{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T22:19:11Z","timestamp":1742941151017,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031459320"},{"type":"electronic","value":"9783031459337"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-45933-7_17","type":"book-chapter","created":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T09:02:37Z","timestamp":1700470957000},"page":"285-304","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Optimally Blending Honeypots into\u00a0Production Networks: Hardness and\u00a0Algorithms"],"prefix":"10.1007","author":[{"given":"Md Mahabub Uz","family":"Zaman","sequence":"first","affiliation":[]},{"given":"Liangde","family":"Tao","sequence":"additional","affiliation":[]},{"given":"Mark","family":"Maldonado","sequence":"additional","affiliation":[]},{"given":"Chang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Ahmed","family":"Sunny","sequence":"additional","affiliation":[]},{"given":"Shouhuai","family":"Xu","sequence":"additional","affiliation":[]},{"given":"Lin","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/0-387-34799-2_28","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 88","author":"LM Adleman","year":"1990","unstructured":"Adleman, L.M.: An abstract theory of computer viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354\u2013374. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_28"},{"key":"17_CR2","unstructured":"Aggarwal, P., Du, Y., Singh, K., Gonzalez, C.: Decoys in cybersecurity: an exploratory study to test the effectiveness of 2-sided deception. arXiv preprint arXiv:2108.11037 (2021)"},{"key":"17_CR3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-02110-8","volume-title":"Autonomous Cyber Deception","author":"E Al-Shaer","year":"2019","unstructured":"Al-Shaer, E., Wei, J., Kevin, W., Wang, C.: Autonomous Cyber Deception. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-02110-8"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Almotairi, S., Clark, A., Mohay, G., Zimmermann, J.: A technique for detecting new attacks in low-interaction honeypot traffic. In: Proceedings of International Conference on Internet Monitoring and Protection (2009)","DOI":"10.1109\/ICIMP.2009.9"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Almotairi, S.I., Clark, A.J., Mohay, G.M., Zimmermann, J.: Characterization of attackers\u2019 activities in honeypot traffic using principal component analysis. In: Proceedings of IFIP International Conference on Network and Parallel Computing (2008)","DOI":"10.1109\/NPC.2008.82"},{"key":"17_CR6","unstructured":"Anagnostakis, K.G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E.P., Keromytis, A.D.: Detecting targeted attacks using shadow honeypots. In: USENIX Security Symposium (2005)"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Anwar, A.H., Kamhoua, C.A., Leslie, N., Kiekintveld, C.D.: Honeypot allocation games over attack graphs for cyber deception. In: Game Theory and Machine Learning for Cyber Security (2021)","DOI":"10.1002\/9781119723950"},{"key":"17_CR8","doi-asserted-by":"publisher","DOI":"10.1515\/9781400829118","volume-title":"Advances in Behavioral Economics","author":"CF Camerer","year":"2004","unstructured":"Camerer, C.F., Loewenstein, G., Rabin, M.: Advances in Behavioral Economics. Princeton University Press, Princeton (2004)"},{"key":"17_CR9","doi-asserted-by":"crossref","unstructured":"Caprara, A., Carvalho, M., Lodi, A., Woeginger, G.J.: A complexity and approximability study of the bilevel knapsack problem. In: International Conference on Integer Programming and Combinatorial Optimization, IPCO (2013)","DOI":"10.1007\/978-3-642-36694-9_9"},{"issue":"10","key":"17_CR10","doi-asserted-by":"publisher","first-page":"1162","DOI":"10.1002\/sec.242","volume":"4","author":"TE Carroll","year":"2011","unstructured":"Carroll, T.E., Grosu, D.: A game theoretic investigation of deception in network security. Secur. Commun. Netw. 4(10), 1162\u20131172 (2011)","journal-title":"Secur. Commun. Netw."