<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">tuzsut</journal-id><journal-title-group><journal-title xml:lang="ru">Труды учебных заведений связи</journal-title><trans-title-group xml:lang="en"><trans-title>Proceedings of Telecommunication Universities</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1813-324X</issn><issn pub-type="epub">2712-8830</issn><publisher><publisher-name>СПбГУТ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.31854/1813-324X-2026-12-2-74-91</article-id><article-id custom-type="edn" pub-id-type="custom">GEUZWL</article-id><article-id custom-type="elpub" pub-id-type="custom">tuzsut-787</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGIES AND TELECOMMUNICATION</subject></subj-group></article-categories><title-group><article-title>Представление промышленного трафика и кодирование протокольной семантики для трансформерных моделей в малых сетях Industrial Ethernet</article-title><trans-title-group xml:lang="en"><trans-title>Representation of Industrial Traffic and Encoding of Protocol Semantics for Transformer Models in Small Industrial Ethernet Networks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0004-1489-927X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Буи</surname><given-names>Н. Ч.</given-names></name><name name-style="western" xml:lang="en"><surname>Bui</surname><given-names>N. T.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирант кафедры инфокоммуникационных систем и сетей Московского физико-технического института (национального исследовательского университета)  </p></bio><email xlink:type="simple">bui.nch@phystech.edu</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-8898-2720</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Пащенко</surname><given-names>Ф. Ф.</given-names></name><name name-style="western" xml:lang="en"><surname>Pashchenko</surname><given-names>F. F.</given-names></name></name-alternatives><bio xml:lang="ru"><p>доктор технических наук, профессор, главный научный сотрудник Лаборатории № 40 «Интеллектуальных систем управления и моделирования» Института проблем управления им. В.А. Трапезникова РАН, профессор кафедры инфокоммуникационных систем и сетей Московского физико-технического института (национального исследовательского университета)</p></bio><email xlink:type="simple">pif-70@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0006-6742-5398</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>То</surname><given-names>Ф. Т.</given-names></name><name name-style="western" xml:lang="en"><surname>To</surname><given-names>P. T.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирант кафедры инфокоммуникационных систем и сетей Московского физико-технического института (национального исследовательского университета) </p></bio><email xlink:type="simple">to.ft@phystech.edu</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Московский физико-технический институт (национальный исследовательский университет)</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Moscow Institute of Physics and Technology</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Московский физико-технический институт (национальный исследовательский университет);&#13;
Институт проблем управления РАН им. академика В.А. Трапезникова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Moscow Institute of Physics and Technology;&#13;
Institute of Control Sciences RAS</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2026</year></pub-date><pub-date pub-type="epub"><day>29</day><month>04</month><year>2026</year></pub-date><volume>12</volume><issue>2</issue><fpage>74</fpage><lpage>91</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Буи Н.Ч., Пащенко Ф.Ф., То Ф.Т., 2026</copyright-statement><copyright-year>2026</copyright-year><copyright-holder xml:lang="ru">Буи Н.Ч., Пащенко Ф.Ф., То Ф.Т.</copyright-holder><copyright-holder xml:lang="en">Bui N.T., Pashchenko F.F., To P.T.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tuzs.sut.ru/jour/article/view/787">https://tuzs.sut.ru/jour/article/view/787</self-uri><abstract><p>В современных индустриальных сетях Industrial Ethernet обнаружение аномалий и кибератак требует учета протокольной семантики трафика. Актуальность исследования обусловлена ростом числа атак на промышленные системы управления, усилением интеграции производственных и корпоративных сетей, а также широким использованием промышленных протоколов, часть которых изначально не ориентировалась на современные требования к кибербезопасности. Традиционные сигнатурные средства обнаружения ограниченно выявляют ранее неизвестные и скрытные атаки, тогда как подходы, основанные только на статистических характеристиках потоков, нередко теряют важную информацию о логике обмена, ролях сообщений и особенностях прикладного уровня промышленных протоколов. Дополнительную сложность создает дефицит размеченных данных, характерный для реальных промышленных объектов, что затрудняет обучение устойчивых моделей обнаружения атак.