{"id":"https://openalex.org/W2765669192","doi":"https://doi.org/10.1145/3140241.3140245","title":"A New Burst-DFA model for SCADA Anomaly Detection","display_name":"A New Burst-DFA model for SCADA Anomaly Detection","publication_year":2017,"publication_date":"2017-10-31","ids":{"openalex":"https://openalex.org/W2765669192","doi":"https://doi.org/10.1145/3140241.3140245","mag":"2765669192"},"language":"en","primary_location":{"id":"doi:10.1145/3140241.3140245","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3140241.3140245","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5026492713","display_name":"Chen Markman","orcid":null},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Chen Markman","raw_affiliation_strings":["Tel Aviv University, Ramat Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Tel Aviv University, Ramat Aviv, Israel","institution_ids":["https://openalex.org/I16391192"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042818115","display_name":"Avishai Wool","orcid":"https://orcid.org/0000-0002-8371-4759"},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Avishai Wool","raw_affiliation_strings":["Tel Aviv University, Ramat Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Tel Aviv University, Ramat Aviv, Israel","institution_ids":["https://openalex.org/I16391192"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5016892225","display_name":"\u00c1lvaro A. C\u00e1rdenas","orcid":"https://orcid.org/0000-0002-5142-9750"},"institutions":[{"id":"https://openalex.org/I162577319","display_name":"The University of Texas at Dallas","ror":"https://ror.org/049emcs32","country_code":"US","type":"education","lineage":["https://openalex.org/I162577319"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alvaro A. Cardenas","raw_affiliation_strings":["University of Texas at Dallas, Richardson, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, Richardson, TX, USA","institution_ids":["https://openalex.org/I162577319"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5026492713"],"corresponding_institution_ids":["https://openalex.org/I16391192"],"apc_list":null,"apc_paid":null,"fwci":1.7502,"has_fulltext":false,"cited_by_count":24,"citation_normalized_percentile":{"value":0.87289891,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":93,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scada","display_name":"SCADA","score":0.8673845529556274},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6313508152961731},{"id":"https://openalex.org/keywords/programmable-logic-controller","display_name":"Programmable logic controller","score":0.5663762092590332},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5599634051322937},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.48702937364578247},{"id":"https://openalex.org/keywords/traffic-generation-model","display_name":"Traffic generation model","score":0.4488636255264282},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.41096681356430054},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3858654201030731},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.35266605019569397},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.23354637622833252},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.15015378594398499}],"concepts":[{"id":"https://openalex.org/C113863187","wikidata":"https://www.wikidata.org/wiki/Q17498","display_name":"SCADA","level":2,"score":0.8673845529556274},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6313508152961731},{"id":"https://openalex.org/C37374048","wikidata":"https://www.wikidata.org/wiki/Q188674","display_name":"Programmable logic controller","level":2,"score":0.5663762092590332},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5599634051322937},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.48702937364578247},{"id":"https://openalex.org/C176715033","wikidata":"https://www.wikidata.org/wiki/Q2080768","display_name":"Traffic generation model","level":2,"score":0.4488636255264282},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.41096681356430054},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3858654201030731},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.35266605019569397},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.23354637622833252},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.15015378594398499},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3140241.3140245","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3140241.3140245","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/6","score":0.6100000143051147,"display_name":"Clean