},{"key":"17_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.tcs.2012.08.008","volume":"497","author":"L Chen","year":"2013","unstructured":"Chen, L., Zhang, G.: Approximation algorithms for a bi-level knapsack problem. Theor. Comput. Sci. 497, 1\u201312 (2013)","journal-title":"Theor. Comput. Sci."},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Chen, Y., Huang, Z., Xu, S., Lai, Y.: Spatiotemporal patterns and predictability of cyberattacks. PLoS One 10(5) (2015)","DOI":"10.1371\/journal.pone.0124472"},{"issue":"1","key":"17_CR13","first-page":"645","volume":"3","author":"F Cohen","year":"2006","unstructured":"Cohen, F.: The use of deception techniques: honeypots and decoys. Handb. Inf. Secur. 3(1), 645\u2013655 (2006)","journal-title":"Handb. Inf. Secur."},{"key":"17_CR14","unstructured":"Dempe, S., Richter, K.: Bilevel programming with knapsack constraints. Central Eur. J. Oper. Res. (2000)"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Fang, X., Xu, M., Xu, S., Zhao,: A deep learning framework for predicting cyber attacks rates. EURASIP J. Inf. Secur. (2019)","DOI":"10.1186\/s13635-019-0090-6"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Galinkin, E., Carter, J., Mancoridis, S.: Evaluating attacker risk behavior in an internet of things ecosystem. In: GameSec (2021)","DOI":"10.1007\/978-3-030-90370-1_19"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Garg, N., Grosu, D.: Deception in honeynets: a game-theoretic analysis. In: IEEE SMC Information Assurance and Security Workshop (2007)","DOI":"10.1109\/IAW.2007.381921"},{"issue":"4","key":"17_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3214305","volume":"51","author":"X Han","year":"2018","unstructured":"Han, X., Kheir, N., Balzarotti, D.: Deception techniques in computer security: a research perspective. ACM Comput. Surv. 51(4), 1\u201336 (2018)","journal-title":"ACM Comput. Surv."},{"key":"17_CR19","unstructured":"Hillson, D., Murray-Webster, R.: Understanding and managing risk attitude (2007)"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Huang, L., Zhu, Q.: Adaptive honeypot engagement through reinforcement learning of semi-markov decision processes. In: GameSec (2019)","DOI":"10.1007\/978-3-030-32430-8_13"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Huang, L., Zhu, Q.: Farsighted risk mitigation of lateral movement using dynamic cognitive honeypots. In: GameSec (2020)","DOI":"10.1007\/978-3-030-64793-3_7"},{"issue":"1","key":"17_CR22","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/972374.972384","volume":"34","author":"C Kreibich","year":"2004","unstructured":"Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Comput. Commun. Rev. 34(1), 51\u201356 (2004)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Kulkarni, A.N., Fu, J., Luo, H., Kamhoua, C.A., Leslie, N.O.: Decoy allocation games on graphs with temporal logic objectives. In: GameSec (2020)","DOI":"10.1007\/978-3-030-64793-3_9"},{"issue":"1","key":"17_CR24","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1109\/TIFS.2010.2086445","volume":"6","author":"Z Li","year":"2010","unstructured":"Li, Z., Goyal, A., Chen, Y., Paxson, V.: Towards situational awareness of large-scale botnet probing events. IEEE Trans. Inf. Forensics Secur. 