{"id":"https://openalex.org/W2298032891","doi":"https://doi.org/10.1145/2897356.2897361","title":"On the Efficiency of Sampling and Countermeasures to Critical-Infrastructure-Targeted Malware Campaigns","display_name":"On the Efficiency of Sampling and Countermeasures to Critical-Infrastructure-Targeted Malware Campaigns","publication_year":2016,"publication_date":"2016-02-25","ids":{"openalex":"https://openalex.org/W2298032891","doi":"https://doi.org/10.1145/2897356.2897361","mag":"2298032891"},"language":"en","primary_location":{"id":"doi:10.1145/2897356.2897361","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897356.2897361","pdf_url":null,"source":{"id":"https://openalex.org/S4210187660","display_name":"ACM SIGMETRICS Performance Evaluation Review","issn_l":"0163-5999","issn":["0163-5999","1557-9484"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGMETRICS Performance Evaluation Review","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5065068658","display_name":"Michael Grottke","orcid":"https://orcid.org/0000-0001-5758-0163"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Michael Grottke","raw_affiliation_strings":["Friedrich-Alexander-Univ., Erlangen-N\u00fcrnberg, Germany"],"affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Univ., Erlangen-N\u00fcrnberg, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018164102","display_name":"Alberto Avritzer","orcid":"https://orcid.org/0000-0002-9401-9663"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alberto Avritzer","raw_affiliation_strings":["Siemens Corporation, Corporate Technology, USA"],"affiliations":[{"raw_affiliation_string":"Siemens Corporation, Corporate Technology, USA","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034604991","display_name":"Daniel Sadoc Menasch\u00e9","orcid":"https://orcid.org/0000-0002-8953-4003"},"institutions":[{"id":"https://openalex.org/I122140584","display_name":"Universidade Federal do Rio de Janeiro","ror":"https://ror.org/03490as77","country_code":"BR","type":"education","lineage":["https://openalex.org/I122140584"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Daniel S. Menasch\u00e9","raw_affiliation_strings":["Federal University of Rio de Janeiro (UFRJ), Brazil"],"affiliations":[{"raw_affiliation_string":"Federal University of Rio de Janeiro (UFRJ), Brazil","institution_ids":["https://openalex.org/I122140584"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058585548","display_name":"Leandro Pfleger de Aguiar","orcid":"https://orcid.org/0000-0001-6516-328X"},"institutions":[{"id":"https://openalex.org/I4210137693","display_name":"Siemens (United States)","ror":"https://ror.org/04axb7e79","country_code":"US","type":"company","lineage":["https://openalex.org/I1325886976","https://openalex.org/I4210137693"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Leandro P. de Aguiar","raw_affiliation_strings":["Siemens Corporation, Corporate Technology, USA"],"affiliations":[{"raw_affiliation_string":"Siemens Corporation, Corporate Technology, USA","institution_ids":["https://openalex.org/I4210137693"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090818425","display_name":"Eitan Altman","orcid":"https://orcid.org/0000-0002-2177-9979"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Eitan Altman","raw_affiliation_strings":["INRIA Sophia Antipolis, France"],"affiliations":[{"raw_affiliation_string":"INRIA Sophia Antipolis, France","institution_ids":["https://openalex.org/I1326498283"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5065068658"],"corresponding_institution_ids":["https://openalex.org/I181369854"],"apc_list":null,"apc_paid":null,"fwci":0.8686,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.75928044,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"43","issue":"4","first_page":"33","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.888730525970459},{"id":"https://openalex.org/keywords/critical-infrastructure","display_name":"Critical infrastructure","score":0.7006514072418213},{"id":"https://openalex.org/keywords/survivability","display_name":"Survivability","score":0.6362096071243286},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6213928461074829},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5971264243125916},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.5223175883293152},{"id":"https://openalex.org/keywords/quarantine","display_name":"Quarantine","score":0.519598662853241},{"id":"https://openalex.org/keywords/factory","display_name":"Factory (object-oriented