{"id":"https://openalex.org/W4413175911","doi":"https://doi.org/10.1145/3708821.3735345","title":"POSTER: Automating ICS Malware Analysis with MITRE ATT&amp;CK","display_name":"POSTER: Automating ICS Malware Analysis with MITRE ATT&amp;CK","publication_year":2025,"publication_date":"2025-08-13","ids":{"openalex":"https://openalex.org/W4413175911","doi":"https://doi.org/10.1145/3708821.3735345"},"language":"en","primary_location":{"id":"doi:10.1145/3708821.3735345","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3708821.3735345","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 20th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119292128","display_name":"Fatih Kurt","orcid":null},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Fatih Kurt","raw_affiliation_strings":["Cardiff University, Cardiff, United Kingdom"],"raw_orcid":"https://orcid.org/0009-0005-7515-8544","affiliations":[{"raw_affiliation_string":"Cardiff University, Cardiff, United Kingdom","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011086368","display_name":"Neetesh Saxena","orcid":"https://orcid.org/0000-0002-6437-0807"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Neetesh Saxena","raw_affiliation_strings":["Cardiff University, Cardiff, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-6437-0807","affiliations":[{"raw_affiliation_string":"Cardiff University, Cardiff, United Kingdom","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100605073","display_name":"Vijay Kumar","orcid":"https://orcid.org/0000-0001-5288-0415"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Vijay Kumar","raw_affiliation_strings":["Cardiff University, Cardiff, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-5288-0415","affiliations":[{"raw_affiliation_string":"Cardiff University, Cardiff, United Kingdom","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"last","author":{"id":null,"display_name":"George Theodorakopoulos","orcid":"https://orcid.org/0000-0003-2701-7809"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"George Theodorakopoulos","raw_affiliation_strings":["Cardiff University, Cardiff, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0003-2701-7809","affiliations":[{"raw_affiliation_string":"Cardiff University, Cardiff, United Kingdom","institution_ids":["https://openalex.org/I79510175"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.064,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.78568181,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1806","last_page":"1808"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9908999800682068,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.716702938079834},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6738247871398926},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.652578592300415},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.6072597503662109}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.716702938079834},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6738247871398926},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.652578592300415},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.6072597503662109}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3708821.3735345","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3708821.3735345","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 20th ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:https://orca.cardiff.ac.uk:177987","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S7407055383","display_name":"ORCA Online Research @Cardiff","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5099999904632568,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W3158020972","https://openalex.org/W4210904635","https://openalex.org/W4362704786","https://openalex.org/W4400529226","https://openalex.org/W4403331590"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W4285507391","https://openalex.org/W3164408430","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"The":[0],"increasing":[1],"interconnections":[2],"and":[3,27,46,96,113,122,126,146],"rapid":[4],"changes":[5],"in":[6,55],"the":[7,13,24,32,41,84,87,93],"nature":[8],"of":[9,43,86,98],"cyber":[10],"threats":[11],"targeting":[12,106],"Industrial":[14],"Control":[15],"Systems":[16],"(ICS),":[17],"it":[18,74],"is":[19],"crucial":[20],"to":[21,39,59,76,137],"understand":[22],"how":[23],"malware":[25,99,107,139],"patterns":[26],"behavior":[28],"have":[29],"evolved":[30],"over":[31],"years.":[33],"Gaining":[34],"this":[35,51],"understanding":[36],"allows":[37],"us":[38],"assess":[40],"effectiveness":[42],"current":[44],"detection":[45],"defense":[47],"mechanisms.":[48],"Insights":[49],"from":[50],"work":[52,82],"will":[53],"help":[54],"building":[56],"effective":[57],"defenses":[58],"counter":[60],"such":[61],"sophisticated":[62],"behavior.":[63],"Traditional":[64],"threat":[65,131],"analysis":[66],"methods":[67],"rely":[68],"on":[69],"text":[70],"heavy":[71],"representations,":[72],"making":[73],"difficult":[75],"identify":[77],"attack":[78,100],"trends":[79],"efficiently.":[80],"This":[81,133],"improves":[83],"usability":[85],"MITRE":[88],"ATT&CK":[89],"framework":[90],"by":[91],"automating":[92],"extraction,":[94],"comparison,":[95],"visualization":[97],"techniques.":[101],"By":[102],"analyzing":[103],"five":[104],"ICS":[105,148],"families":[108],"BlackEnergy,":[109],"Industroyer,":[110],"Industroyer2,":[111],"Pipedream,":[112],"Triton,":[114],"our":[115],"developed":[116],"tool":[117],"identifies":[118],"recurring":[119],"adversary":[120],"tactics":[121],"provides":[123],"structured":[124],"heatmaps":[125],"network":[127],"graphs":[128],"for":[129],"improved":[130],"intelligence.":[132],"approach":[134],"enables":[135],"analysts":[136],"compare":[138],"behaviors":[140],"more":[141],"effectively,":[142],"prioritize":[143],"security":[144],"strategies,":[145],"strengthen":[147],"cybersecurity":[149],"resilience.":[150]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}