6(1), 175\u2013188 (2010)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Miah, M.S., Gutierrez, M., Veliz, O., Thakoor, O., Kiekintveld, C.: Concealing cyber-decoys using two-sided feature deception games. In: Hawaii International Conference on System Sciences, HICSS (2020)","DOI":"10.24251\/HICSS.2020.235"},{"key":"17_CR26","unstructured":"Morgan, S.: Cybercrime to cost the world \\$10.5 trillion annually by 2025 (2020). https:\/\/cybersecurityventures.com\/cybercrime-damages-6-trillion-by-2021\/"},{"key":"17_CR27","unstructured":"Nawrocki, M., W\u00e4hlisch, M., Schmidt, T.C., Keil, C., Sch\u00f6nfelder, J.: A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 (2016)"},{"key":"17_CR28","unstructured":"NYSDFS: Solarwinds cyber espionage attack and institutions\u2019 response (2021). https:\/\/www.dfs.ny.gov\/system\/files\/documents\/2021\/04\/solarwinds_report_2021.pdf"},{"issue":"4","key":"17_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3005714","volume":"49","author":"M Pendleton","year":"2016","unstructured":"Pendleton, M., Garcia-Lebron, R., Cho, J.H., Xu, S.: A survey on systems security metrics. ACM Comput. Surv. 49(4), 1\u201335 (2016)","journal-title":"ACM Comput. Surv."},{"issue":"14","key":"17_CR30","doi-asserted-by":"publisher","first-page":"2534","DOI":"10.1080\/02664763.2016.1257590","volume":"44","author":"C Peng","year":"2017","unstructured":"Peng, C., Xu, M., Xu, S., Hu, T.: Modeling and predicting extreme cyber attack rates via marked point processes. J. Appl. Stat. 44(14), 2534\u20132563 (2017)","journal-title":"J. Appl. Stat."},{"key":"17_CR31","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1016\/j.tcs.2019.10.007","volume":"799","author":"U Pferschy","year":"2019","unstructured":"Pferschy, U., Nicosia, G., Pacifici, A.: A stackelberg knapsack game with weight control. Theor. Comput. Sci. 799, 149\u2013159 (2019)","journal-title":"Theor. Comput. Sci."},{"key":"17_CR32","doi-asserted-by":"crossref","unstructured":"P\u00edbil, R., Lis\u1ef3, V., Kiekintveld, C., Bo\u0161ansk\u1ef3, B., P\u011bchou\u010dek, M.: Game theoretic model of strategic honeypot selection in computer networks. In: GameSec (2012)","DOI":"10.1007\/978-3-642-34266-0_12"},{"issue":"5","key":"17_CR33","doi-asserted-by":"publisher","first-page":"1256","DOI":"10.1016\/j.comnet.2006.09.005","volume":"51","author":"G Portokalidis","year":"2007","unstructured":"Portokalidis, G., Bos, H.: Sweetbait: zero-hour worm detection and containment using low-and high-interaction honeypots. Comput. Netw. 51(5), 1256\u20131274 (2007)","journal-title":"Comput. Netw."},{"key":"17_CR34","unstructured":"Pratt, J.W.: Risk aversion in the small and in the large. In: Uncertainty in Economics (1978)"},{"key":"17_CR35","unstructured":"Provos, N., et al.: A virtual honeypot framework. In: USENIX Security (2004)"},{"key":"17_CR36","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1016\/j.tcs.2015.06.027","volume":"595","author":"X Qiu","year":"2015","unstructured":"Qiu, X., Kern, W.: Improved approximation algorithms for a bilevel knapsack problem. Theor. Comput. Sci. 595, 120\u2013129 (2015)","journal-title":"Theor. Comput. Sci."},{"key":"17_CR37","unstructured":"Rodriguez, R.M., Xu, S.: Cyber social engineering kill chain. In: SciSec (2022)"},{"key":"17_CR38","doi-asserted-by":"crossref","unstructured":"Rowe, N.C., Rrushi, J., et al.: Introduction to cyberdeception (2016)","DOI":"10.1007\/978-3-319-41187-3"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Sun, Z., Xu, M., Schweitzer, K., Bateman, R., Kott, A., Xu, S.: Cyber attacks against enterprise networks: characterization, modeling and forecasting. In: Proceedings of SciSec 2023 (2023)","DOI":"10.1007\/978-3-031-45933-7_4"},{"key":"17_CR40","unstructured":"Thearling, K.: An introduction to data mining. Direct Mark. Maga. (1999)"},{"key":"17_CR41","unstructured":"Thomas, S.: Cyber deception: building the scientific foundation (2016)"},{"issue":"25","key":"17_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4108\/eai.11-5-2021.169912","volume":"7","author":"V Trieu-Do","year":"2021","unstructured":"Trieu-Do, V., Garcia-Lebron, R., Xu, M., Xu, S., Feng, Y.: Characterizing and leveraging granger causality in cybersecurity: framework and case study. ICST Trans. Secur. Saf. 7(25), 1\u201318 (2021)","journal-title":"ICST Trans. Secur. Saf."