water and sanitation"}],"awards":[{"id":"https://openalex.org/G5125214993","display_name":null,"funder_award_id":"2016704","funder_id":"https://openalex.org/F4320308960","funder_display_name":"United States - Israel Binational Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320308960","display_name":"United States - Israel Binational Science Foundation","ror":"https://ror.org/00j8z2m73"},{"id":"https://openalex.org/F4320320950","display_name":"United States-Israel Binational Science Foundation","ror":"https://ror.org/00j8z2m73"},{"id":"https://openalex.org/F4320322252","display_name":"Israel Science Foundation","ror":"https://ror.org/04sazxf24"},{"id":"https://openalex.org/F4320322596","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49"},{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W38537450","https://openalex.org/W214166028","https://openalex.org/W766792511","https://openalex.org/W1561205616","https://openalex.org/W1590786596","https://openalex.org/W1674877186","https://openalex.org/W1974853427","https://openalex.org/W1985987493","https://openalex.org/W1992867926","https://openalex.org/W2021702566","https://openalex.org/W2035095458","https://openalex.org/W2035379194","https://openalex.org/W2039427951","https://openalex.org/W2063189201","https://openalex.org/W2089944128","https://openalex.org/W2119463329","https://openalex.org/W2161592722","https://openalex.org/W2184570813","https://openalex.org/W2288766236","https://openalex.org/W2501509689","https://openalex.org/W2535751405","https://openalex.org/W2541315509","https://openalex.org/W2590845164","https://openalex.org/W2619874920","https://openalex.org/W2732665834","https://openalex.org/W2751144136","https://openalex.org/W4254813923","https://openalex.org/W4256621493"],"related_works":["https://openalex.org/W2615977515","https://openalex.org/W2115760278","https://openalex.org/W2146396794","https://openalex.org/W2807864071","https://openalex.org/W2809162650","https://openalex.org/W2388279172","https://openalex.org/W2617238897","https://openalex.org/W4386714408","https://openalex.org/W3164929525","https://openalex.org/W2952960077"],"abstract_inverted_index":{"In":[0,76],"Industrial":[1],"Control":[2],"Systems":[3],"(ICS/SCADA),":[4],"machine":[5,7],"to":[6,23,46,50,155],"data":[8,83,132],"traffic":[9,26,62,142],"is":[10,21,99],"highly":[11],"periodic.":[12],"Past":[13],"work":[14],"showed":[15,70],"that":[16,71,88,106,129],"in":[17,53,63,67,96,101,178],"many":[18],"cases,":[19],"it":[20],"possible":[22],"model":[24,49,128,139,168],"the":[25,35,48,54,68,81,89,94,97,107,118,131,141,156,159,176,179,187],"between":[27,171],"each":[28,144,153],"individual":[29],"Programmable":[30],"Logic":[31],"Controller":[32],"(PLC)":[33],"and":[34,45,105,151,162,173,181],"SCADA":[36],"server":[37],"by":[38],"a":[39,57,64,114,125,147,183,190],"cyclic":[40],"Deterministic":[41],"Finite":[42],"Automaton":[43],"(DFA),":[44],"use":[47],"detect":[51],"anomalies":[52],"traffic.":[55],"However,":[56],"recent":[58],"analysis":[59],"of":[60,93,103,149,175,189],"network":[61,98],"water":[65],"facility":[66],"U.S,":[69],"cyclic-DFA":[72],"models":[73],"have":[74,109],"limitations.":[75],"our":[77,85],"research,":[78],"we":[79,123],"examine":[80],"same":[82],"corpus;":[84],"study":[86],"shows":[87],"communication":[90],"on":[91,117,143],"all":[92],"channels":[95],"done":[100],"bursts":[102,108],"packets,":[104],"semantic":[110],"meaning---the":[111],"order":[112],"within":[113],"burst":[115,154],"depends":[116],"messages.":[119],"Using":[120],"these":[121],"observations,":[122],"suggest":[124],"new":[126],"burst-DFA":[127,167],"fits":[130],"much":[133],"better":[134],"than":[135],"previous":[136],"work.":[137],"Our":[138,166],"treats":[140],"channel":[145],"as":[146],"series":[148],"bursts,":[150],"matches":[152],"DFA,":[157],"taking":[158],"burst's":[160],"beginning":[161],"end":[163],"into":[164],"account.":[165],"successfully":[169],"explains":[170],"95%":[172],"99%":[174],"packets":[177],"data-corpus,":[180],"goes":[182],"long":[184],"way":[185],"toward":[186],"construction":[188],"practical":[191],"anomaly":[192],"detection":[193],"system.":[194]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":2}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}