{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T02:49:52Z","timestamp":1777949392440,"version":"3.51.4"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032160881","type":"print"},{"value":"9783032160898","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-16089-8_23","type":"book-chapter","created":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T23:30:47Z","timestamp":1777851047000},"page":"363-381","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Salty Seagull: A VSAT Honeynet to\u00a0Follow the\u00a0Bread Crumb of\u00a0Attacks in\u00a0Ship Networks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1280-6568","authenticated-orcid":false,"given":"Georgios Michail","family":"Makrakis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-8334-0655","authenticated-orcid":false,"given":"Jeroen","family":"Pijpker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4372-0301","authenticated-orcid":false,"given":"Remco","family":"Hassing","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-5406-9185","authenticated-orcid":false,"given":"Rob","family":"Loves","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6511-9382","authenticated-orcid":false,"given":"Stephen","family":"McCombie","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"23_CR1","unstructured":"AG, D.T.: T-pot: A multi-honeypot platform. Honeynet Project (2025)"},{"key":"23_CR2","doi-asserted-by":"publisher","unstructured":"Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S., Michaloliakos, M.: Cybersecurity challenges in the maritime sector. Network 2(1), 123\u2013138 (2022). https:\/\/doi.org\/10.3390\/network2010009, https:\/\/www.mdpi.com\/2673-8732\/2\/1\/9","DOI":"10.3390\/network2010009"},{"key":"23_CR3","unstructured":"Brouwer, S.: HoneyShip: A Maritime VSAT Honeypot to Collect Cyberattacks and Analyze Threats. Master\u2019s thesis, Rijksuniversiteit Groningen, 9712 CP Groningen, Netherlands (2024)"},{"key":"23_CR4","unstructured":"Cheswick, B.: An evening with berferd in which a cracker is lured, endured, and studied. In: Proceedings of Winter USENIX Conference, San Francisco, pp. 20\u201324 (1992)"},{"key":"23_CR5","unstructured":"CYDOME: Lab dookhtegan cyber attack on iranian oil tankers disrupts operations. https:\/\/cydome.io\/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations\/. Accessed 27 Apr 2025"},{"issue":"4","key":"23_CR6","doi-asserted-by":"publisher","first-page":"2351","DOI":"10.1109\/COMST.2021.3106669","volume":"23","author":"J Franco","year":"2021","unstructured":"Franco, J., Aris, A., Canberk, B., Uluagac, A.S.: A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun. Surv. Tutor. 23(4), 2351\u20132383 (2021)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"23_CR7","unstructured":"Hilt, S., Maggi, F., Perine, C., Remorin, L., R\u00f6sler, M., Vosseler, R.: Caught in the act: Running a realistic factory honeypot to capture real threats. Trend Micro Research (2020)"},{"key":"23_CR8","unstructured":"IACS: Recommendations on voyage data recorder. https:\/\/web.archive.org\/web\/20230202060115\/https:\/\/iacs.org.uk\/download\/1871. Accessed 01 Apr 2025"},{"key":"23_CR9","unstructured":"International Maritime Organization (IMO): Resolution MSC.333(90) (Adopted on 22 May 2012): Adoption of Revised Performance Standards for Shipborne Voyage Data Recorders (VDRs). https:\/\/wwwcdn.imo.org\/localresources\/en\/OurWork\/Safety\/Documents\/333(90).pdf (2012), iMO: London, UK"},{"key":"23_CR10","unstructured":"International Maritime Organization (IMO): International Convention for the Safety of Life at Sea (SOLAS), 1974. International Maritime Organization, London, UK (2021), available online: