{"id":"https://openalex.org/W4414080564","doi":"https://doi.org/10.1109/tifs.2025.3607241","title":"Identifying Adversarial Cyber-Activity in Operational Technology Environments Using Bayesian Networks","display_name":"Identifying Adversarial Cyber-Activity in Operational Technology Environments Using Bayesian Networks","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4414080564","doi":"https://doi.org/10.1109/tifs.2025.3607241"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3607241","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3607241","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014679386","display_name":"Lee Maccarone","orcid":"https://orcid.org/0000-0002-2023-0255"},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lee T. Maccarone","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042243844","display_name":"Dennis M. Buede","orcid":"https://orcid.org/0000-0001-5749-9576"},"institutions":[{"id":"https://openalex.org/I29801172","display_name":"Thomas Jefferson National Accelerator Facility","ror":"https://ror.org/02vwzrd76","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I29801172","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dennis M. Buede","raw_affiliation_strings":["ITA International, Newport News, VA, USA"],"affiliations":[{"raw_affiliation_string":"ITA International, Newport News, VA, USA","institution_ids":["https://openalex.org/I29801172"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Scott T. Bowman","orcid":"https://orcid.org/0000-0002-8629-9810"},"institutions":[{"id":"https://openalex.org/I2800102766","display_name":"Idaho National Laboratory","ror":"https://ror.org/00ty2a548","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I2800102766","https://openalex.org/I2801818860"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Scott T. Bowman","raw_affiliation_strings":["Idaho National Laboratory, Idaho Falls, ID, USA"],"affiliations":[{"raw_affiliation_string":"Idaho National Laboratory, Idaho Falls, ID, USA","institution_ids":["https://openalex.org/I2800102766"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012812542","display_name":"P. Ambrozewicz","orcid":"https://orcid.org/0000-0001-9128-9441"},"institutions":[{"id":"https://openalex.org/I29801172","display_name":"Thomas Jefferson National Accelerator Facility","ror":"https://ror.org/02vwzrd76","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I29801172","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Pawel Ambrozewicz","raw_affiliation_strings":["ITA International, Newport News, VA, USA"],"affiliations":[{"raw_affiliation_string":"ITA International, Newport News, VA, USA","institution_ids":["https://openalex.org/I29801172"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015929583","display_name":"Charles K. Burdick","orcid":null},"institutions":[{"id":"https://openalex.org/I29801172","display_name":"Thomas Jefferson National Accelerator Facility","ror":"https://ror.org/02vwzrd76","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I29801172","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Charles D. Burdick","raw_affiliation_strings":["ITA International, Newport News, VA, USA"],"affiliations":[{"raw_affiliation_string":"ITA International, Newport News, VA, USA","institution_ids":["https://openalex.org/I29801172"]}]},{"author_position":"middle","author":{"id":null,"display_name":"J. Connor Grady","orcid":"https://orcid.org/0000-0002-5893-2703"},"institutions":[{"id":"https://openalex.org/I4210104735","display_name":"Sandia National Laboratories","ror":"https://ror.org/01apwpt12","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210104735"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"J. Connor Grady","raw_affiliation_strings":["Sandia National Laboratories, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"Sandia National Laboratories, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I4210104735"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5113110770","display_name":"Shaw X. Wen","orcid":null},"institutions":[{"id":"https://openalex.org/I2800102766","display_name":"Idaho National Laboratory","ror":"https://ror.org/00ty2a548","country_code":"US","type":"facility","lineage":["https://openalex.org/I1325736334","https://openalex.org/I1330989302","https://openalex.org/I2800102766","https://openalex.org/I2801818860"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shaw X. Wen","raw_affiliation_strings":["Idaho National Laboratory, Idaho Falls, ID, USA"],"affiliations":[{"raw_affiliation_string":"Idaho National Laboratory, Idaho Falls, ID, USA","institution_ids":["https://openalex.org/I2800102766"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5014679386"],"corresponding_institution_ids":["https://openalex.org/I4210104735"],"apc_list":null,"apc_paid":null,"fwci":3.0965,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.93207744,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"20","issue":null,"first_page":"10173","last_page":"10188"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9611999988555908,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9611999988555908,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9556999802589417,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9453999996185303,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8029000163078308},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.707099974155426},{"id":"https://openalex.org/keywords/subject-matter-expert","display_name":"Subject-matter expert","score":0.6025000214576721},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.5306000113487244},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5264000296592712},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.5192000269889832},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.46650001406669617},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.44940000772476196},{"id":"https://openalex.org/keywords/intelligence-analysis","display_name":"Intelligence analysis","score":0.39739999175071716}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8295000195503235},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8029000163078308},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.707099974155426},{"id":"https://openalex.org/C105002631","wikidata":"https://www.wikidata.org/wiki/Q4833645","display_name":"Subject-matter