{"id":"https://openalex.org/W3164234844","doi":"https://doi.org/10.1145/3459960.3459963","title":"A Network Traffic Processing Library for ICS Anomaly Detection","display_name":"A Network Traffic Processing Library for ICS Anomaly Detection","publication_year":2021,"publication_date":"2021-05-26","ids":{"openalex":"https://openalex.org/W3164234844","doi":"https://doi.org/10.1145/3459960.3459963","mag":"3164234844"},"language":"en","primary_location":{"id":"doi:10.1145/3459960.3459963","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3459960.3459963","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"7th Conference on the Engineering of Computer Based Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001527809","display_name":"Ond\u0159ej Ry\u0161av\u00fd","orcid":"https://orcid.org/0000-0001-9652-6418"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Ond\u0159ej Ry\u0161av\u00fd","raw_affiliation_strings":["Brno University of Technology, Czechia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Brno University of Technology, Czechia","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003268701","display_name":"Petr Matou\u0161ek","orcid":"https://orcid.org/0000-0003-4589-2041"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Petr Matou\u0161ek","raw_affiliation_strings":["Brno University of Technology, Czechia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Brno University of Technology, Czechia","institution_ids":["https://openalex.org/I60587646"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I60587646"],"apc_list":null,"apc_paid":null,"fwci":0.4811,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.65979291,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.8200607299804688},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7900956869125366},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.5853541493415833},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5423231720924377},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.5396987795829773},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5272682905197144},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5183683037757874},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.44761496782302856},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.42663440108299255},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3818510174751282},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3307977318763733},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.19480574131011963},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14236819744110107}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.8200607299804688},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7900956869125366},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.5853541493415833},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5423231720924377},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.5396987795829773},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5272682905197144},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5183683037757874},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.44761496782302856},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.42663440108299255},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3818510174751282},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3307977318763733},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.19480574131011963},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14236819744110107}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3459960.3459963","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3459960.3459963","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"7th Conference on the Engineering of Computer Based Systems","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure","score":0.5899999737739563}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W8717022","https://openalex.org/W190891760","https://openalex.org/W2027355980","https://openalex.org/W2032501793","https://openalex.org/W2063432924","https://openalex.org/W2096674597","https://openalex.org/W2244876453","https://openalex.org/W2278186031","https://openalex.org/W2289626424","https://openalex.org/W2300285892","https://openalex.org/W2437244913","https://openalex.org/W2755148105","https://openalex.org/W2806115626","https://openalex.org/W2806797541","https://openalex.org/W2887434122","https://openalex.org/W2896370767","https://openalex.org/W2907570543","https://openalex.org/W2920892691","https://openalex.org/W2922522433","https://openalex.org/W2948517885","https://openalex.org/W3042046988","https://openalex.org/W3081002445","https://openalex.org/W3090821644","https://openalex.org/W3104637727","https://openalex.org/W3105915408","https://openalex.org/W3105931142","https://openalex.org/W4301900453"],"related_works":["https://openalex.org/W1544967040","https://openalex.org/W2594425278","https://openalex.org/W2347338493","https://openalex.org/W2171331105","https://openalex.org/W4226031521","https://openalex.org/W3160314615","https://openalex.org/W2381288267","https://openalex.org/W2155469080","https://openalex.org/W4241964992","https://openalex.org/W2299887038"],"abstract_inverted_index":{"Anomaly":[0],"detection":[1,24,113],"in":[2,16,29,75,122],"industrial":[3],"control":[4],"systems":[5],"based":[6,35],"on":[7,36],"traffic":[8],"monitoring":[9],"is":[10,63,116],"one":[11],"of":[12,49,52],"the":[13,30,50,71,84,107,120,123,127,141],"key":[14],"components":[15],"securing":[17],"these":[18],"critical":[19],"cyber-physical":[20],"environments.":[21],"Many":[22],"anomaly":[23,112],"methods":[25,72,138],"have":[26],"been":[27],"proposed":[28],"past":[31],"decade.":[32],"They":[33],"are":[34,73],"various":[37,76,100],"principles":[38],"stemming":[39],"from":[40],"signature":[41],"detection,":[42],"statistical":[43],"analysis,":[44],"or":[45,102],"machine":[46],"learning.":[47],"Because":[48],"lack":[51],"ICS":[53,94],"communication":[54],"datasets,":[55],"their":[56,61],"evaluation":[57],"and":[58,78,105],"mainly":[59],"comparing":[60],"performance":[62],"problematic.":[64],"If":[65],"provided":[66],"as":[67],"a":[68,89,110],"prototype":[69],"implementation,":[70],"implemented":[74],"languages":[77],"require":[79],"different":[80,137],"input":[81],"formats.":[82],"In":[83],"present":[85],"paper,":[86],"we":[87],"propose":[88],"library":[90,121],"that":[91,125],"can":[92],"process":[93],"communication,":[95],"extract":[96],"required":[97],"information,":[98],"e.g.,":[99],"packet-level":[101],"flow-level":[103],"features,":[104],"provide":[106],"data":[108,146],"to":[109,118,133],"user-specified":[111],"method.":[114],"It":[115],"possible":[117],"integrate":[119],"system":[124],"automates":[126],"entire":[128],"processing":[129],"pipeline":[130],"enabling":[131],"us":[132],"conduct":[134],"experiments":[135],"with":[136],"while":[139],"saving":[140],"time":[142],"needed":[143],"for":[144],"manual":[145],"preparation.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}
