{"id":"https://openalex.org/W7155508989","doi":"https://doi.org/10.48550/arxiv.2604.21626","title":"On the Challenges of Holistic Intrusion Detection in ICS","display_name":"On the Challenges of Holistic Intrusion Detection in ICS","publication_year":2026,"publication_date":"2026-04-23","ids":{"openalex":"https://openalex.org/W7155508989","doi":"https://doi.org/10.48550/arxiv.2604.21626"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.21626","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21626","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.21626","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124792723","display_name":"Stefan Lenz","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lenz, Stefan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076683829","display_name":"Julia Raab","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Raab, Julia","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134559432","display_name":"Benedikt Holzbach","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Holzbach, Benedikt","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134507987","display_name":"Deniz K\u00f6ller","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"K\u00f6ller, Deniz","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093796336","display_name":"Sotiris Michaelides","orcid":"https://orcid.org/0009-0003-6020-3934"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michaelides, Sotiris","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134552168","display_name":"Martin Henze","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Henze, Martin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.991599977016449,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.001500000013038516,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.0010999999940395355,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8564000129699707},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.5716000199317932},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5716000199317932},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.5580999851226807},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.4796999990940094},{"id":"https://openalex.org/keywords/cover","display_name":"Cover (algebra)","score":0.461899995803833},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.4537000060081482},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.39340001344680786},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.33709999918937683}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8564000129699707},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.5716000199317932},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5716000199317932},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.5580999851226807},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5493000149726868},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5467000007629395},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.4796999990940094},{"id":"https://openalex.org/C2780428219","wikidata":"https://www.wikidata.org/wiki/Q16952335","display_name":"Cover (algebra)","level":2,"score":0.461899995803833},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.4537000060081482},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.39340001344680786},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.36039999127388},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.33709999918937683},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.33469998836517334},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.29580000042915344},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.2955999970436096},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.2912999987602234},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.28949999809265137},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.2840999960899353},{"id":"https://openalex.org/C90936777","wikidata":"https://www.wikidata.org/wiki/Q917189","display_name":"Host-based intrusion detection system","level":4,"score":0.2802000045776367},{"id":"https://openalex.org/C155386361","wikidata":"https://www.wikidata.org/wiki/Q1649571","display_name":"Process control","level":3,"score":0.2721000015735626},{"id":"https://openalex.org/C2776973144","wikidata":"https://www.wikidata.org/wiki/Q6880649","display_name":"Misuse detection","level":4,"score":0.26809999346733093},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.2635999917984009},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2517000138759613}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.21626","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21626","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.21626","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.21626","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Past":[0],"attacks":[1],"against":[2],"industrial":[3],"control":[4],"systems":[5,30,54],"(ICS)":[6],"show":[7],"that":[8],"adversaries":[9],"often":[10],"target":[11],"both":[12],"the":[13,17],"ICS":[14,48],"network":[15],"and":[16,72],"physical":[18],"process":[19],"to":[20,56,69,89],"achieve":[21],"potential":[22],"catastrophic":[23],"impact.":[24],"To":[25],"secure":[26],"ICS,":[27],"intrusion":[28,85],"detection":[29,40,53,86],"promise":[31],"timely":[32],"uncovering":[33],"of":[34,47,93],"such":[35],"adversaries.":[36],"However,":[37],"as":[38],"these":[39],"mechanisms":[41],"typically":[42],"focus":[43],"on":[44],"isolated":[45],"characteristics":[46],"(e.g.,":[49],"packet":[50],"timings),":[51],"multiple":[52],"have":[55],"be":[57],"deployed":[58],"in":[59,64],"parallel,":[60],"complicating":[61],"their":[62],"operation":[63],"practice.":[65],"In":[66],"this":[67],"work,":[68],"spur":[70],"discussion":[71],"further":[73],"research,":[74],"we":[75],"present":[76],"challenges":[77],"encountered":[78],"during":[79],"our":[80],"research":[81],"towards":[82],"a":[83],"holistic":[84],"system":[87],"aiming":[88],"cover":[90],"all":[91],"dimensions":[92],"an":[94],"ICS.":[95]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-25T00:00:00"}