{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T05:55:32Z","timestamp":1777787732244,"version":"3.51.4"},"reference-count":93,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw. Sci. Eng."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tnse.2026.3683862","type":"journal-article","created":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T19:54:23Z","timestamp":1776369263000},"page":"8646-8665","source":"Crossref","is-referenced-by-count":0,"title":["HoneyLLMd: A Large Language Model-Powered Adaptive Honeypot System"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7363-9695","authenticated-orcid":false,"given":"Wenjun","family":"Fan","sequence":"first","affiliation":[{"name":"School of Engineering and Technology, University of Washington, Tacoma, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2655-9307","authenticated-orcid":false,"given":"Fei","family":"Du","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Liverpool, Liverpool, U.K."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9097-2186","authenticated-orcid":false,"given":"Zhihui","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Electrical and Systems Engineering, University of Pennsylvania, Philadelphia, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8738-8856","authenticated-orcid":false,"given":"Qiyu","family":"Cao","sequence":"additional","affiliation":[{"name":"School of Advanced Technology, Xi&#x2019;an Jiaotong-Liverrpool University, Suzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3488-9710","authenticated-orcid":false,"given":"Lekun","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Advanced Technology, Xi&#x2019;an Jiaotong-Liverpool University, Suzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3264-6466","authenticated-orcid":false,"given":"Kejing","family":"Chang","sequence":"additional","affiliation":[{"name":"School of Computing, National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5736-5823","authenticated-orcid":false,"given":"Sang-Yoon","family":"Chang","sequence":"additional","affiliation":[{"name":"Computer Science Department, University of Colorado, Colorado Springs, CO, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Honeypots: Tracking Hackers","author":"Spitzner","year":"2002"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2017.2762161"},{"key":"ref3","volume-title":"Virtual Honeypots: From Botnet Tracking to Intrusion Detection","volume":"1","author":"Provos","year":"2007"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS56928.2023.10154330"},{"key":"ref5","first-page":"15","article-title":"Collapsar: A VM-based architecture for network attack detention center","volume-title":"Proc. USENIX Secur. Symp.","author":"Jiang","year":"2004"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095825"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2501654.2501659"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.lindif.2023.102274"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3641289"},{"key":"ref10","first-page":"1","article-title":"A virtual honeypot framework","volume-title":"Proc. 13th Conf. USENIX Secur. Symp.","author":"Provos","year":"2004"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2009.9"},{"key":"ref12","first-page":"1","article-title":"HoneydV6: A low-interaction IPv6 honeypot","volume-title":"Proc. Int. Conf. Secur. Cryptogr.","author":"Schindler","year":"2013"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/FUZZ-IEEE.2018.8491456"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/850\/1\/012037"},{"key":"ref15","article-title":"Amun: A python honeypot","author":"Gbel","year":"2009"},{"key":"ref16","article-title":"Dionaea - catched bugs","author":"Project","year":"2019"},{"key":"ref17","article-title":"Cowrie","author":"Oosterhof","year":"2016"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217938"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI49370.2019.00035"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/SPW59333.2023.00005"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423356"},{"key":"ref22","article-title":"Caught in the act: Running a realistic factoryhoneypot to capture real threats","author":"Hilt","year":"2020","journal-title":"Trend Micro Res."},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2009.5202313"},{"key":"ref24","first-page":"47","article-title":"SHARK: Spy honeypot with advanced redirection kit","volume-title":"Proc. IEEE Workshop Monit., Attack Detection Mitigation","author":"Alberdi","year":"2007"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1330107.1330135"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2017.8074855"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3106669"},{"key":"ref28","article-title":"T-pot: The all in one multi honeypot platform","year":"2023"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.07.443"},{"key":"ref31","article-title":"How to use a reverse shell in metasploit","author":"Willcox","year":"2020"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36938-5_32"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34339-2_7"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/MENACOMM62946.2025.10911039"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-14039-1_5"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05118-0_51"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68542-7_6"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101579"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3318942"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2013.828802"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-014-1797-9"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/CITSM50537.2020.9268794"},{"key":"ref43","first-page":"302","article-title":"A