{"id":"https://openalex.org/W4385192390","doi":"https://doi.org/10.23919/ifipnetworking57963.2023.10186421","title":"TSNZeek: An Open-source Intrusion Detection System for IEEE 802.1 Time-sensitive Networking","display_name":"TSNZeek: An Open-source Intrusion Detection System for IEEE 802.1 Time-sensitive Networking","publication_year":2023,"publication_date":"2023-06-12","ids":{"openalex":"https://openalex.org/W4385192390","doi":"https://doi.org/10.23919/ifipnetworking57963.2023.10186421"},"language":"en","primary_location":{"id":"doi:10.23919/ifipnetworking57963.2023.10186421","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking57963.2023.10186421","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IFIP Networking Conference (IFIP Networking)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013341097","display_name":"Do\u011fanalp Ergen\u00e7","orcid":"https://orcid.org/0000-0003-4640-031X"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Do\u011fanalp Ergen\u00e7","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055050309","display_name":"Robin Schenderlein","orcid":null},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Robin Schenderlein","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033270363","display_name":"Mathias Fischer","orcid":"https://orcid.org/0000-0002-6254-8288"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Mathias Fischer","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5013341097"],"corresponding_institution_ids":["https://openalex.org/I159176309"],"apc_list":null,"apc_paid":null,"fwci":0.8049,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.72970009,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12216","display_name":"Network Time Synchronization Technologies","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12216","display_name":"Network Time Synchronization Technologies","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7700985670089722},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6087012887001038},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6076199412345886},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6035528779029846},{"id":"https://openalex.org/keywords/ethernet","display_name":"Ethernet","score":0.5085252523422241},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4881349503993988},{"id":"https://openalex.org/keywords/ieee-802.15","display_name":"IEEE 802.15","score":0.4717223048210144},{"id":"https://openalex.org/keywords/ieee-802.11u","display_name":"IEEE 802.11u","score":0.4647817611694336},{"id":"https://openalex.org/keywords/ieee-802.1x","display_name":"IEEE 802.1X","score":0.45605868101119995},{"id":"https://openalex.org/keywords/ieee-802.11r-2008","display_name":"IEEE 802.11r-2008","score":0.4528804421424866},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.38960596919059753},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.34626102447509766},{"id":"https://openalex.org/keywords/ieee-802.11","display_name":"IEEE 802.11","score":0.3398342728614807},{"id":"https://openalex.org/keywords/wireless-sensor-network","display_name":"Wireless sensor network","score":0.19530346989631653},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16641542315483093},{"id":"https://openalex.org/keywords/wireless-network","display_name":"Wireless network","score":0.15021222829818726},{"id":"https://openalex.org/keywords/wireless","display_name":"Wireless","score":0.12417897582054138}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7700985670089722},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6087012887001038},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6076199412345886},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6035528779029846},{"id":"https://openalex.org/C172173386","wikidata":"https://www.wikidata.org/wiki/Q79984","display_name":"Ethernet","level":2,"score":0.5085252523422241},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4881349503993988},{"id":"https://openalex.org/C2780407094","wikidata":"https://www.wikidata.org/wiki/Q3267095","display_name":"IEEE 802.15","level":3,"score":0.4717223048210144},{"id":"https://openalex.org/C21651964","wikidata":"https://www.wikidata.org/wiki/Q10566612","display_name":"IEEE 802.11u","level":5,"score":0.4647817611694336},{"id":"https://openalex.org/C28722885","wikidata":"https://www.wikidata.org/wiki/Q1428844","display_name":"IEEE 802.1X","level":5,"score":0.45605868101119995},{"id":"https://openalex.org/C155978914","wikidata":"https://www.wikidata.org/wiki/Q634749","display_name":"IEEE 802.11r-2008","level":5,"score":0.4528804421424866},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.38960596919059753},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.34626102447509766},{"id":"https://openalex.org/C185298936","wikidata":"https://www.wikidata.org/wiki/Q193228","display_name":"IEEE 802.11","level":4,"score":0.3398342728614807},{"id":"https://openalex.org/C24590314","wikidata":"https://www.wikidata.org/wiki/Q336038","display_name":"Wireless sensor network","level":2,"score":0.19530346989631653},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16641542315483093},{"id":"https://openalex.org/C108037233","wikidata":"https://www.wikidata.org/wiki/Q11375","display_name":"Wireless network","level":3,"score":0.15021222829818726},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.12417897582054138}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/ifipnetworking57963.2023.10186421","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking57963.2023.10186421","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IFIP Networking Conference (IFIP Networking)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1516506771","https://openalex.org/W2892927449","https://openalex.org/W2951105308","https://openalex.org/W3006293464","https://openalex.org/W3106545225","https://openalex.org/W3133408253","https://openalex.org/W3156548565","https://openalex.org/W3182781015","https://openalex.org/W3204390072","https://openalex.org/W4226266736","https://openalex.org/W4230427844","https://openalex.org/W4232094724","https://openalex.org/W4234896071","https://openalex.org/W4293863527","https://openalex.org/W4313315847","https://openalex.org/W6630856255","https://openalex.org/W6767081721","https://openalex.org/W6811063271"],"related_works":["https://openalex.org/W2054185742","https://openalex.org/W3165961686","https://openalex.org/W2468639479","https://openalex.org/W2106968138","https://openalex.org/W3195051257","https://openalex.org/W2849484697","https://openalex.org/W2538615287","https://openalex.org/W4380354549","https://openalex.org/W1971851193","https://openalex.org/W2086014969"],"abstract_inverted_index":{"IEEE":[0,58,99],"802.1":[1,59,100],"Time-sensitive":[2],"Networking":[3],"(TSN)":[4],"standards":[5],"are":[6],"envisioned":[7],"to":[8,16,41,75],"replace":[9],"legacy":[10],"network":[11],"protocols":[12],"in":[13,122],"critical":[14],"domains":[15],"ensure":[17],"reliable":[18],"and":[19,31,52,80,95,117],"deterministic":[20],"communication":[21],"over":[22],"off-the-shelf":[23],"Ethernet":[24],"equipment.":[25],"However,":[26],"they":[27],"lack":[28],"security":[29,50],"countermeasures":[30],"can":[32],"even":[33],"impose":[34],"new":[35,71],"attack":[36,83],"vectors":[37],"that":[38,106],"may":[39],"lead":[40],"hazardous":[42],"consequences.":[43],"This":[44],"paper":[45],"presents":[46],"the":[47],"first":[48],"open-source":[49],"monitoring":[51,66],"intrusion":[53],"detection":[54,84],"mechanism,":[55],"TSNZeek,":[56],"for":[57,86,98],"TSN":[60,77,101,125],"protocols.":[61],"We":[62,89],"extend":[63],"an":[64],"existing":[65],"tool,":[67],"Zeek,":[68],"with":[69],"a":[70,81,123],"packet":[72],"parsing":[73],"grammar":[74],"process":[76],"data":[78],"traffic":[79],"rule-based":[82],"engine":[85],"TSN-specific":[87],"threats.":[88],"also":[90],"discuss":[91],"various":[92,120],"security-related":[93],"configuration":[94],"design":[96],"aspects":[97],"monitoring.":[102],"Our":[103],"experiments":[104],"show":[105],"TSNZeek":[107],"causes":[108],"only":[109],"\u223c5%":[110],"CPU":[111],"overhead":[112],"on":[113],"top":[114],"of":[115],"Zeek":[116],"successfully":[118],"detects":[119],"threats":[121],"real":[124],"testbed.":[126]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}