{"id":"https://openalex.org/W4417130685","doi":"https://doi.org/10.1109/tii.2025.3633514","title":"Security Requirements Elicitation for Industrial Control Systems Based on Secure Tropos Under Strategically-Motivated Advanced Persistent Threats","display_name":"Security Requirements Elicitation for Industrial Control Systems Based on Secure Tropos Under Strategically-Motivated Advanced Persistent Threats","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W4417130685","doi":"https://doi.org/10.1109/tii.2025.3633514"},"language":null,"primary_location":{"id":"doi:10.1109/tii.2025.3633514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2025.3633514","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043702911","display_name":"Peihang Xu","orcid":"https://orcid.org/0000-0002-8505-9639"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Peihang Xu","raw_affiliation_strings":["Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-8505-9639","affiliations":[{"raw_affiliation_string":"Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053582981","display_name":"Chunjie Zhou","orcid":"https://orcid.org/0000-0001-5291-5841"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunjie Zhou","raw_affiliation_strings":["Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-5291-5841","affiliations":[{"raw_affiliation_string":"Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054879966","display_name":"Xi Liang","orcid":"https://orcid.org/0000-0002-0674-2246"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuqing Liang","raw_affiliation_strings":["Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005839697","display_name":"Minglu Wang","orcid":"https://orcid.org/0009-0001-4507-8093"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Minglu Wang","raw_affiliation_strings":["Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032497433","display_name":"Sardar Shan Ali Naqvi","orcid":"https://orcid.org/0000-0001-7884-8202"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Sardar Shan Ali Naqvi","raw_affiliation_strings":["Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-7884-8202","affiliations":[{"raw_affiliation_string":"Key Laboratory of Ministry of Education for Image Processing and Intelligent Control, School of Artificial Intelligence and Automation, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5043702911"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.46356303,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"22","issue":"3","first_page":"1986","last_page":"1995"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.0013000000035390258,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11357","display_name":"Risk and Safety Analysis","score":0.0006000000284984708,"subfield":{"id":"https://openalex.org/subfields/1804","display_name":"Statistics, Probability and Uncertainty"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/requirements-elicitation","display_name":"Requirements elicitation","score":0.7049000263214111},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.6273000240325928},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5943999886512756},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4846000075340271},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.37940001487731934},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.35100001096725464},{"id":"https://openalex.org/keywords/goal-modeling","display_name":"Goal modeling","score":0.34360000491142273},{"id":"https://openalex.org/keywords/requirements-analysis","display_name":"Requirements analysis","score":0.33980000019073486}],"concepts":[{"id":"https://openalex.org/C45384764","wikidata":"https://www.wikidata.org/wiki/Q838667","display_name":"Requirements elicitation","level":4,"score":0.7049000263214111},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.6273000240325928},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5943999886512756},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5181999802589417},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4846000075340271},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.4083000123500824},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39879998564720154},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.37940001487731934},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.35100001096725464},{"id":"https://openalex.org/C9586889","wikidata":"https://www.wikidata.org/wiki/Q5575167","display_name":"Goal modeling","level":4,"score":0.34360000491142273},{"id":"https://openalex.org/C59488412","wikidata":"https://www.wikidata.org/wiki/Q187147","display_name":"Requirements analysis","level":3,"score":0.33980000019073486},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3391000032424927},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3384000062942505},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.3375999927520752},{"id":"https://openalex.org/C72161134","wikidata":"https://www.wikidata.org/wiki/Q5421219","display_name":"Expert elicitation","level":2,"score":0.33469998836517334},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.3179999887943268},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.3165999948978424},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.3059000074863434},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3000999987125397},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.29280000925064087},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2858999967575073},{"id":"https://openalex.org/C173577280","wikidata":"https://www.wikidata.org/wiki/Q530038","display_name":"Requirements management","level":4,"score":0.27619999647140503},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.26330000162124634},{"id":"https://openalex.org/C172862783","wikidata":"https://www.wikidata.org/wiki/Q5165888","display_name":"Control system security","level":5,"score":0.25290000438690186},{"id":"https://openalex.org/C6604083","wikidata":"https://www.wikidata.org/wiki/Q376937","display_name":"Requirements engineering","level":3,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2025.3633514","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2025.3633514","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2727820605","display_name":null,"funder_award_id":"62320106005","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8899279166","display_name":null,"funder_award_id":"62127808","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Advanced":[0],"persistent":[1],"threats":[2],"(APTs)":[3],"poses":[4],"significant":[5],"challenges":[6],"to":[7,61,79,104],"security":[8,15,25],"of":[9,17,87],"industrial":[10,99],"control":[11],"systems":[12],"(ICSs).":[13],"Existing":[14],"measures":[16],"ICSs":[18],"are":[19,29],"based":[20,123],"on":[21,124],"insufficient":[22],"and":[23,34,58,70,109,130,149],"isolated":[24],"requirements":[26],"(SRs),":[27],"which":[28],"elicited":[30],"for":[31,51,77,97],"individual":[32],"devices":[33],"often":[35],"overlook":[36],"APT":[37,81],"attacks":[38],"with":[39,119],"complex":[40],"strategies.":[41],"To":[42,83],"solve":[43],"this":[44],"problem,":[45],"we":[46,73,91,115],"propose":[47],"an":[48,95,98],"elicitation":[49,121],"method":[50,57,141],"SRs":[52,108],"that":[53,138],"incorporates":[54],"Secure":[55,64],"Tropos":[56,65],"threat":[59],"modeling":[60],"APTs.":[62],"The":[63,135],"can":[66],"model":[67],"ICS":[68,78,96],"components":[69],"interactions.":[71],"Notably,":[72],"adopt":[74],"MITRE":[75],"ATT&CK":[76],"design":[80],"attacks.":[82],"verify":[84],"the":[85,88,139,147],"effectiveness":[86,148],"proposed":[89,140],"method,":[90],"used":[92],"it":[93],"in":[94],"fluid":[100],"catalytic":[101],"cracking":[102],"process":[103],"elicit":[105],"109":[106],"common":[107],"103":[110],"specific":[111],"SRs.":[112],"In":[113],"addition,":[114],"conduct":[116],"performance":[117],"evaluations":[118],"existing":[120],"methods":[122],"two":[125],"standards:":[126],"1)":[127],"IEC":[128],"62443":[129],"2)":[131],"NIST":[132],"SP":[133],"800-82.":[134],"results":[136],"demonstrate":[137],"achieves":[142],"a":[143],"good":[144],"balance":[145],"between":[146],"cross-platform":[150],"capability.":[151]},"counts_by_year":[],"updated_date":"2026-03-06T06:45:51.903784","created_date":"2025-12-08T00:00:00"}