{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,20]],"date-time":"2025-09-20T18:54:34Z","timestamp":1758394474552,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030415785"},{"type":"electronic","value":"9783030415792"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-41579-2_5","type":"book-chapter","created":{"date-parts":[[2020,2,17]],"date-time":"2020-02-17T16:09:09Z","timestamp":1581955749000},"page":"71-88","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Characterizing Internet-Scale ICS Automated Attacks Through Long-Term Honeypot Data"],"prefix":"10.1007","author":[{"given":"Jianzhou","family":"You","sequence":"first","affiliation":[]},{"given":"Shichao","family":"Lv","sequence":"additional","affiliation":[]},{"given":"Yichen","family":"Hao","sequence":"additional","affiliation":[]},{"given":"Xuan","family":"Feng","sequence":"additional","affiliation":[]},{"given":"Ming","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Limin","family":"Sun","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,2,18]]},"reference":[{"key":"5_CR1","unstructured":"Andreeva, O., et al.: Industrial Control Systems and Their Online Availability (2016)"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Antonioli, D., Agrawal, A., Tippenhauer, N.O.: Towards high-interaction virtual ICS honeypots-in-a-box. In: Proceedings of ACM Workshop on Cyber-Physical Systems Security and Privacy (2016)","DOI":"10.1145\/2994487.2994493"},{"issue":"2","key":"5_CR3","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1016\/j.ijcip.2014.03.001","volume":"7","author":"R Bodenheim","year":"2014","unstructured":"Bodenheim, R., Butts, J., Dunlap, S., Mullins, B.: Evaluation of the ability of the shodan search engine to identify internet-facing industrial control devices. Int. J. Crit. Infrastruct. Prot. 7(2), 114\u2013123 (2014)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"5_CR4","volume-title":"SCADA: Supervisory Control and Data Acquisition","author":"SA Boyer","year":"2009","unstructured":"Boyer, S.A.: SCADA: Supervisory Control and Data Acquisition. International Society of Automation, Research Triangle (2009)"},{"key":"5_CR5","unstructured":"Boys, W.: Back to basics: SCADA. Automation TV: Control Global-Control Design (2009)"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-319-10329-7_12","volume-title":"Smart Grid Security","author":"DI Buza","year":"2014","unstructured":"Buza, D.I., Juh\u00e1sz, F., Miru, G., F\u00e9legyh\u00e1zi, M., Holczer, T.: CryPLH: protecting smart energy systems from targeted attacks with a PLC honeypot. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 181\u2013192. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10329-7_12"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1007\/978-3-319-73830-7_30","volume-title":"Smart Computing and Communication","author":"J Cao","year":"2018","unstructured":"Cao, J., Li, W., Li, J., Li, B.: DiPot: a distributed industrial honeypot system. In: Qiu, M. (ed.) SmartCom 2017. LNCS, vol. 10699, pp. 300\u2013309. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-73830-7_30"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-030-00006-6_27","volume-title":"Cloud Computing and Security","author":"C Ding","year":"2018","unstructured":"Ding, C., Zhai, J., Dai, Y.: An improved ICS honeypot based on SNAP7 and IMUNES. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICCCS 2018, Part I. LNCS, vol. 11063, pp. 303\u2013313. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00006-6_27"},{"key":"5_CR9","unstructured":"Durumeric, Z., Bailey, M., Halderman, J.A.: An internet-wide view of internet-wide scanning. In: Proceedings of USENIX Security Symposium (USENIX Security) (2014)"},{"key":"5_CR10","unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Presented as part of the 22nd $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 13), pp. 605\u2013620 (2013)"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Fachkha, C., Bou-Harb, E., Keliris, A., Memon, N.D., Ahamad, M.: Internet-scale probing of CPS: inference, characterization and orchestration analysis. In: Proceedings of Annual Network and Distributed System Security Symposium (NDSS) (2017)","DOI":"10.14722\/ndss.2017.23149"},{"key":"5_CR12","unstructured":"Feng, X., Li, Q., Wang, H., Sun, L.: Characterizing industrial control system devices on the internet. In: Proceedings of IEEE International Conference on Network Protocols (ICNP) (2016)"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Gunathilaka, P., Mashima, D., Chen, B.: Softgrid: a software-based smart grid testbed for evaluating substation cybersecurity solutions. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, pp. 113\u2013124. ACM (2016)","DOI":"10.1145\/2994487.2994494"},{"key":"5_CR14","unstructured":"Holczer, T., F\u00e9legyh\u00e1zi, M., Butty\u00e1n, L.: The design and implementation of a PLC honeypot for detecting cyber attacks against industrial control systems (2015)"},{"key":"5_CR15","first-page":"37","volume":"4","author":"K Ko\u0142ty\u015b","year":"2015","unstructured":"Ko\u0142ty\u015b, K., Gajewski, R.: Shape: a honeypot for electric power substation. J. Telecommun. Inf. Technol. 4, 37\u201343 (2015)","journal-title":"J. Telecommun. Inf. Technol."},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Lau, S., Klick, J., Arndt, S., Roth, V.: Poster: towards highly interactive honeypots for industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1823\u20131825. ACM (2016)","DOI":"10.1145\/2976749.2989063"},{"issue":"3","key":"5_CR17","doi-asserted-by":"publisher","first-page":"2178","DOI":"10.1109\/JIOT.2018.2826558","volume":"5","author":"Q Li","year":"2018","unstructured":"Li, Q., Feng, X., Wang, H., Sun, L.: Understanding the usage of industrial control system devices on the internet. IEEE Internet Things J. 5(3), 2178\u20132189 (2018)","journal-title":"IEEE Internet Things J."},{"key":"5_CR18","volume-title":"Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning","author":"GF Lyon","year":"2009","unstructured":"Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure, Sunnyvale (2009)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Mashima, D., Chen, B., Gunathilaka, P., Tjiong, E.L.: Towards a grid-wide, high-fidelity electrical substation honeynet. In: 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 89\u201395. IEEE (2017)","DOI":"10.1109\/SmartGridComm.2017.8340689"},{"issue":"7","key":"5_CR20","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1145\/360248.360253","volume":"19","author":"RM Metcalfe","year":"1976","unstructured":"Metcalfe, R.M., Boggs, D.R.: Ethernet: distributed packet switching for local computer networks. Commun. ACM 19(7), 395\u2013404 (1976)","journal-title":"Commun. ACM"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Mirian, A., et al.: An internet-wide view of ICS devices. In: Proceedings of IEEE Annual Conference on Privacy, Security and Trust (PST) (2016)","DOI":"10.1109\/PST.2016.7906943"},{"key":"5_CR22","unstructured":"Nisrine, M., et al.: A security approach for social networks based on honeypots. In: 2016 4th IEEE International Colloquium on Information Science and Technology (CiSt), pp. 638\u2013643. IEEE (2016)"},{"key":"5_CR23","unstructured":"Oosterhof, M.: Cowrie honeypot. https:\/\/www.cowrie.org\/. Accessed 16 Sept 2019"},{"key":"5_CR24","volume-title":"Wireshark & Ethereal Network Protocol Analyzer Toolkit","author":"A Orebaugh","year":"2006","unstructured":"Orebaugh, A., Ramirez, G., Beale, J.: Wireshark & Ethereal Network Protocol Analyzer Toolkit. Elsevier, Amsterdam (2006)"},{"key":"5_CR25","unstructured":"Pothamsetty, V., Franz, M.: SCADA honeynet project: building honeypots for industrial networks. SCADA Honeynet Proj. 15. http:\/\/scadahoneynet.sourceforge.net\/. Accessed 16 Sept 2019"},{"key":"5_CR26","unstructured":"Provos, N.: Honeyd-a virtual honeypot daemon. In: 10th DFN-CERT Workshop, Hamburg, Germany, vol. 2, p. 4 (2003)"},{"key":"5_CR27","unstructured":"Research., T.A.: Opencanary. http:\/\/opencanary.org. Accessed 16 Sept 2019"},{"key":"5_CR28","unstructured":"Rist, L., Vestergaard, J., Haslinger, D., Pasquale, A., Smith, J.: Conpot ICS\/SCADA honeypot. Honeynet Project (conpot. org) (2013)"},{"key":"5_CR29","unstructured":"Schneider Electric USA, Inc.: Modbus\/TCP security. http:\/\/modbus.org\/docs\/MB-TCP-Security-v21_2018-07-24.pdf. Accessed 15 Sept 2019"},{"key":"5_CR30","unstructured":"Serbanescu, A.V., Obermeier, S., Yu, D.Y.: A flexible architecture for industrial control system honeypots. In: 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), vol. 4, pp. 16\u201326. IEEE (2015)"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Serbanescu, A.V., Obermeier, S., Yu, D.Y.: ICS threat analysis using a large-scale honeynet. In: Proceedings of International Symposium for ICS & SCADA Cyber Security Research (2015)","DOI":"10.14236\/ewic\/ICS2015.3"},{"key":"5_CR32","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/978-3-319-30222-5_9","volume-title":"E-Business and Telecommunications","author":"AV Serbanescu","year":"2016","unstructured":"Serbanescu, A.V., Obermeier, S., Yu, D.