honey-imprint enabled approach for resisting social engineering attacks","volume-title":"Proc. 24th Asia-Pacific Netw. Operations Manage. Symp.","author":"Zhong","year":"2023"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ICCWorkshops57953.2023.10283756"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2751478"},{"key":"ref46","first-page":"48","article-title":"Machine learning-based approach for enhancing multi-step attack prediction","volume-title":"Proc. 24th Asia-Pacific Netw. Operations Manage. Symp.","author":"Li","year":"2023"},{"key":"ref47","article-title":"HUNTGPT: Integrating machine learning-based anomaly detection and explainable ai with large language models (LLMS)","author":"Ali","year":"2023"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-10997-4_21"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3166628"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.23919\/ICACT.2017.7890056"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM48099.2022.10000682"},{"issue":"11","key":"ref52","first-page":"1","article-title":"IoTCandyJar: Toward SAN intelligent-interaction honeypot for IoT devices","volume-title":"Black Hat","volume":"1","author":"Luo","year":"2017"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3558482.3590195"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3769011"},{"key":"ref55","article-title":"Chatgpt","year":"2022"},{"key":"ref56","article-title":"How does GPT obtain its ability? tracing emergent abilities of language models to their sources","author":"Fu","year":"2022","journal-title":"Yao Fus Notion"},{"key":"ref57","first-page":"1877","article-title":"Language models are few-shot learners","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Brown","year":"2020"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833571"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179420"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623175"},{"key":"ref61","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2024.24401","article-title":"DeGPT: Optimizing decompiler output with LLM","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Hu","year":"2024"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2024.24556"},{"key":"ref63","article-title":"LLM agents can autonomously hack websites","author":"Fang","year":"2024"},{"key":"ref64","article-title":"LLM agents can autonomously exploit one-day vulnerabilities","author":"Fang","year":"2024"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2026.eacl-long.2"},{"key":"ref66","first-page":"847","article-title":"PENTESTGPT: Evaluating and harnessing large language models for automated penetration testing","volume-title":"Proc. USENIX Secur. Symp.","author":"Deng","year":"2024"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103424"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-10684-2_7"},{"key":"ref69","article-title":"React: Synergizing reasoning and acting in languagemodels","volume-title":"Proc. 11th Int. Conf. Learn. Representations","author":"Yao","year":"2022"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.52202\/075280-2997"},{"key":"ref71","article-title":"Augmented language models: A survey","author":"Mialon","year":"2023"},{"key":"ref72","first-page":"9459","article-title":"Retrieval-augmented generation for knowledge-intensive NLP tasks","volume-title":"Proc. Adv. Neural Inf. Process. Syst.","volume":"33","author":"Lewis","year":"2020"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3715007"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3655693.3655716"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3487351.3492723"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW55150.2022.00038"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/AIIoT58432.2024.10574658"},{"key":"ref78","doi-asserted-by":"crossref","DOI":"10.31219\/osf.io\/qpdjw","article-title":"Exploring applications of NLP to create deceptive sandbox environments with honeyfiles","author":"Ravi","year":"2023"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/3689935.3690394"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW61312.2024.00054"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/CSR61664.2024.10679411"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE59848.2023.00082"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104458"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ICCUBEA58933.2023.10392228"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2026.112223"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/CNS62487.2024.10735607"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-8801-9_13"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/CNS62487.2024.10735663"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/CSNT64827.2025.10968591"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-032-14782-0_7"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-023-28613-0"},{"key":"ref92","article-title":"Global SSH & Telnet Honeypot logs (Cowrie)","author":"Nlaha","year":"2022"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2025.104305"}],"container-title":["IEEE Transactions on Network Science and Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488902\/11264281\/11481625.pdf?arnumber=11481625","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T19:51:51Z","timestamp":1777492311000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11481625\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":93,"URL":"https:\/\/doi.org\/10.1109\/tnse.2026.3683862","relation":{},"ISSN":["2327-4697","2334-329X"],"issn-type":[{"value":"2327-4697","type":"electronic"},{"value":"2334-329X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}