{"id":"https://openalex.org/W4200527229","doi":"https://doi.org/10.23919/cnsm52442.2021.9615510","title":"Anomaly Detection of ICS Communication Using Statistical Models","display_name":"Anomaly Detection of ICS Communication Using Statistical Models","publication_year":2021,"publication_date":"2021-10-25","ids":{"openalex":"https://openalex.org/W4200527229","doi":"https://doi.org/10.23919/cnsm52442.2021.9615510"},"language":"en","primary_location":{"id":"doi:10.23919/cnsm52442.2021.9615510","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm52442.2021.9615510","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 17th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027524757","display_name":"Ivana Burgetov\u00e1","orcid":"https://orcid.org/0000-0002-9947-9837"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Ivana Burgetova","raw_affiliation_strings":["Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003268701","display_name":"Petr Matou\u0161ek","orcid":"https://orcid.org/0000-0003-4589-2041"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Petr Matousek","raw_affiliation_strings":["Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001527809","display_name":"Ond\u0159ej Ry\u0161av\u00fd","orcid":"https://orcid.org/0000-0001-9652-6418"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Ondrej Rysavy","raw_affiliation_strings":["Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Brno University of Technology, Brno, Czech Republic","institution_ids":["https://openalex.org/I60587646"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5027524757"],"corresponding_institution_ids":["https://openalex.org/I60587646"],"apc_list":null,"apc_paid":null,"fwci":1.236,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.79753438,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"166","last_page":"172"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6749227643013},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6339240670204163},{"id":"https://openalex.org/keywords/iec-61850","display_name":"IEC 61850","score":0.627553403377533},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5615926384925842},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5496573448181152},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.47090578079223633},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4566466212272644},{"id":"https://openalex.org/keywords/statistical-model","display_name":"Statistical model","score":0.45510047674179077},{"id":"https://openalex.org/keywords/general-packet-radio-service","display_name":"General Packet Radio Service","score":0.4283216595649719},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.40854474902153015},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3801823854446411},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.2849043011665344},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.20209819078445435},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1752835512161255},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17126819491386414},{"id":"https://openalex.org/keywords/wireless","display_name":"Wireless","score":0.16857901215553284},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.12868866324424744}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6749227643013},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6339240670204163},{"id":"https://openalex.org/C2778907243","wikidata":"https://www.wikidata.org/wiki/Q168160","display_name":"IEC 61850","level":3,"score":0.627553403377533},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5615926384925842},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5496573448181152},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.47090578079223633},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4566466212272644},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.45510047674179077},{"id":"https://openalex.org/C86338984","wikidata":"https://www.wikidata.org/wiki/Q79708","display_name":"General Packet Radio Service","level":3,"score":0.4283216595649719},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.40854474902153015},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3801823854446411},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2849043011665344},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.20209819078445435},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1752835512161255},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17126819491386414},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.16857901215553284},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.12868866324424744},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/cnsm52442.2021.9615510","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cnsm52442.2021.9615510","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 17th International Conference on Network and Service Management (CNSM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5299999713897705,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W56428115","https://openalex.org/W627497979","https://openalex.org/W1575698026","https://openalex.org/W2035095458","https://openalex.org/W2035379194","https://openalex.org/W2079054072","https://openalex.org/W2084724474","https://openalex.org/W2122646361","https://openalex.org/W2161592722","https://openalex.org/W2245787472","https://openalex.org/W2465974911","https://openalex.org/W2804019764","https://openalex.org/W2890189996","https://openalex.org/W2904339115","https://openalex.org/W2937619061","https://openalex.org/W2998254967","https://openalex.org/W3016054986","https://openalex.org/W3035172199","https://openalex.org/W3181614810"],"related_works":["https://openalex.org/W2367739416","https://openalex.org/W2352028207","https://openalex.org/W1847012216","https://openalex.org/W2383397189","https://openalex.org/W2364323245","https://openalex.org/W1984507003","https://openalex.org/W2378142920","https://openalex.org/W2351977728","https://openalex.org/W2392964253","https://openalex.org/W2353883626"],"abstract_inverted_index":{"Industrial":[0],"Control":[1],"System":[2],"(ICS)":[3],"transmits":[4],"control":[5],"and":[6,20,35,57,100,140,156,188],"monitoring":[7],"data":[8],"between":[9,147],"devices":[10],"in":[11],"an":[12,164,170],"industrial":[13,181],"environment":[14],"that":[15,40,83,144],"includes":[16],"smart":[17],"grids,":[18],"water":[19],"gas":[21],"distribution,":[22],"or":[23,97,108,169],"traffic":[24,31,146],"control.":[25],"Unlike":[26],"traditional":[27],"internet":[28],"communication,":[29],"ICS":[30,52,78,149],"is":[32,120,154,177],"stable,":[33],"periodical,":[34],"with":[36],"regular":[37],"communication":[38,68,139],"patterns":[39],"can":[41,61,88],"be":[42],"described":[43],"using":[44,84],"statistical":[45,64,85,118,132],"modeling.":[46],"By":[47],"observing":[48],"selected":[49],"features":[50,73],"of":[51,66,72,110,131,163],"transmission,":[53],"e.g.,":[54],"packet":[55,105],"direction":[56],"inter-arrival":[58],"times,":[59],"we":[60,87],"create":[62],"a":[63,117,124,161],"profile":[65,136,143],"the":[67,76,134,141],"based":[69],"on":[70,179],"distribution":[71],"learned":[74],"from":[75,123],"normal":[77],"traffic.":[79],"This":[80],"paper":[81,114],"demonstrates":[82],"modeling,":[86],"detect":[89],"various":[90],"anomalies":[91],"caused":[92],"by":[93],"irregular":[94],"transmissions,":[95],"device":[96],"link":[98],"failures,":[99],"also":[101],"cyber":[102],"attacks":[103],"like":[104],"injection,":[106],"scanning,":[107],"denial":[109],"service":[111],"(DoS).":[112],"The":[113,151,175],"shows":[115],"how":[116],"model":[119],"automatically":[121],"created":[122],"training":[125],"dataset.":[126],"We":[127],"present":[128],"two":[129,148,180],"types":[130],"profiles:":[133],"master-oriented":[135],"for":[137],"one-to-many":[138],"peer-to-peer":[142],"describes":[145],"devices.":[150],"proposed":[152],"approach":[153],"fast":[155],"easy":[157],"to":[158],"implement":[159],"as":[160],"part":[162],"intrusion":[165],"detection":[166,172],"system":[167],"(IDS)":[168],"anomaly":[171],"(AD)":[173],"module.":[174],"proof-of-concept":[176],"demonstrated":[178],"protocols:":[182],"IEC":[183,186,189],"60870-5-104":[184],"(aka":[185],"104)":[187],"61850":[190],"(Goose).":[191]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}