-Y.: A scalable honeynet architecture for industrial control systems. In: Obaidat, M.S., Lorenz, P. (eds.) ICETE 2015. CCIS, vol. 585, pp. 179\u2013200. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30222-5_9"},{"key":"5_CR33","doi-asserted-by":"publisher","first-page":"72234","DOI":"10.1109\/ACCESS.2019.2920239","volume":"7","author":"L Shi","year":"2019","unstructured":"Shi, L., Li, Y., Liu, T., Liu, J., Shan, B., Chen, H.: Dynamic distributed honeypot based on blockchain. IEEE Access 7, 72234\u201372246 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2920239","journal-title":"IEEE Access"},{"key":"5_CR34","series-title":"Intelligent Systems, Control and Automation: Science and Engineering","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-319-18302-2_16","volume-title":"Cyber Security: Analytics, Technology and Automation","author":"P Sim\u00f5es","year":"2015","unstructured":"Sim\u00f5es, P., Cruz, T., Proen\u00e7a, J., Monteiro, E.: Specialized honeypots for SCADA systems. In: Lehto, M., Neittaanm\u00e4ki, P. (eds.) Cyber Security: Analytics, Technology and Automation. ISCA, vol. 78, pp. 251\u2013269. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18302-2_16"},{"key":"5_CR35","unstructured":"Spitzner, L.: Honeypots: catching the insider threat. In: 19th Annual Computer Security Applications Conference, 2003, Proceedings, pp. 170\u2013179. IEEE (2003)"},{"issue":"82","key":"5_CR36","first-page":"16","volume":"800","author":"K Stouffer","year":"2011","unstructured":"Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16\u201316 (2011)","journal-title":"NIST Spec. Publ."},{"key":"5_CR37","unstructured":"Swales, A., et al.: Open modbus\/TCP specification. Schneid. Electric 29. http:\/\/www.dankohn.info\/projects\/Fieldpoint_module\/Open_ModbusTCP_Standard.pdf. Accessed 15 Sept 2019"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Vasilomanolakis, E., Srinivasa, S., Cordero, C.G., M\u00fchlh\u00e4user, M.: Multi-stage attack detection and signature generation with ICS honeypots. In: NOMS 2016\u20132016 IEEE\/IFIP Network Operations and Management Symposium, pp. 1227\u20131232. IEEE (2016)","DOI":"10.1109\/NOMS.2016.7502992"},{"key":"5_CR39","unstructured":"Vetterl, A., Clayton, R.: Bitter harvest: systematically fingerprinting low-and medium-interaction honeypots at internet scale. In: 12th $$\\{$$USENIX$$\\}$$ Workshop on Offensive Technologies ($$\\{$$WOOT$$\\}$$ 18) (2018)"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Wafi, H., Fiade, A., Hakiem, N., Bahaweres, R.B.: Implementation of a modern security systems honeypot honey network on wireless networks. In: 2017 International Young Engineers Forum (YEF-ECE), pp. 91\u201396. IEEE (2017)","DOI":"10.1109\/YEF-ECE.2017.7935647"},{"key":"5_CR41","unstructured":"Wiens, T.: S7comm wireshark dissector plugin (2014)"},{"key":"5_CR42","doi-asserted-by":"crossref","unstructured":"Zhao, C., Qin, S.: A research for high interactive honepot based on industrial service. In: Proceedings of IEEE International Conference on Computer and Communications (ICCC) (2017)","DOI":"10.1109\/CompComm.2017.8323069"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-41579-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,26]],"date-time":"2020-11-26T20:10:15Z","timestamp":1606421415000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-41579-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030415785","9783030415792"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-41579-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"18 February 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Beijing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy Chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"199","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}