Publications

Frederik Ondrikov, Denis Donadel, Francesco Lupia, Massimo Merro, Emmanuele Zambon, Nicola Zannone (2025). A Comparative Study of ICS Honeypot Deployments. In CPS4CIP2025.

PDF Cite Project

Koen Teuwen, Tom Mulders, Emmanuele Zambon, Luca Allodi (2025). Ruling the Unruly: Designing Effective, Low-Noise Network Intrusion Detection Rules for Security Operations Centers. In ASIACCS2025.

PDF Cite Project DOI

Koen Teuwen, Emmanuele Zambon, Luca Allodi (2025). POSTER: SuriCap - A Measurement Platform to Study and Evaluate Intrusion Detection Rule Engineering. In ASIACCS2025.

PDF Cite Project DOI

Koen Teuwen, Sam Baggen, Emmanuele Zambon, Luca Allodi (2025). On the Effect of Ruleset Tuning and Data Imbalance on Explainable Network Security Alert Classifications: a Case-Study on DeepCASE. In EuroS&PW2025.

PDF Cite Project DOI

Leon Kersten, Santiago Darré, Tom Mulders, Emmanuele Zambon, Marco Caselli, Chris Snijders, Luca Allodi (2024). A Security Alert Investigation Tool Supporting Tier 1 Analysts in Contextualizing and Understanding Network Security Events. In ACSAC2024.

PDF Cite Project DOI

Keerthi Koneru, Juan Lozano, John Castellanos, Emmanuele Zambon, Alvaro Cardenas (2024). Unveiling the Operation and Configuration of a Real-World Bulk Substation Network. In SmartSP 2024.

PDF Cite

Stash Kempinski, Savio Sciancalepore, Emmanuele Zambon, Luca Allodi (2024). Attacking Operational Technology Without Specialized Knowledge: The Unspecialized OT Threat Actor Profile. In EuroS&PW2024.

PDF Cite Project

Martin Rosso, Emmanuele Zambon, Luca Allodi, Jerry den Hartog (2024). A Methodology to Measure the "Cost" of CPS Attacks: Not all CPS Networks are Created Equal. In EuroS&PW2024.

PDF Cite Project

Neil Ortiz, Martin Rosso, Emmanuele Zambon, Jerry den Hartog, Alvaro Cardenas (2024). From Power to Water: Dissecting SCADA Networks Across Different Critical Infrastructures. In PAM 2024.

PDF Cite Project

Luis Salazar, Sebastian Castro, Juan Lozano, Keerthi Koneru, Emmanuele Zambon, Bing Huang, Ross Baldick, Marina Krotofil, Alonso Rojas, Alvaro Cardenas (2024). A Tale of Two Industroyers: It was the Season of Darkness. In S&P 2024.

PDF Cite Project

Stash Kempinski, Shuaib Ichaarine, Savio Sciancalepore, Emmanuele Zambon (2023). ICSvertase: A Framework for Purpose-based Design and Classification of ICS Honeypots. In ARES ‘23.

PDF Cite DOI

Leon Kersten, Tom Mulders, Emmanuele Zambon, Chris Snijders, Luca Allodi (2023). 'Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center. In SOUPS 2023.

PDF Cite

Forescout VedereLabs, Emmanuele Zambon (2022). Industroyer2 and INCONTROLLER - In-depth Technical Analysis of the Most Recent ICS-specific Malware. Forescout.

PDF Cite

Martino Tommasini, Martin Rosso, Emmanuele Zambon, Luca Allodi, Jerry den Hartog (2022). Characterizing Building Automation System Attacks and Attackers. In EuroS&PW2022.

PDF Cite Project

Xi Qin, Martin Rosso, Alvaro A. Cardenas, Sandro Etalle, Jerry den Hartog, Emmanuele Zambon (2022). You Can't Protect What You Don't Understand: Characterizing an Operational Gas SCADA Network. In SafeThings 2022.