</p><sec><title>Цель</title><p>Цель: разработать способ представления промышленного трафика в виде токенизированных последовательностей, пригодных для применения трансформерных моделей в малых сетях Industrial Ethernet.</p></sec><sec><title>Методы</title><p>Методы. Использованы потоково-сессионное агрегирование пакетов, семантическая токенизация полей протоколов Modbus/TCP и OPC UA, эмбеддинги с позиционным кодированием, предварительное обучение в self-supervised режиме и последующее дообучение модели на задаче классификации сессий. Оценка подхода выполнена на наборе данных Malware in Smart Factory.</p></sec><sec><title>Результаты</title><p>Результаты. Разработано протокольно-ориентированное представление сетевых сессий, сохраняющее контекст обмена и особенности промышленных протоколов. На наборе данных Malware in Smart Factory трансформерная модель достигла F1-меры 99,3 % при обнаружении атак и превзошла модели LSTM и CNN; предварительное обучение дополнительно повысило качество классификации.</p><p>Теоретическая и практическая значимость. Предложенный подход формирует единый входной формат для анализа трафика Modbus/TCP и OPC UA и может использоваться при построении систем обнаружения аномалий и вторжений в малых промышленных сетях.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Relevance</title><p>Relevance. In modern Industrial Ethernet networks, anomaly and cyberattack detection requires taking the protocol semantics of network traffic into account. The relevance of this study is determined by the growing number of attacks on industrial control systems, the increasing integration of production and corporate networks, and the widespread use of industrial protocols, some of which were not originally designed to meet modern cybersecurity requirements. Traditional signature-based detection tools are limited in their ability to identify previously unknown and stealthy attacks, while approaches based solely on statistical flow characteristics often lose important information about communication logic, message roles, and application-layer features of industrial protocols. An additional challenge is the shortage of labeled data typical of real industrial environments, which complicates the training of robust attack detection models. </p></sec><sec><title>Objective</title><p>Objective. To develop and evaluate a method for representing industrial traffic as tokenized sequences suitable for transformer models in small Industrial Ethernet networks.</p></sec><sec><title>Methods</title><p>Methods. Flow- and session-level packet aggregation, semantic tokenization of Modbus/TCP and OPC UA protocol fields, embeddings with positional encoding, self-supervised pre-training, and subsequent fine-tuning of the model for session classification were used. The approach was evaluated on the Malware in Smart Factory dataset.</p></sec><sec><title>Results</title><p>Results. A protocol-aware representation of network sessions that preserves communication context and the specific features of industrial protocols was developed. On the Malware in Smart Factory dataset, the transformer model achieved an F1-score of 99.3 % in attack detection and outperformed LSTM and CNN models; pre-training further improved classification performance.</p><p>Theoretical and practical significance. The proposed approach provides a unified input format for analyzing Modbus/TCP and OPC UA traffic and can be used in anomaly and intrusion detection systems for small industrial networks.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>Industrial Ethernet</kwd><kwd>Modbus/TCP</kwd><kwd>OPC UA</kwd><kwd>трансформер</kwd><kwd>сетевой трафик</kwd><kwd>токенизация</kwd><kwd>позиционное кодирование</kwd><kwd>обнаружение вторжений</kwd><kwd>self-supervised обучение</kwd></kwd-group><kwd-group xml:lang="en"><kwd>Industrial Ethernet</kwd><kwd>Modbus/TCP</kwd><kwd>OPC UA</kwd><kwd>transformer models</kwd><kwd>network traffic</kwd><kwd>tokenization</kwd><kwd>positional encoding</kwd><kwd>intrusion detection</kwd><kwd>self-supervised learning</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Dehlaghi-Ghadim A., Moghadam H.M., Balador A., Hansson H. Anomaly Detection Dataset for Industrial Control Systems // IEEE Access. 