{"id":"https://openalex.org/W2394912556","doi":"https://doi.org/10.1145/2899015.2899028","title":"Exploiting Bro for Intrusion Detection in a SCADA System","display_name":"Exploiting Bro for Intrusion Detection in a SCADA System","publication_year":2016,"publication_date":"2016-05-24","ids":{"openalex":"https://openalex.org/W2394912556","doi":"https://doi.org/10.1145/2899015.2899028","mag":"2394912556"},"language":"en","primary_location":{"id":"doi:10.1145/2899015.2899028","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2899015.2899028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-131559","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038699427","display_name":"Robert Udd","orcid":null},"institutions":[{"id":"https://openalex.org/I4210113652","display_name":"Sectra (Sweden)","ror":"https://ror.org/025nk1308","country_code":"SE","type":"company","lineage":["https://openalex.org/I4210113652"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Robert Udd","raw_affiliation_strings":["Sectra AB, Linkoping, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sectra AB, Linkoping, Sweden","institution_ids":["https://openalex.org/I4210113652"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052612328","display_name":"Mikael Asplund","orcid":"https://orcid.org/0000-0003-1916-3398"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mikael Asplund","raw_affiliation_strings":["Link\u00f6ping University, Linkoping, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Link\u00f6ping University, Linkoping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068181564","display_name":"Simin Nadjm\u2010Tehrani","orcid":"https://orcid.org/0000-0002-1485-0802"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Simin Nadjm-Tehrani","raw_affiliation_strings":["Link\u00f6ping University, Linkoping, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Link\u00f6ping University, Linkoping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057831456","display_name":"Mehrdad Kazemtabrizi","orcid":null},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mehrdad Kazemtabrizi","raw_affiliation_strings":["The Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102842661","display_name":"Mathias Ekstedt","orcid":"https://orcid.org/0000-0003-3922-9606"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mathias Ekstedt","raw_affiliation_strings":["The Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":9.1585,"has_fulltext":false,"cited_by_count":56,"citation_normalized_percentile":{"value":0.98040386,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"44","last_page":"51"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scada","display_name":"SCADA","score":0.9018025994300842},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7827916145324707},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7357923984527588},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.7192754149436951},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.6331688165664673},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6171796321868896},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.5758188962936401},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.5354134440422058},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.48250603675842285},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.46282798051834106},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3924132287502289},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22235843539237976},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.17636898159980774},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.09013599157333374},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.08867588639259338}],"concepts":[{"id":"https://openalex.org/C113863187","wikidata":"https://www.wikidata.org/wiki/Q17498","display_name":"SCADA","level":2,"score":0.9018025994300842},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7827916145324707},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7357923984527588},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.7192754149436951},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.6331688165664673},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6171796321868896},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.5758188962936401},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.5354134440422058},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.48250603675842285},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.46282798051834106},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3924132287502289},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22235843539237976},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.17636898159980774},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.09013599157333374},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.08867588639259338},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2899015.2899028","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2899015.2899028","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security","raw_type":"proceedings-article"},{"id":"pmh:oai:DiVA.org:liu-131559","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-131559","pdf_url":null,"source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference paper"}],"best_oa_location":{"id":"pmh:oai:DiVA.org:liu-131559","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-131559","pdf_url":null,"source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference paper"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6399999856948853,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W264497499","https://openalex.org/W1516506771","https://openalex.org/W1562286769","https://openalex.org/W1619836230","https://openalex.org/W1933020797","https://openalex.org/W1970856950","https://openalex.org/W1982444910","https://openalex.org/W1986533452","https://openalex.org/W2036463896","https://openalex.org/W2111404412","https://openalex.org/W2123007927","https://openalex.org/W2147717867","https://openalex.org/W2161630727","https://openalex.org/W2162998067","https://openalex.org/W4285719527","https://openalex.org/W6606294753"],"related_works":["https://openalex.org/W2615977515","https://openalex.org/W2115760278","https://openalex.org/W2146396794","https://openalex.org/W2809162650","https://openalex.org/W2807864071","https://openalex.org/W2388279172","https://openalex.org/W2617238897","https://openalex.org/W2055218442","https://openalex.org/W4386714408","https://openalex.org/W3164929525"],"abstract_inverted_index":{"Supervisory":[0],"control":[1],"and":[2,18,30,62,65,85,104,115],"data":[3],"acquisition":[4],"(SCADA)":[5],"systems":[6],"that":[7,56,75,139],"run":[8,14],"our":[9,129],"critical":[10],"infrastructure":[11],"are":[12],"increasingly":[13],"with":[15,109],"Internet-based":[16],"protocols":[17],"devices":[19],"for":[20,126],"remote":[21],"monitoring.":[22],"The":[23,67,112],"embedded":[24],"nature":[25],"of":[26,81,97,128],"the":[27,31,98,101,106],"components":[28],"involved,":[29],"legacy":[32],"aspects":[33],"makes":[34],"adding":[35],"new":[36,82],"security":[37],"mechanisms":[38],"in":[39],"an":[40,51,71,90,95,145],"efficient":[41],"manner":[42],"far":[43],"from":[44],"trivial.":[45],"In":[46],"this":[47],"paper":[48],"we":[49,92],"study":[50],"anomaly":[52,107],"detection":[53,113],"based":[54],"approach":[55,68],"enables":[57],"detecting":[58],"zero-day":[59],"malicious":[60],"threats":[61],"benign":[63],"malconfigurations":[64],"mishaps.":[66],"builds":[69],"on":[70],"existing":[72,146],"platform":[73],"(Bro)":[74],"lends":[76],"itself":[77],"to":[78,100,141,144,149],"modular":[79],"addition":[80],"protocol":[83,103,147],"parsers":[84],"event":[86],"handling":[87],"mechanisms.":[88],"As":[89],"example":[91],"have":[93],"shown":[94],"application":[96],"technique":[99],"IEC-60870-5-104":[102],"tested":[105],"detector":[108],"mixed":[110],"results.":[111],"accuracy":[114],"false":[116],"positive":[117],"rate,":[118],"as":[119,121],"well":[120],"real-time":[122],"response":[123],"was":[124],"adequate":[125],"3":[127],"4":[130],"created":[131],"attacks.":[132],"We":[133],"also":[134],"discovered":[135],"some":[136],"additional":[137],"work":[138],"needs":[140],"be":[142],"done":[143],"parser":[148],"extend":[150],"its":[151],"reach.":[152]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":11},{"year":2018,"cited_by_count":11},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}