https:\/\/www.imo.org\/en\/About\/Conventions\/Pages\/International-Convention-for-the-Safety-of-Life-at-Sea-(SOLAS),-1974.aspx"},{"key":"23_CR11","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X.: \u201cout-of-the-box\u201d monitoring of VM-based high-interaction honeypots. In: International Workshop on Recent Advances in Intrusion Detection, pp. 198\u2013218. Springer (2007)","DOI":"10.1007\/978-3-540-74320-0_11"},{"key":"23_CR12","doi-asserted-by":"publisher","unstructured":"Kempinski, S., Ichaarine, S., Sciancalepore, S., Zambon, E.: ICSvertase: A framework for purpose-based design and classification of ICS honeypots. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, pp. 1\u201310. ACM, Benevento Italy (Aug 2023). https:\/\/doi.org\/10.1145\/3600160.3605020, https:\/\/dl.acm.org\/doi\/10.1145\/3600160.3605020","DOI":"10.1145\/3600160.3605020"},{"key":"23_CR13","doi-asserted-by":"crossref","unstructured":"Koniaris, I., Papadimitriou, G., Nicopolitidis, P.: Analysis and visualization of ssh attacks using honeypots. In: Eurocon 2013, pp. 65\u201372. IEEE (2013)","DOI":"10.1109\/EUROCON.2013.6624967"},{"key":"23_CR14","unstructured":"Mahmoud, R.V., Pedersen, J.M.: Deploying a university honeypot: A case study. In: CEUR Workshop Proceedings, vol.\u00a02443, pp. 27\u201338. CEUR Workshop Proceedings (2019)"},{"key":"23_CR15","doi-asserted-by":"publisher","unstructured":"Makrakis, G.M., Kolias, C., Kambourakis, G., Rieger, C., Benjamin, J.: Industrial and critical infrastructure security: technical analysis of real-life security incidents. IEEE Access 9, 165295\u2013165325 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3133348, https:\/\/ieeexplore.ieee.org\/document\/9638617\/","DOI":"10.1109\/ACCESS.2021.3133348"},{"key":"23_CR16","unstructured":"Martin, L., Benson, B.: Ics\/ot cybersecurity considerations for maritime transportation (2023), https:\/\/hub.dragos.com\/hubfs\/116-Whitepapers\/Dragos_WP_ICS_OTCybersecuritMaritimeTransp_Final%20(1).pdf. Accessed 03 Apr 2025"},{"key":"23_CR17","unstructured":"MITRE: Cve-2018-5266. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2018-5266. Accessed 03 Apr 2025"},{"key":"23_CR18","unstructured":"MITRE: Cve-2018-5267. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2018-5267. Accessed 03 Apr 2025"},{"key":"23_CR19","unstructured":"MITRE: MITRE ATT&CK\u00ae. https:\/\/attack.mitre.org\/. Accessed 03 Apr 2025"},{"key":"23_CR20","unstructured":"Oosterhof, M.: Cowrie ssh\/telnet honeypot. https:\/\/github.com\/micheloosterhof\/cowrie. Accessed 01 May 2025"},{"key":"23_CR21","doi-asserted-by":"crossref","unstructured":"Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A tale of sea and sky on the security of maritime vsat communications. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1384\u20131400. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00056"},{"key":"23_CR22","doi-asserted-by":"crossref","unstructured":"Pijpker, J., McCombie, S.J.: A ship honeynet to gather cyber threat intelligence for the maritime sector. In: 2023 IEEE 48th Conference on Local Computer Networks (LCN), pp.\u00a01\u20136. IEEE (2023)","DOI":"10.1109\/LCN58197.2023.10223347"},{"key":"23_CR23","doi-asserted-by":"crossref","unstructured":"Pitropakis, N., Logothetis, M., Andrienko, G., Stefanatos, J., Karapistoli, E., Lambrinoudakis, C.: Towards the creation of a threat intelligence framework for maritime infrastructures. In: International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, pp. 53\u201368. Springer (2019)","DOI":"10.1007\/978-3-030-42048-2_4"},{"key":"23_CR24","doi-asserted-by":"crossref","unstructured":"Rajaram, P., Goh, M., Zhou, J.: Guidelines for cyber risk management in shipboard operational technology systems. J. Phys.: Conf. Series. 