2023. Vol. 11. PP. 107982–107996. DOI:10.1109/ACCESS.2023.3320928. EDN:ZMFCCE</mixed-citation><mixed-citation xml:lang="en">Dehlaghi-Ghadim A., Moghadam H.M., Balador A., Hansson H. Anomaly Detection Dataset for Industrial Control Systems. IEEE Access. 2023;11:107982–107996. DOI:10.1109/ACCESS.2023.3320928. EDN:ZMFCCE</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Shi Z., Luktarhan N., Song Y., Yin H. TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM // Entropy. 2023. Vol. 25. Iss. 5. P. 821. DOI:10.3390/e25050821. EDN:HNRTUY</mixed-citation><mixed-citation xml:lang="en">Shi Z., Luktarhan N., Song Y., Yin H. TSFN: A Novel Malicious Traffic Classification Method Using BERT and LSTM. Entropy. 2023;25(5):821. DOI:10.3390/e25050821. EDN:HNRTUY</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Afifi F., Zaki F., Hanif H., Aqil N., Anuar N.B. Transformer-based tokenization for IoT traffic classification across diverse network environments // PeerJ Computer Science. 2025. Vol. 11. P. e3126. DOI:10.7717/peerj-cs.3126. EDN:LFNGZM</mixed-citation><mixed-citation xml:lang="en">Afifi F., Zaki F., Hanif H., Aqil N., Anuar N.B. Transformer-based tokenization for IoT traffic classification across diverse network environments. PeerJ Computer Science. 2025;11(e3126). DOI:10.7717/peerj-cs.3126. EDN:LFNGZM</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Marino D.L., Wickramasinghe C.S., Rieger C., Manic M. Self-Supervised and Interpretable Anomaly Detection Using Network Transformers // IEEE Transactions on Industrial Informatics. 2025. Vol. 21. Iss. 5. PP. 4252–4261. DOI:10.1109/TII.2025.3534443. EDN:GDCTHE</mixed-citation><mixed-citation xml:lang="en">Marino D.L., Wickramasinghe C.S., Rieger C., Manic M. Self-Supervised and Interpretable Anomaly Detection Using Network Transformers. IEEE Transactions on Industrial Informatics. 2025;21(5):4252–4261. DOI:10.1109/TII.2025.3534443. EDN:GDCTHE</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Buczak A.L., Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection // IEEE Communications Surveys &amp; Tutorials. 2016. Vol. 18. Iss. 2. PP. 1153–1176. DOI:10.1109/COMST.2015.2494502</mixed-citation><mixed-citation xml:lang="en">Buczak A.L., Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys &amp; Tutorials. 2016. Vol. 18. Iss. 2. PP. 1153–1176. DOI:10.1109/COMST.2015.2494502</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Mitchell R., Chen I.-R. A survey of intrusion detection techniques for cyber-physical systems // ACM Computing Surveys. 2014. Vol. 46. Iss. 4. P. 55. DOI:10.1145/2542049. EDN:OQKUJE</mixed-citation><mixed-citation xml:lang="en">Mitchell R., Chen I.-R. A Survey of Intrusion Detection Techniques for Cyber-Physical Systems. ACM Computing Surveys. 2014;46(4):55. DOI:10.1145/2542049. EDN:OQKUJE</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Mathur A.P., Tippenhauer N.O. SWaT: a water treatment testbed for research and training on ICS security // Proceedings of the International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater, Vienna, Austria, 11 April 2016). IEEE, 2016. PP. 31–36. DOI:10.1109/CySWater.2016.7469060</mixed-citation><mixed-citation xml:lang="en">Mathur A.P., Tippenhauer N.O. SWaT: a water treatment testbed for research and training on ICS security. Proceedings of the International Workshop on Cyber-Physical Systems for Smart Water Networks, CySWater, 11 April 2016, Vienna, Austria. IEEE; 2016. p.31–36. DOI:10.1109/CySWater.2016.7469060</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Ahmed C.M., Palleti V.R., Mathur A.P. WADI: a water distribution testbed for research in the design of secure cyber physical systems // Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater, Pittsburgh, USA, 21 April 2017). New York: ACM, 2017. PP. 25–28. DOI:10.1145/3055366.3055375</mixed-citation><mixed-citation xml:lang="en">Ahmed C.M., Palleti V.R., Mathur A.P. WADI: a water distribution testbed for research in the design of secure cyber physical systems. Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, CyS-Water, 21 April 2017, Pittsburgh, USA. New York: ACM; 2017. p.25–28. DOI:10.1145/3055366.3055375</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Anthi E., Williams L., Burnap P., Jones K. A three-tiered intrusion detection system for industrial control systems // Journal of Cybersecurity. 