{"id":"https://openalex.org/W4309299582","doi":"https://doi.org/10.1109/tsg.2022.3222261","title":"HELOT\u2013Hunting Evil Life in Operational Technology","display_name":"HELOT\u2013Hunting Evil Life in Operational Technology","publication_year":2022,"publication_date":"2022-11-15","ids":{"openalex":"https://openalex.org/W4309299582","doi":"https://doi.org/10.1109/tsg.2022.3222261"},"language":"en","primary_location":{"id":"doi:10.1109/tsg.2022.3222261","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tsg.2022.3222261","pdf_url":"https://ieeexplore.ieee.org/ielx7/5165411/5446437/09951382.pdf","source":{"id":"https://openalex.org/S59604973","display_name":"IEEE Transactions on Smart Grid","issn_l":"1949-3053","issn":["1949-3053","1949-3061"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Smart Grid","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/5165411/5446437/09951382.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071217058","display_name":"Syed Akailvi","orcid":null},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Syed Akailvi","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013994092","display_name":"Uddhav Gautam","orcid":null},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Uddhav Gautam","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104096080","display_name":"Praveshika Bhandari","orcid":null},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Praveshika Bhandari","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060399823","display_name":"Hadi Rashid","orcid":"https://orcid.org/0000-0002-8524-4404"},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hadi Rashid","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":"https://orcid.org/0000-0002-8524-4404","affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109591528","display_name":"Philip D. Huff","orcid":null},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Philip D. Huff","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":"https://orcid.org/0000-0003-0226-8329","affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024444411","display_name":"Jan P. Springer","orcid":"https://orcid.org/0000-0001-6700-6413"},"institutions":[{"id":"https://openalex.org/I102401767","display_name":"University of Arkansas at Little Rock","ror":"https://ror.org/04fttyv97","country_code":"US","type":"education","lineage":["https://openalex.org/I102401767"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jan P. Springer","raw_affiliation_strings":["Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA"],"raw_orcid":"https://orcid.org/0000-0001-6700-6413","affiliations":[{"raw_affiliation_string":"Department of Computer Science and the Emerging Analytics Center, UA Little Rock, Little Rock, AR, USA","institution_ids":["https://openalex.org/I102401767"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5071217058"],"corresponding_institution_ids":["https://openalex.org/I102401767"],"apc_list":null,"apc_paid":null,"fwci":2.8713,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.92426316,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"14","issue":"4","first_page":"3058","last_page":"3071"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.6011427044868469},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5994068384170532},{"id":"https://openalex.org/keywords/personalization","display_name":"Personalization","score":0.5523647665977478},{"id":"https://openalex.org/keywords/realization","display_name":"Realization (probability)","score":0.5122637152671814},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.47189363837242126},{"id":"https://openalex.org/keywords/legacy-system","display_name":"Legacy system","score":0.46652135252952576},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.46127817034721375},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.44389986991882324},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4050959050655365},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3629416823387146},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3278990387916565},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.30563703179359436},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14008021354675293},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.11665815114974976}],"concepts":[{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.6011427044868469},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5994068384170532},{"id":"https://openalex.org/C183003079","wikidata":"https://www.wikidata.org/wiki/Q1000371","display_name":"Personalization","level":2,"score":0.5523647665977478},{"id":"https://openalex.org/C2781089630","wikidata":"https://www.wikidata.org/wiki/Q21856745","display_name":"Realization (probability)","level":2,"score":0.5122637152671814},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.47189363837242126},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.46652135252952576},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.46127817034721375},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.44389986991882324},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4050959050655365},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3629416823387146},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3278990387916565},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.30563703179359436},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14008021354675293},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.11665815114974976},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tsg.2022.3222261","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tsg.2022.3222261","pdf_url":"https://ieeexplore.ieee.org/ielx7/5165411/5446437/09951382.pdf","source":{"id":"https://openalex.org/S59604973","display_name":"IEEE Transactions on Smart Grid","issn_l":"1949-3053","issn":["1949-3053","1949-3061"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Smart Grid","raw_type":"journal-article"},{"id":"pmh:oai:osti.gov:1898447","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1898447","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.1109/tsg.2022.3222261","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tsg.2022.3222261","pdf_url":"https://ieeexplore.ieee.org/ielx7/5165411/5446437/09951382.pdf","source":{"id":"https://openalex.org/S59604973","display_name":"IEEE Transactions on Smart Grid","issn_l":"1949-3053","issn":["1949-3053","1949-3061"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Smart Grid","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5600000023841858,"id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G3699118498","display_name":null,"funder_award_id":"OE0000779","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G5628712387","display_name":null,"funder_award_id":"DEOE0000779","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"},{"id":"https://openalex.org/G8525368751","display_name":null,"funder_award_id":"DE-OE0000779","funder_id":"https://openalex.org/F4320306084","funder_display_name":"U.S. Department of Energy"}],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4309299582.pdf","grobid_xml":"https://content.openalex.org/works/W4309299582.grobid-xml"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W36091977","https://openalex.org/W38537450","https://openalex.org/W1973211701","https://openalex.org/W1978514793","https://openalex.org/W2012446724","https://openalex.org/W2012954690","https://openalex.org/W2029718750","https://openalex.org/W2041078517","https://openalex.org/W2054018023","https://openalex.org/W2055289210","https://openalex.org/W2056451850","https://openalex.org/W2079215333","https://openalex.org/W2089944128","https://openalex.org/W2091236895","https://openalex.org/W2100151287","https://openalex.org/W2101234009","https://openalex.org/W2111724279","https://openalex.org/W2116256634","https://openalex.org/W2116820421","https://openalex.org/W2146330317","https://openalex.org/W2153393809","https://openalex.org/W2154107003","https://openalex.org/W2163274247","https://openalex.org/W2169820422","https://openalex.org/W2295598076","https://openalex.org/W2295637543","https://openalex.org/W2417282157","https://openalex.org/W2461893302","https://openalex.org/W2772356386","https://openalex.org/W2791879367","https://openalex.org/W2803342829","https://openalex.org/W4236362309","https://openalex.org/W6601553728","https://openalex.org/W6675354045","https://openalex.org/W6677243974","https://openalex.org/W6683915950"],"related_works":["https://openalex.org/W2022544890","https://openalex.org/W2109940557","https://openalex.org/W2394097730","https://openalex.org/W2412619465","https://openalex.org/W2466832359","https://openalex.org/W2043523297","https://openalex.org/W2475378634","https://openalex.org/W2113405914","https://openalex.org/W4391210591","https://openalex.org/W1582019636"],"abstract_inverted_index":{"Operational":[0],"technology":[1,10],"(OT)":[2],"refers":[3],"to":[4,104,126],"the":[5,41,49,69,80,128],"industrial":[6,20,28],"counterpart":[7],"of":[8,27,51,72,113],"information":[9],"(IT).":[11],"OT":[12,34,75,119],"encompasses":[13],"technology,":[14],"systems,":[15,33,35,76,78],"and":[16,25,64,79,96,121],"protocols":[17],"used":[18,39],"in":[19,40,48,98,134],"operations":[21],"for":[22,94,124,131],"controlling,":[23],"monitoring,":[24],"operating":[26],"systems.":[29],"Unlike":[30],"standard":[31],"IT":[32,77],"such":[36],"as":[37,100,102],"those":[38],"industry,":[42],"usually":[43],"cannot":[44],"be":[45,86],"taken":[46],"off-line":[47],"event":[50],"postmortem":[52],"forensics":[53,114],"investigations.":[54],"To":[55],"remedy":[56],"this":[57],"situation":[58],"we":[59],"present":[60],"a":[61,117],"software":[62],"architecture":[63,84],"prototype":[65],"realization":[66],"that":[67],"allows":[68],"continuous":[70],"capture":[71],"events":[73],"within":[74],"interconnected":[81],"network(s).":[82],"Our":[83],"can":[85],"realized":[87],"with":[88],"existing":[89],"technologies":[90],"while":[91],"also":[92],"allowing":[93],"extension":[95],"customization":[97],"functionality":[99],"well":[101],"application":[103,110],"diverse":[105],"domains.":[106],"We":[107],"outline":[108],"two":[109],"cases:":[111],"capturing":[112],"artifacts":[115],"from":[116],"live":[118],"system":[120],"possible":[122],"paths":[123],"automation":[125],"reduce":[127],"cognitive":[129],"load":[130],"cybersecurity":[132],"operators":[133],"combined":[135],"IT/OT":[136],"environments.":[137]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}