programming)","score":0.5113605856895447},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.4811740815639496},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15754687786102295},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.151851087808609},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.13858994841575623}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.888730525970459},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.7006514072418213},{"id":"https://openalex.org/C2781133158","wikidata":"https://www.wikidata.org/wiki/Q1088669","display_name":"Survivability","level":2,"score":0.6362096071243286},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6213928461074829},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5971264243125916},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.5223175883293152},{"id":"https://openalex.org/C2781402358","wikidata":"https://www.wikidata.org/wiki/Q182899","display_name":"Quarantine","level":2,"score":0.519598662853241},{"id":"https://openalex.org/C40149104","wikidata":"https://www.wikidata.org/wiki/Q5620977","display_name":"Factory (object-oriented programming)","level":2,"score":0.5113605856895447},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.4811740815639496},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15754687786102295},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.151851087808609},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.13858994841575623},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2897356.2897361","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2897356.2897361","pdf_url":null,"source":{"id":"https://openalex.org/S4210187660","display_name":"ACM SIGMETRICS Performance Evaluation Review","issn_l":"0163-5999","issn":["0163-5999","1557-9484"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGMETRICS Performance Evaluation Review","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6499999761581421,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1521326058","https://openalex.org/W1590786596","https://openalex.org/W1606570959","https://openalex.org/W1971718521","https://openalex.org/W1973895069","https://openalex.org/W2004238000","https://openalex.org/W2030490025","https://openalex.org/W2040428201","https://openalex.org/W2063519156","https://openalex.org/W2069070185","https://openalex.org/W2084612553","https://openalex.org/W2118820208","https://openalex.org/W2119027795","https://openalex.org/W2128031609","https://openalex.org/W2128175196","https://openalex.org/W2132704120","https://openalex.org/W2142776626","https://openalex.org/W2162598825","https://openalex.org/W2165836036","https://openalex.org/W2170482397","https://openalex.org/W2241836900","https://openalex.org/W2280551461","https://openalex.org/W4386808323","https://openalex.org/W6678722026"],"related_works":["https://openalex.org/W2387494004","https://openalex.org/W2162492390","https://openalex.org/W2350417149","https://openalex.org/W2036372418","https://openalex.org/W2545190132","https://openalex.org/W2105280038","https://openalex.org/W212597372","https://openalex.org/W2114587117","https://openalex.org/W2151533375","https://openalex.org/W1975357770"],"abstract_inverted_index":{"Ensuring":[0],"system":[1],"survivability":[2],"in":[3],"the":[4,15,34,56,72,86],"wake":[5],"of":[6,36,58,74,88,94,113,132],"advanced":[7],"persistent":[8],"threats":[9],"is":[10,18],"a":[11],"big":[12],"challenge":[13],"that":[14,51,119],"security":[16],"community":[17],"facing":[19],"to":[20,54],"ensure":[21],"critical":[22,42],"infrastructure":[23,43],"protection.":[24],"In":[25],"this":[26],"paper,":[27],"we":[28,46,70,84,117],"define":[29],"metrics":[30,62],"and":[31,66,102,129],"models":[32],"for":[33,91,99,134],"assessment":[35],"coordinated":[37],"massive":[38],"malware":[39,95,120],"campaigns":[40],"targeting":[41],"sectors.":[44],"First,":[45],"develop":[47],"an":[48,109],"analytical":[49],"model":[50],"allows":[52],"us":[53],"capture":[55],"effect":[57],"neighborhood":[59],"on":[60],"different":[61],"(e.g.,":[63,96],"infection":[64],"probability":[65],"contagion":[67],"probability).":[68],"Then,":[69],"assess":[71],"impact":[73],"putting":[75],"operational":[76],"but":[77],"possibly":[78],"infected":[79],"nodes":[80,90],"into":[81],"quarantine.":[82],"Finally,":[83],"study":[85],"implications":[87],"scanning":[89,133],"early":[92],"detection":[93],"worms),":[97],"accounting":[98],"false":[100,103],"positives":[101],"negatives.":[104],"Evaluating":[105],"our":[106],"methodology":[107],"using":[108,127],"hierarchical":[110],"topology":[111],"typical":[112],"factory":[114],"automation":[115],"networks,":[116],"find":[118],"infections":[121],"can":[122],"be":[123],"effectively":[124],"contained":[125],"by":[126],"quarantine":[128],"appropriate":[130],"rates":[131],"soft":[135],"impacts.":[136]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}