2021. Vol. 7. Iss. 1. P. tyab006. DOI:10.1093/cybsec/tyab006. EDN:PZNPOU</mixed-citation><mixed-citation xml:lang="en">Anthi E., Williams L., Burnap P., Jones K. A three-tiered intrusion detection system for industrial control systems. Journal of Cybersecurity. 2021;7(1):tyab006. DOI:10.1093/cybsec/tyab006. EDN:PZNPOU</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Stouffer K., Pease M., Tang C., Zimmerman T., Pillitteri V., Lightman S., et al. NIST SP 800-82 Rev. 3. Guide to Operational Technology (OT) Security. 2023. DOI:10.6028/NIST.SP.800-82r3</mixed-citation><mixed-citation xml:lang="en">Stouffer K., Pease M., Tang C., Zimmerman T., Pillitteri V., Lightman S., et al. NIST SP 800-82 Rev. 3. Guide to Operational Technology (OT) Security. 2023. DOI:10.6028/NIST.SP.800-82r3</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Goldenberg I., Wool A. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems // International Journal of Critical Infrastructure Protection. 2013. Vol. 6. Iss. 2. PP. 63–75. DOI:10.1016/j.ijcip.2013.05.001</mixed-citation><mixed-citation xml:lang="en">Goldenberg I., Wool A. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection. 2013;6(2):63–75. DOI:10.1016/j.ijcip.2013.05.001</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Azab A., Khasawneh M., Alrabaee S., Choo K.K.R., Sarsour M. Network traffic classification: Techniques, datasets, and challenges // Digital Communications and Networks. 2024. Vol. 10. Iss. 3. PP. 676–692. DOI:10.1016/j.dcan.2022.09.009. EDN:BWGLKV</mixed-citation><mixed-citation xml:lang="en">Azab A., Khasawneh M., Alrabaee S., Choo K.K.R., Sarsour M. Network traffic classification: Techniques, datasets, and challenges. Digital Communications and Networks. 2024;10(3):676–692. DOI:10.1016/j.dcan.2022.09.009. EDN:BWGLKV</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection // Network and Distributed System Security Symposium (NDSS, San Diego, USA, 18–21 February 2018). 2018. DOI:10.14722/ndss.2018.23204</mixed-citation><mixed-citation xml:lang="en">Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Network and Distributed System Security Symposium, NDSS, 18–21 February 2018, San Diego, USA. 2018. DOI:10.14722/ndss.2018.23204</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Lotfollahi M., Siavoshani M.J., Zade R.S.H., Saberian M. Deep packet: a novel approach for encrypted traffic classification using deep learning // Soft Computing. 2020. Vol. 24. P. 1999–2012. DOI:10.1007/s00500-019-04030-2. EDN:XWSLQV</mixed-citation><mixed-citation xml:lang="en">Lotfollahi M., Siavoshani M.J., Zade R.S.H., Saberian M. Deep packet: a novel approach for encrypted traffic classifica-tion using deep learning. Soft Computing. 2020;24:1999–2012. DOI:10.1007/s00500-019-04030-2. EDN:XWSLQV</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Vaswani A., Shazeer N., Parmar N., Uszkoreit J., Jones L., Gomez A.N., et al. Attention Is All You Need // Advances in Neural Information Processing Systems. 2017. DOI:10.48550/arXiv.1706.03762</mixed-citation><mixed-citation xml:lang="en">Vaswani A., Shazeer N., Parmar N., Uszkoreit J., Jones L., Gomez A.N., et al. Attention Is All You Need. Advances in Neural Information Processing Systems. 2017. DOI:10.48550/arXiv.1706.03762</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Devlin J., Chang M.-W., Lee K., Toutanova K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding // Proceedings of the Conference of the North American Chapter of the Association for Computational Linguistics (NAACL, Minneapolis, USA, 2 – 7 June 2019). 2019. DOI:10.48550/arXiv.1810.04805</mixed-citation><mixed-citation xml:lang="en">Devlin J., Chang M.-W., Lee K., Toutanova K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics, NAACL, 2-7 June 2019, Minneapolis, USA. 2019. DOI:10.48550/arXiv.1810.04805</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Lin X., Xiong G., Gou G., Li Z., Shi J., Yu J. ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification // arXiv2202.06335. 2022. DOI:10.48550/arXiv.2202.06335</mixed-citation><mixed-citation xml:lang="en">Lin X., Xiong G., Gou G., Li Z., Shi J., Yu J. ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. arXiv2202.06335. 2022. DOI:10.48550/arXiv.2202.06335</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Meng X., Lin C., Wang Y., Zhang Y. NetGPT: Generative Pretrained Transformer for Network Traffic // arXiv:2304.09513. 