{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T23:38:16Z","timestamp":1776641896806,"version":"3.51.2"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032161642","type":"print"},{"value":"9783032161659","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-16165-9_8","type":"book-chapter","created":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T22:46:06Z","timestamp":1776638766000},"page":"125-145","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Comparative Study of\u00a0ICS Honeypot Deployments"],"prefix":"10.1007","author":[{"given":"Frederik","family":"Ondrikov","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Denis","family":"Donadel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Francesco","family":"Lupia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Massimo","family":"Merro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"dos Santos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanuele","family":"Zambon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicola","family":"Zannone","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Alata, E., Nicomette, V., Ka\u00e2niche, M., Dacier, M., Herrb, M.: Lessons learned from the deployment of a high-interaction honeypot. In: European Dependable Computing Conference, pp. 39\u201346. IEEE (2006)","DOI":"10.1109\/EDCC.2006.17"},{"key":"8_CR2","unstructured":"Autonomy. https:\/\/autonomylogic.com\/. Accessed 07 June 2025"},{"key":"8_CR3","unstructured":"Bieker, M.C., Pilkington, D.: Deploying an ICS honeypot in a cloud computing environment and comparatively analyzing results against physical network deployment. Master\u2019s thesis, Naval Postgraduate School, Monterey, CA (2020)"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Bloomfield, R., Gashi, I., Povyakalo, A., Stankovic, V.: Comparison of empirical data from two honeynets and a distributed honeypot network. In: International Symposium on Software Reliability Engineering, pp. 219\u2013228. IEEE (2008)","DOI":"10.1109\/ISSRE.2008.62"},{"key":"8_CR5","unstructured":"Bove, D.: Using honeypots to detect and analyze attack patterns on cloud infrastructures. Master\u2019s thesis, Friedrich-Alexander University (2018)"},{"issue":"4","key":"8_CR6","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1109\/MC.2011.115","volume":"44","author":"TM Chen","year":"2011","unstructured":"Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91\u201393 (2011)","journal-title":"Computer"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Dodson, M., Beresford, A.R., Vingaard, M.: Using global honeypot networks to detect targeted ICS attacks. In: International Conference on Cyber Conflict, pp. 275\u2013291. IEEE (2020)","DOI":"10.23919\/CyCon49761.2020.9131734"},{"key":"8_CR8","unstructured":"GreyNoise. https:\/\/www.greynoise.io. Accessed 07 June 2025"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Guarnizo, J.D., et al.: Siphon: towards scalable high-interaction physical honeypots. In: Workshop on Cyber-Physical System Security, pp. 57\u201368 (2017)","DOI":"10.1145\/3055186.3055192"},{"key":"8_CR10","unstructured":"IP-API. IP Geolocation API. https:\/\/ip-api.com. Accessed 07 June 2025"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Jicha, A., Patton, M., Chen, H.: Scada honeypots: an in-depth analysis of conpot. In: Conference on Intelligence and Security Informatics, pp. 196\u2013198. IEEE (2016)","DOI":"10.1109\/ISI.2016.7745468"},{"issue":"7","key":"8_CR12","doi-asserted-by":"publisher","first-page":"2433","DOI":"10.3390\/s21072433","volume":"21","author":"C Kelly","year":"2021","unstructured":"Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S., Buchanan, W.J.: A comparative analysis of honeypots on different cloud platforms. Sensors 21(7), 2433 (2021)","journal-title":"Sensors"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Kempinski, S., Ichaarine, S., Sciancalepore, S., Zambon, E.: Icsvertase: a framework for purpose-based design and classification of ICS honeypots. In: International Conference on Availability, Reliability and Security, pp. 1\u201310. ACM (2023)","DOI":"10.1145\/3600160.3605020"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Kocaogullar, Y., Cetin, O., Arief, B., Brierley, C., Pont, J., Hernandez-Castro, J.: Hunting high or low: evaluating the effectiveness of high-interaction and low-interaction honeypots. In: Socio-Technical Aspects in Security, pp. 14\u201330. Springer, Cham (2025)","DOI":"10.1007\/978-3-031-83072-3_2"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Kozak, P., Klaban, I., \u0160lajs, T.: Industroyer cyber-attacks on Ukraine\u2019s critical infrastructure. In: International Conference on Military Technologies (ICMT), pp. 1\u20136. IEEE (2023)","DOI":"10.1109\/ICMT58149.2023.10171308"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"L\u00f3pez-Morales, E., et al.: Honeyplc: a next-generation honeypot for industrial control systems. In: SIGSAC Conference on Computer and Communications Security, pp. 279\u2013291. ACM (2020)","DOI":"10.1145\/3372297.3423356"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Lucchese, M., Lupia, F., Merro, M., Paci, F., Zannone, N., Furfaro, A.: HoneyICS: a high-interaction physics-aware honeynet for industrial control systems. In: International Conference on Availability, Reliability and Security. ACM (2023)","DOI":"10.1145\/3600160.3604984"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Lupia, F., Lucchese, M., Merro, M., Zannone, N.: ICS honeypot interactions: a latitudinal study. In: IEEE International Conference on Big Data, pp. 3025\u20133034. IEEE (2023)","DOI":"10.1109\/BigData59044.2023.10386497"},{"key":"8_CR19","unstructured":"Maesschalck, S., Giotsas, V., Race, N.: World wide ICS honeypots: a study into the deployment of Conpot honeypots. In: Industrial Control System Security Workshop (2021)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Mladenov, M., Erdodi, L., Smaragdakis, G.: All that glitters is not gold: Uncovering exposed industrial control systems and honeypots in the wild. In: European Symposium on Security and Privacy. IEEE (2025)","DOI":"10.1109\/EuroSP63326.2025.00017"},{"key":"8_CR21","unstructured":"Morishita, S., et al.: Detect me if you... oh wait. an internet-wide view of self-revealing honeypots. In: Symposium on Integrated Network and Service Management, pp. 134\u2013143. IEEE (2019)"},{"key":"8_CR22","unstructured":"Nardella, D.: Snap7. https:\/\/snap7.sourceforge.net\/. Accessed 07 June 2025"},{"key":"8_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/11506881_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"F Pouget","year":"2005","unstructured":"Pouget, F., Holz, T.: A pointillist approach for comparing honeypots. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 51\u201368. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11506881_4"},{"key":"8_CR24","unstructured":"Provos, N.: A virtual honeypot framework. In: USENIX Security Symposium, pp. 1\u201314 (2004)"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Rajkumar, R., Lee, I., Sha, L., Stankovic, J.: Cyber-physical systems: the next computing revolution. In: Design Automation Conference, pp. 731\u2013736 (2010)","DOI":"10.1145\/1837274.1837461"},{"key":"8_CR26","unstructured":"Shodan. https:\/\/www.shodan.io\/. Accessed 07 June 2025"},{"key":"8_CR27","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-319-19419-6_7","volume-title":"Computer Networks","author":"T Sochor","year":"2015","unstructured":"Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecie\u0144, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69\u201381. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-19419-6_7"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Srinivasa, S., Pedersen, J., Vasilomanolakis, E.: Interaction matters: a comprehensive analysis and a dataset of hybrid IoT\/OT honeypots. In: Annual Computer Security Applications Conference, pp. 742\u2013755. ACM (2022)","DOI":"10.1145\/3564625.3564645"},{"issue":"3","key":"8_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3584976","volume":"4","author":"S Srinivasa","year":"2023","unstructured":"Srinivasa, S., Pedersen, J., Vasilomanolakis, E.: Gotta catch\u2019em all: a multistage framework for honeypot fingerprinting. Digit. Threats: Res. Pract. 4(3), 1\u201328 (2023)","journal-title":"Digit. Threats: Res. Pract."},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Tambe, A., et al.: Detection of threats to IoT devices using scalable VPN-forwarded honeypots. In: Conference on Data and Application Security and Privacy, pp. 85\u201396. ACM (2019)","DOI":"10.1145\/3292006.3300024"},{"key":"8_CR31","unstructured":"Tcpdump. https:\/\/www.tcpdump.org. Accessed 07 June 2025"},{"key":"8_CR32","unstructured":"Vetterl, A., Clayton, R.: Bitter harvest: systematically fingerprinting low- and medium-interaction honeypots at internet scale. In: USENIX Workshop on Offensive Technologies. USENIX Association (2018)"},{"key":"8_CR33","unstructured":"Vyas, S., Hannay, J., Bolton, A., Burnap, P.P.: Automated cyber defence: a review. arXiv preprint arXiv:2303.04926 (2023)"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"You, J., Lv, S., Zhao, L., Niu, M., Shi, Z., Sun, L.: A scalable high-interaction physical honeypot framework for programmable logic controller. In: Vehicular Technology Conference, pp. 1\u20135. IEEE (2020)","DOI":"10.1109\/VTC2020-Fall49728.2020.9348483"},{"key":"8_CR35","unstructured":"Zou, J., Sun, Z., Ku, C., Li, X., Dahbura, A.: WiP: developing high-interaction honeypots to capture and analyze region-specific bot behaviors. In: Hot Topics in the Science of Security Symposium (2024)"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2025 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-16165-9_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T22:46:08Z","timestamp":1776638768000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-16165-9_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032161642","9783032161659"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-16165-9_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}