{"id":"https://openalex.org/W2804019764","doi":"https://doi.org/10.1145/3198458.3198460","title":"Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks","display_name":"Understanding IEC-60870-5-104 Traffic Patterns in SCADA Networks","publication_year":2018,"publication_date":"2018-05-22","ids":{"openalex":"https://openalex.org/W2804019764","doi":"https://doi.org/10.1145/3198458.3198460","mag":"2804019764"},"language":"en","primary_location":{"id":"doi:10.1145/3198458.3198460","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3198458.3198460","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-154412","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048758396","display_name":"Chih\u2010Yuan Lin","orcid":"https://orcid.org/0000-0003-2596-9355"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Chih-Yuan Lin","raw_affiliation_strings":["Link\u00f6ping University, Link\u00f6ping, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Link\u00f6ping University, Link\u00f6ping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068181564","display_name":"Simin Nadjm\u2010Tehrani","orcid":"https://orcid.org/0000-0002-1485-0802"},"institutions":[{"id":"https://openalex.org/I102134673","display_name":"Link\u00f6ping University","ror":"https://ror.org/05ynxx418","country_code":"SE","type":"education","lineage":["https://openalex.org/I102134673"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Simin Nadjm-Tehrani","raw_affiliation_strings":["Link\u00f6ping University, Link\u00f6ping, Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Link\u00f6ping University, Link\u00f6ping, Sweden","institution_ids":["https://openalex.org/I102134673"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.9973,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.91646413,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"51","last_page":"60"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scada","display_name":"SCADA","score":0.9748916625976562},{"id":"https://openalex.org/keywords/polling","display_name":"Polling","score":0.8525199294090271},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6590975522994995},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.5233285427093506},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4355887174606323},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.42769455909729004},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35486045479774475},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.25301456451416016},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.19467097520828247},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.0731549859046936}],"concepts":[{"id":"https://openalex.org/C113863187","wikidata":"https://www.wikidata.org/wiki/Q17498","display_name":"SCADA","level":2,"score":0.9748916625976562},{"id":"https://openalex.org/C204854418","wikidata":"https://www.wikidata.org/wiki/Q1362921","display_name":"Polling","level":2,"score":0.8525199294090271},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6590975522994995},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.5233285427093506},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4355887174606323},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.42769455909729004},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35486045479774475},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.25301456451416016},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.19467097520828247},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0731549859046936},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3198458.3198460","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3198458.3198460","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 4th ACM Workshop on Cyber-Physical System Security","raw_type":"proceedings-article"},{"id":"pmh:oai:DiVA.org:liu-154412","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-154412","pdf_url":null,"source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference paper"}],"best_oa_location":{"id":"pmh:oai:DiVA.org:liu-154412","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-154412","pdf_url":null,"source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference paper"},"sustainable_development_goals":[{"score":0.6399999856948853,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320311328","display_name":"Myndigheten f\u00f6r Samh\u00e4llsskydd och Beredskap","ror":"https://ror.org/04cz2yk65"},{"id":"https://openalex.org/F4320325344","display_name":"Totalf\u00f6rsvarets Forskningsinstitut","ror":"https://ror.org/0470cgs30"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1575698026","https://openalex.org/W1590786596","https://openalex.org/W2035095458","https://openalex.org/W2052228024","https://openalex.org/W2084724474","https://openalex.org/W2089944128","https://openalex.org/W2140139251","https://openalex.org/W2161592722","https://openalex.org/W2289626424","https://openalex.org/W2394912556","https://openalex.org/W2465974911","https://openalex.org/W2623396859","https://openalex.org/W2998254967","https://openalex.org/W4237805666","https://openalex.org/W4386808323"],"related_works":["https://openalex.org/W2615977515","https://openalex.org/W4393179257","https://openalex.org/W4205624458","https://openalex.org/W2987499578","https://openalex.org/W2115760278","https://openalex.org/W2462076241","https://openalex.org/W2076641224","https://openalex.org/W4230797417","https://openalex.org/W4386075345","https://openalex.org/W2146396794"],"abstract_inverted_index":{"The":[0],"IEC-60870-5-104":[1],"(IEC-104)":[2],"protocol":[3],"is":[4,29,152],"commonly":[5],"used":[6,49],"in":[7,50],"Supervisory":[8],"Control":[9],"and":[10,32],"Data":[11],"Acquisition":[12],"(SCADA)":[13],"networks":[14],"to":[15,101,154],"operate":[16],"critical":[17],"infrastructures,":[18],"such":[19,65],"as":[20,66],"power":[21],"stations.":[22],"As":[23],"the":[24,43,46,57,82,103,127,131,156],"importance":[25],"of":[26,34,45,59,107,113,121,123,130],"SCADA":[27,35,51,86],"security":[28],"growing,":[30],"characterization":[31,58],"modeling":[33],"traffic":[36,60,83],"for":[37,134,158],"developing":[38],"defense":[39],"mechanisms":[40],"based":[41],"on":[42],"regularity":[44],"polling":[47],"mechanism":[48],"systems":[52],"has":[53,69],"been":[54,72],"studied,":[55],"whereas":[56],"caused":[61],"by":[62],"non-polling":[63],"mechanisms,":[64,138],"spontaneous":[67,108],"events,":[68],"not":[70],"yet":[71],"studied.":[73,140],"This":[74],"paper":[75],"provides":[76],"a":[77,93],"first":[78],"look":[79],"at":[80],"how":[81],"flowing":[84],"between":[85],"components":[87],"changes":[88],"over":[89],"time.":[90],"It":[91],"proposes":[92],"method":[94,157],"built":[95],"upon":[96],"Probabilistic":[97],"Suffix":[98],"Tree":[99],"(PST)":[100],"discover":[102],"underlying":[104,124],"timing":[105],"patterns":[106,144],"events.":[109],"In":[110],"11":[111],"out":[112],"14":[114],"tested":[115],"data":[116,143],"sequences,":[117],"we":[118],"see":[119],"evidence":[120],"existence":[122],"patterns.":[125],"Next,":[126],"prediction":[128,148],"capability":[129],"approach,":[132],"useful":[133],"devising":[135],"anomaly":[136],"detection":[137],"was":[139],"While":[141],"some":[142],"enable":[145],"an":[146],"80%":[147],"possibility,":[149],"more":[150],"work":[151],"needed":[153],"tune":[155],"higher":[159],"accuracy.":[160]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}