2311, 012002. IOP Publishing (2022)","DOI":"10.1088\/1742-6596\/2311\/1\/012002"},{"key":"23_CR25","unstructured":"Raymond, E.S.: Nmea revealed. URL https:\/\/gpsd.gitlab.io\/gpsd\/NMEA.html (2019)"},{"key":"23_CR26","unstructured":"Rist, L., Vestergaard, J., Haslinger, D., Pasquale, A., Smith, J.: Conpot ics\/scada honeypot. Honeynet Project (conpot. org) (2013)"},{"key":"23_CR27","first-page":"2","volume":"4","author":"L Rist","year":"2010","unstructured":"Rist, L., Vetsch, S., Kossin, M., Mauer, M.: Know your tools: Glastopf-a dynamic, low-interaction web application honeypot. Honeynet Project 4, 2 (2010)","journal-title":"Honeynet Project"},{"key":"23_CR28","unstructured":"Rivieramm: Fishing vessel owners turn to vsat. https:\/\/www.rivieramm.com\/opinion\/opinion\/fishing-vessel-owners-turn-to-vsat-35069. Accessed 01 Apr 2025"},{"key":"23_CR29","unstructured":"SeaTel: Document ima cli protocol specification. https:\/\/www.yumpu.com\/en\/document\/read\/50984924\/document-ima-cli-protocol-specification-livewire-connections-ltd. Accessed 03 Apr 2025"},{"key":"23_CR30","volume-title":"Honeypots: Tracking Hackers","author":"L Spitzner","year":"2002","unstructured":"Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc (2002)"},{"issue":"2","key":"23_CR31","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1109\/MSECP.2003.1193207","volume":"1","author":"L Spitzner","year":"2003","unstructured":"Spitzner, L.: The honeynet project: trapping the hackers. IEEE Secur. Priv. 1(2), 15\u201323 (2003)","journal-title":"IEEE Secur. Priv."},{"key":"23_CR32","doi-asserted-by":"crossref","unstructured":"Srinivasa, S., Pedersen, J.M., Vasilomanolakis, E.: Deceptive directories and \u201cvulnerable\u201d logs: a honeypot study of the ldap and log4j attack landscape. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 442\u2013447. IEEE (2022)","DOI":"10.1109\/EuroSPW55150.2022.00052"},{"key":"23_CR33","doi-asserted-by":"crossref","unstructured":"Stoll, C.: The cuckoo\u2019s egg: tracking a spy through the maze of computer espionage. Simon and Schuster (1989)","DOI":"10.1063\/1.2810663"},{"key":"23_CR34","doi-asserted-by":"crossref","unstructured":"Tambe, A., et al.: Detection of threats to Iot devices using scalable vpn-forwarded honeypots. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pp. 85\u201396 (2019)","DOI":"10.1145\/3292006.3300024"},{"key":"23_CR35","unstructured":"Tools, D.: Web honeypot. https:\/\/github.com\/DinoTools\/dionaea\/. Accessed 01 Apr 2025"},{"key":"23_CR36","unstructured":"transmitterdan: Vdrplayer - play voyage data recorder files over ip link., https:\/\/github.com\/transmitterdan\/VDRplayer. Accessed 01 Apr 2025"},{"key":"23_CR37","doi-asserted-by":"crossref","unstructured":"Willbold, J., Schloegel, M., Bisping, R., Strohmeier, M., Holz, T., Lenders, V.: Vsaster: uncovering inherent security issues in current vsat system practices. In: Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 288\u2013299 (2024)","DOI":"10.1145\/3643833.3656139"},{"key":"23_CR38","doi-asserted-by":"crossref","unstructured":"Yigit, Y., Kinaci, O.K., Duong, T.Q., Canberk, B.: Twinpot: digital twin-assisted honeypot for cyber-secure smart seaports. In: 2023 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 740\u2013745. IEEE (2023)","DOI":"10.1109\/ICCWorkshops57953.2023.10283756"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2025 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-16089-8_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T23:30:50Z","timestamp":1777851050000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-16089-8_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032160881","9783032160898"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-16089-8_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}