"novel":[118],"scanner":[119],"automatically":[121],"extract":[122],"real-time":[124],"configurations":[125,143,191,238],"settings":[128],"from":[129],"PLCs,":[130],"criteria,":[135,204],"serving":[136],"appropriateness":[140],"PLC":[142,220],"analyze":[145],"risk":[146],"levels":[147],"attacks":[149,226,232],"based":[150],"settings.":[154,194,217,241],"Subsequently,":[155],"using":[156],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">SSTAF</i>,":[159],"implement":[161],"an":[162],"Internet-wide":[163],"exposed":[168],"Internet.":[171],"We":[172],"deploy":[173],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">SScanner</i>":[176],"Internet":[179],"interact":[181],"with":[182],"41K":[183],"ICS":[184],"in":[186],"cyberspace":[187],"acquire":[189],"their":[190,215],"Based":[195],"scanning":[198],"result":[199],"reveal":[206],"that":[207],"93.32%":[208],"not":[212],"appropriately":[213],"Additionally,":[218],"each":[219],"subject":[223],"4.96":[225],"average,":[228],"3.32":[231],"due":[234],"inappropriate":[237]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}