2023. DOI:10.48550/arXiv.2304.09513</mixed-citation><mixed-citation xml:lang="en">Meng X., Lin C., Wang Y., Zhang Y. NetGPT: Generative Pretrained Transformer for Network Traffic. arXiv:2304.09513. 2023. DOI:10.48550/arXiv.2304.09513</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Brenner P., Fabini J., Offermanns M., Semper S., Zseby T. Malware communication in smart factories: A network traffic data set // Computer Networks. 2024. Vol. 255. P. 110804. DOI:10.1016/j.comnet.2024.110804. EDN:FZKJWH</mixed-citation><mixed-citation xml:lang="en">Brenner P., Fabini J., Offermanns M., Semper S., Zseby T. Malware communication in smart factories: A network traffic data set. Computer Networks. 2024;255:110804. DOI:10.1016/j.comnet.2024.110804. EDN:FZKJWH.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Malware in Smart Factory // TU Wien Research Data Repository. 2024. DOI:10.48436/2sv8c-ykc69</mixed-citation><mixed-citation xml:lang="en">Malware in Smart Factory. TU Wien Research Data Repository. 2024. DOI:10.48436/2sv8c-ykc69</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Paxson V. Bro: a system for detecting network intruders in real-time // Computer Networks. 1999. Vol. 31. Iss. 23–24. PP. 2435–2463. DOI:10.1016/S1389-1286(99)00112-7</mixed-citation><mixed-citation xml:lang="en">Paxson V. Bro: a system for detecting network intruders in real-time // Computer Networks. 1999. Vol. 31. Iss. 23–24. PP. 2435–2463. DOI:10.1016/S1389-1286(99)00112-7</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Dietmüller A., Ray S., Jacob R., Vanbever L. A new hope for network model generalization // Proceedings of the 21st ACM Workshop on Hot Topics in Networks (HotNets ’22, Austin, USA, 14–15 November 2022). New York: Association for Computing Machinery, 2022. PP. 152–159. DOI:10.1145/3563766.3564104</mixed-citation><mixed-citation xml:lang="en">Dietmüller A., Ray S., Jacob R., Vanbever L. A new hope for network model generalization. Proceedings of the 21st ACM Workshop on Hot Topics in Networks, HotNets ’22, 14–15 November 2022, Austin, USA. New York: Association for Computing Machinery; 2022. p.152–159. DOI:10.1145/3563766.3564104</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Teixeira A.M.H., Shames I., Sandberg H., Johansson K.H. Revealing stealthy attacks in control systems // Proceedings of the 50th Annual Allerton Conference on Communication, Control, and Computing (Monticello, USA, 01–05 October 2012). IEEE, 2012. PP. 1806–1813. DOI:10.1109/Allerton.2012.6483441</mixed-citation><mixed-citation xml:lang="en">Teixeira A.M.H., Shames I., Sandberg H., Johansson K.H. Revealing Stealthy Attacks in Control Systems. Proceedings of the 50th Annual Allerton Conference on Communication, Control, and Computing, 01–05 October 2012, Monticello, USA. IEEE; 2012. p.1806–1813. DOI:10.1109/Allerton.2012.6483441</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">Teixeira A., Shames I., Sandberg H., Johansson K.H. A secure control framework for resource-limited adversaries // Automatica. 2015. Vol. 51. PP. 135–148. DOI:10.1016/j.automatica.2014.10.067</mixed-citation><mixed-citation xml:lang="en">Teixeira A., Shames I., Sandberg H., Johansson K.H. A secure control framework for resource-limited adversaries. Automatica. 2015;51:135–148. DOI:10.1016/j.automatica.2014.10.067</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Kim J., Back J., Park G., Lee C., Shim H., Voulgaris P.G. Neutralizing zero dynamics attack on sampled-data systems via generalized holds // Automatica. 2020. Vol. 113. P. 108778. DOI:10.1016/j.automatica.2019.108778. EDN:GKLFBB</mixed-citation><mixed-citation xml:lang="en">Kim J., Back J., Park G., Lee C., Shim H., Voulgaris P.G. Neutralizing zero dynamics attack on sampled-data systems via generalized holds. Automatica. 2020;113:108778. DOI:10.1016/j.automatica.2019.108778. EDN:GKLFBB</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">Tuli S., Casale G., Jennings N.R. TranAD: Deep Transformer Networks for Anomaly Detection in Multivariate Time Series Data // Proceedings of the VLDB Endowment. 2022. Vol. 15. Iss. 6. PP. 1201–1214. DOI:10.14778/3514061.3514067. EDN:LPTVUQ</mixed-citation><mixed-citation xml:lang="en">Tuli S., Casale G., Jennings N.R. TranAD: Deep Transformer Networks for Anomaly Detection in Multivariate Time Series Data. Proceedings of the VLDB Endowment. 2022;15(6):1201–1214. DOI:10.14778/3514061.3514067. EDN:LPTVUQ</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