expert","level":3,"score":0.6025000214576721},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.5306000113487244},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5264000296592712},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5223000049591064},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.5192000269889832},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.46650001406669617},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.44940000772476196},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.43639999628067017},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4129999876022339},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.39739999175071716},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.38190001249313354},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.37529999017715454},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3578999936580658},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3476000130176544},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3264000117778778},{"id":"https://openalex.org/C58328972","wikidata":"https://www.wikidata.org/wiki/Q184609","display_name":"Expert system","level":2,"score":0.3147999942302704},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.30320000648498535},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.29100000858306885},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2827000021934509},{"id":"https://openalex.org/C160234255","wikidata":"https://www.wikidata.org/wiki/Q812535","display_name":"Bayesian inference","level":3,"score":0.27000001072883606},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.2687999904155731},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.26570001244544983},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.2653999924659729},{"id":"https://openalex.org/C207201462","wikidata":"https://www.wikidata.org/wiki/Q182505","display_name":"Bayes' theorem","level":3,"score":0.25529998540878296},{"id":"https://openalex.org/C84685590","wikidata":"https://www.wikidata.org/wiki/Q1540472","display_name":"Knowledge engineering","level":2,"score":0.25270000100135803}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3607241","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3607241","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2116961191","display_name":null,"funder_award_id":"M615000366","funder_id":"https://openalex.org/F4320334194","funder_display_name":"Office of Cybersecurity, Energy Security, and Emergency Response"}],"funders":[{"id":"https://openalex.org/F4320334194","display_name":"Office of Cybersecurity, Energy Security, and Emergency Response","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W65242977","https://openalex.org/W1542659806","https://openalex.org/W1636375694","https://openalex.org/W1964821516","https://openalex.org/W2030014066","https://openalex.org/W2078712199","https://openalex.org/W2121141821","https://openalex.org/W2501634593","https://openalex.org/W2536179434","https://openalex.org/W2617416222","https://openalex.org/W2765489703","https://openalex.org/W2772871960","https://openalex.org/W2803881474","https://openalex.org/W2915601373","https://openalex.org/W2917355511","https://openalex.org/W2983895647","https://openalex.org/W3087986304","https://openalex.org/W4200274801","https://openalex.org/W4310113547","https://openalex.org/W4320008781","https://openalex.org/W4385831461","https://openalex.org/W4386881452","https://openalex.org/W4388345774","https://openalex.org/W4406460482"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279","https://openalex.org/W4288019534"],"abstract_inverted_index":{"Operational":[0],"technology":[1],"(OT)":[2],"systems":[3,211],"face":[4],"increasing":[5],"cybersecurity":[6,163,200],"risks":[7],"from":[8,108,135,149],"adversarial":[9,207],"behavior.":[10,52],"This":[11,113],"paper":[12,114],"describes":[13],"the":[14,24,39,48,56,59,80,90,116,127,168,178,183,187,191],"development":[15],"of":[16,26,38,50,55,105,118,138,152,161],"a":[17,43,103,150,159],"Bayesian":[18,40,128,169],"network":[19,41,170],"risk":[20],"model":[21,45,57,101],"to":[22,125,212],"enhance":[23],"comprehension":[25],"observable":[27],"cyber-events":[28],"caused":[29],"by":[30,79],"malicious":[31],"activity":[32],"in":[33,98,158,209],"OT":[34,111,142,162,199],"environments.":[35],"The":[36,53,82,130,144],"core":[37],"is":[42,102,171],"process":[44],"that":[46,75],"characterizes":[47],"stages":[49],"adversary":[51,87],"remainder":[54],"leverages":[58],"MITRE":[60],"ATT&CK<sup":[61],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[62],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">\u00ae</sup>":[63],"for":[64,86],"Industrial":[65],"Control":[66],"Systems":[67],"(ICS)":[68],"taxonomy,":[69],"which":[70],"includes":[71],"tactics":[72],"and":[73,93,122,165,186,205,216],"techniques":[74],"may":[76],"be":[77],"used":[78],"adversary.":[81],"observables":[83],"provide":[84],"evidence":[85],"behavior":[88,208],"through":[89],"intermediary":[91],"technique":[92],"tactic":[94],"nodes.":[95],"One":[96],"challenge":[97],"constructing":[99],"this":[100,197],"lack":[104],"open-source":[106,136],"data":[107,121,132],"cyber-attacks":[109,140],"on":[110,182],"systems.":[112,143],"demonstrates":[115],"use":[117],"both":[119],"historical":[120,131,175],"expert":[123,145],"knowledge":[124,146],"construct":[126],"network.":[129],"was":[133,147],"obtained":[134,148],"reporting":[137],"27":[139],"affecting":[141],"panel":[151],"subject":[153],"matter":[154],"experts":[155],"with":[156],"experience":[157],"variety":[160],"roles":[164],"responsibilities.":[166],"Finally,":[167],"demonstrated":[172],"using":[173,196],"two":[174],"case":[176],"studies:":[177],"Darkside":[179],"ransomware":[180],"attack":[181],"Colonial":[184],"Pipeline":[185],"destructive":[188],"cyber-attack":[189],"targeting":[190],"Thyssenkrupp":[192],"blast":[193],"furnace.":[194],"By":[195],"approach,":[198],"professionals":[201],"can":[202],"better":[203],"identify":[204],"characterize":[206],"their":[210],"enable":[213],"risk-informed":[214],"investigations":[215],"interruptions":[217],"before":[218],"impact":[219],"occurs.":[220]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}