PDF Cite Project

Ali Abbasi, Thorsten Holz, Emmanuele Zambon, Sandro Etalle (2017). ECFI: Asynchronous control flow integrity for programmable logic controllers. In ACSAC2017.

PDF Cite DOI

Ali Abbasi, Majid Hashemi, Emmanuele Zambon, Sandro Etalle (2017). Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation. In CRITIS2016.

Cite DOI

Davide Fauri, Bart de Wijs, Jerry den Hartog, Elisa Costante, Emmanuele Zambon, Sandro Etalle (2017). Encryption in ICS networks: A blessing or a curse?. In SmartGridComm2017.

PDF Cite DOI

Ali Abbasi, Jos Wetzels, Wouter Bokslag, Emmanuele Zambon, Sandro Etalle (2017). 𝜇Shield: Configurable Code-Reuse Attacks Mitigation For Embedded Systems. In NSS2017.

Cite Code DOI

Marco Caselli, Emmanuele Zambon, Johanna Amann, Robin Sommer, Frank Kargl (2016). Specification Mining for Intrusion Detection in Networked Control Systems. In USENIX Security 16.

PDF Cite Project DOI

Marco Caselli, Emmanuele Zambon, Jonathan Petit, Frank Kargl (2015). Modeling Message Sequences for Intrusion Detection in Industrial Control Systems. In ICCIP2015.

PDF Cite DOI

Marco Caselli, Emmanuele Zambon, Frank Kargl (2015). Sequence-aware Intrusion Detection in Industrial Control Systems. In CPSS2015.

PDF Cite Project DOI

Dina Hadžiosmanović, Robin Sommer, Emmanuele Zambon, Pieter H. Hartel (2014). Through the eye of the PLC: semantic security monitoring for industrial processes. In ACSAC2014.

PDF Cite Project Project DOI

Ali Abbasi, Jos Wetzels, Wouter Bokslag, Emmanuele Zambon, Sandro Etalle (2014). On Emulation-Based Network Intrusion Detection Systems. In RAID2014.

Cite DOI

Marco Caselli, Dina Hadžiosmanović, Emmanuele Zambon, Frank Kargl (2013). On the Feasibility of Device Fingerprinting in Industrial Control Systems. In CRITIS2013.

PDF Cite DOI

Dina Hadžiosmanović, Lorenzo Simionato, Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle (2012). N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols. In RAID2012.

PDF Cite Project DOI

Emmanuele Zambon, Sandro Etalle, Roel J. Wieringa (2011). A2thOS: availability analysis and optimisation in SLAs. In IJNM2012.

PDF Cite DOI

Ayşe Moralı, Emmanuele Zambon, Sandro Etalle, Roel Wieringa (2010). CRAC: Confidentiality risk assessment and IT-infrastructure comparison. In CNSM2010.

PDF Cite DOI

Emmanuele Zambon, Sandro Etalle, Roel J. Wieringa, Pieter H. Hartel (2010). Model-based qualitative risk assessment for availability of IT infrastructures. In SoSyM2010.

PDF Cite DOI

Ayşe Moralı, Emmanuele Zambon, Siv Hilde Houmb, Karin Sallhammar, Sandro Etalle (2009). Extended eTVRA vs. security checklist: Experiences in a value-web. In ICSE2009.

PDF Cite DOI

Ayşe Moralı, Emmanuele Zambon, Sandro Etalle, P.L. Overbeek (2008). IT confidentiality risk assessment for an architecture-based approach. In BDIM2008.

PDF Cite DOI

Emmanuele Zambon, Damiano Bolzoni, Sandro Etalle, Marco Salvato (2007). A Model Supporting Business Continuity Auditing and Planning in Information Systems. In ICIMP2007.

PDF Cite DOI

Emmanuele Zambon, Damiano Bolzoni, Sandro Etalle, Marco Salvato (2007). Model-Based Mitigation of Availability Risks. In BDIM2007.

PDF Cite DOI

Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle, Pieter Hartel (2006). POSEIDON: a 2-tier anomaly-based network intrusion detection system. In IWIA'06.

PDF Cite DOI