},{"key":"17_CR43","doi-asserted-by":"crossref","unstructured":"Wagener, G., State, R., Engel, T., Dulaunoy, A.: Adaptive and self-configurable honeypots. In: IFIP IEEE International Symposium on Integrated Network Management (IM) (2011)","DOI":"10.1109\/INM.2011.5990710"},{"issue":"2","key":"17_CR44","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSP.2018.1870866","volume":"16","author":"C Wang","year":"2018","unstructured":"Wang, C., Lu, Z.: Cyber deception: overview and the road ahead. IEEE Secur. Priv. 16(2), 80\u201385 (2018)","journal-title":"IEEE Secur. Priv."},{"key":"17_CR45","doi-asserted-by":"publisher","first-page":"35792","DOI":"10.1109\/ACCESS.2020.2974786","volume":"8","author":"S Wang","year":"2020","unstructured":"Wang, S., Pei, Q., Wang, J., Tang, G., Zhang, Y., Liu, X.: An intelligent deployment policy for deception resources based on reinforcement learning. IEEE Access 8, 35792\u201335804 (2020)","journal-title":"IEEE Access"},{"issue":"4","key":"17_CR46","doi-asserted-by":"publisher","first-page":"508","DOI":"10.1080\/00401706.2016.1256841","volume":"59","author":"M Xu","year":"2017","unstructured":"Xu, M., Hua, L., Xu, S.: A vine copula model for predicting the effectiveness of cyber defense early-warning. Technometrics 59(4), 508\u2013520 (2017)","journal-title":"Technometrics"},{"key":"17_CR47","doi-asserted-by":"publisher","unstructured":"Xu, S.: Cybersecurity dynamics: a foundation for the science of cybersecurity. In: Lu, Z., Wang, C. (eds.) Proactive and Dynamic Network Defense, vol. 74, Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-10597-6_1","DOI":"10.1007\/978-3-030-10597-6_1"},{"key":"17_CR48","doi-asserted-by":"crossref","unstructured":"Xu, S.: The cybersecurity dynamics way of thinking and landscape (invited paper). In: ACM Workshop on Moving Target Defense (2020)","DOI":"10.1145\/3411496.3421225"},{"key":"17_CR49","doi-asserted-by":"crossref","unstructured":"Xu, S.: Sarr: a cybersecurity metrics and quantification framework (keynote). In: International Conference Science of Cyber Security (SciSec 2021), pp. 3\u201317 (2021)","DOI":"10.1007\/978-3-030-89137-4_1"},{"key":"17_CR50","doi-asserted-by":"crossref","unstructured":"Yao, A.: New algorithms for bin packing. J. ACM 27(2) (1980)","DOI":"10.1145\/322186.322187"},{"issue":"11","key":"17_CR51","doi-asserted-by":"publisher","first-page":"1775","DOI":"10.1109\/TIFS.2013.2279800","volume":"8","author":"Z Zhan","year":"2013","unstructured":"Zhan, Z., Xu, M., Xu, S.: Characterizing honeypot-captured cyber attacks: statistical framework and case study. IEEE Trans. Inf. Forensics Secur. 8(11), 1775\u20131789 (2013)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"8","key":"17_CR52","doi-asserted-by":"publisher","first-page":"1666","DOI":"10.1109\/TIFS.2015.2422261","volume":"10","author":"Z Zhan","year":"2015","unstructured":"Zhan, Z., Xu, M., Xu, S.: Predicting cyber attack rates with extreme values. IEEE Trans. Inf. Forensics Secur. 10(8), 1666\u20131677 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"4","key":"17_CR53","doi-asserted-by":"publisher","first-page":"2460","DOI":"10.1109\/COMST.2021.3102874","volume":"23","author":"M Zhu","year":"2021","unstructured":"Zhu, M., Anwar, A.H., Wan, Z., Cho, J.H., Kamhoua, C.A., Singh, M.P.: A survey of defensive deception: approaches using game theory and machine learning. IEEE Commun. Surv. Tutor. 23(4), 2460\u20132493 (2021)","journal-title":"IEEE Commun. Surv. Tutor."}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-45933-7_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,26]],"date-time":"2023-12-26T01:12:14Z","timestamp":1703553134000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-45933-7_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031459320","9783031459337"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-45933-7_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/scisec.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}