{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T15:20:36Z","timestamp":1777130436806,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T00:00:00Z","timestamp":1698105600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"European Research Council","doi-asserted-by":"publisher","award":["Starting Grant ResolutioNet (679158)"],"award-info":[{"award-number":["Starting Grant ResolutioNet (679158)"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624826","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"282-296","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Fifteen Months in the Life of a Honeyfarm"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3728-9958","authenticated-orcid":false,"given":"Cristian","family":"Munteanu","sequence":"first","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbruecken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8846-8905","authenticated-orcid":false,"given":"Said Jawad","family":"Saidi","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbruecken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3425-9331","authenticated-orcid":false,"given":"Oliver","family":"Gasser","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbruecken, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology &amp; Max Planck Institute for Informatics, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5099-2448","authenticated-orcid":false,"given":"Anja","family":"Feldmann","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbruecken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Understanding the Mirai Botnet. In USENIX Security Symposium.","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In USENIX Security Symposium."},{"key":"e_1_3_2_2_2_1","unstructured":"P. Baecher M. Koetter and G. Wicherski. 2023. Nepenthes on GitHub. https:\/\/github.com\/jrwren\/nepenthes. (2023)."},{"key":"e_1_3_2_2_3_1","volume-title":"Annual Computer Security Applications Conference.","author":"Barron Timothy","year":"2017","unstructured":"Timothy Barron and Nick Nikiforakis. 2017. Picky attackers: Quantifying the role of system properties on intruder behavior. In Annual Computer Security Applications Conference."},{"key":"e_1_3_2_2_4_1","volume-title":"Alex C. Snoeren, and Michael Kallitsis.","author":"Benson Karyn","year":"2015","unstructured":"Karyn Benson, Alberto Dainotti, kc claffy, Alex C. Snoeren, and Michael Kallitsis. 2015. Leveraging Internet Background Radiation for Opportunistic Network Analysis. In ACM IMC."},{"key":"e_1_3_2_2_5_1","volume-title":"Towards NLP-based Processing of Honeypot Logs. IEEE European Symposium on Security and Privacy Workshops.","author":"Boffa Matteo","year":"2022","unstructured":"Matteo Boffa, Giulia Milan, Luca Vassio, Idilio Drago, Marco Mellia, and Zied Ben Houidi. 2022. Towards NLP-based Processing of Honeypot Logs. IEEE European Symposium on Security and Privacy Workshops."},{"key":"e_1_3_2_2_6_1","volume-title":"Iyer","author":"Cao Phuong M.","year":"2019","unstructured":"Phuong M. Cao, Yuming Wu, Subho S. Banerjee, Justin Azoff, Alex Withers, Zbigniew T. Kalbarczyk, and Ravishankar K. Iyer. 2019. CAUDIT: Continuous Auditing of SSH Servers To Mitigate Brute-Force Attacks. In NSDI."},{"key":"e_1_3_2_2_7_1","unstructured":"Cert.PL. 2023. Cert.PL. https:\/\/mwdb.cert.pl\/. (2023)."},{"key":"e_1_3_2_2_8_1","unstructured":"ClamAV. 2023. ClamAV. https:\/\/www.clamav.net\/. (2023)."},{"key":"e_1_3_2_2_9_1","unstructured":"Cowrie. 2019. Cowrie on GitHub. https:\/\/github.com\/cowrie\/cowrie. (2019)."},{"key":"e_1_3_2_2_10_1","volume-title":"Ferdinando Papale, and Antonio Pescap\u00e8.","author":"Dainotti Alberto","year":"2012","unstructured":"Alberto Dainotti, Alistair King, kc Claffy, Ferdinando Papale, and Antonio Pescap\u00e8. 2012. Analysis of a \"\/0\" Stealth Scan from a Botnet. ACM IMC."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"Alberto Dainotti Claudio Squarcella Emile Aben Kimberly C. Claffy Marco Chiesa Michele Russo and Antonio Pescap\u00e9. 2011. Analysis of Country-wide Internet Outages Caused by Censorship. In ACM IMC.","DOI":"10.1145\/2068816.2068818"},{"key":"e_1_3_2_2_12_1","volume-title":"Tianyin Xu, Yan Chen, and Jingyu Yang.","author":"Dang Fan","year":"2019","unstructured":"Fan Dang, Zhenhua Li, Yunhao Liu, Ennan Zhai, Qi Alfred Chen, Tianyin Xu, Yan Chen, and Jingyu Yang. 2019. Understanding Fileless Attacks on Linux-Based IoT Devices with HoneyCloud. In ACM MobiSys."},{"key":"e_1_3_2_2_13_1","unstructured":"DutchSec B.V. 2023. Honeytrap on GitHub. https:\/\/github.com\/honeytrap\/honeytrap. (2023)."},{"key":"e_1_3_2_2_14_1","volume-title":"Exploring Horizontal Honeypots for Security Monitoring. In IEEE European Symposium on Security and Privacy Workshops.","author":"Favale Thomas","year":"2022","unstructured":"Thomas Favale, Danilo Giordano, Idilio Drago, and Marco Mellia. 2022. What Scanners do at L7? Exploring Horizontal Honeypots for Security Monitoring. In IEEE European Symposium on Security and Privacy Workshops."},{"key":"e_1_3_2_2_15_1","unstructured":"FileScan.IO. 2023. FileScan.IO. https:\/\/www.filescan.io\/. (2023)."},{"key":"e_1_3_2_2_16_1","unstructured":"Vincent Ghiette Harm Griffioen and Christian Doerr. 2019. Fingerprinting Tooling used for SSH Compromisation Attempts. In RAID."},{"key":"e_1_3_2_2_17_1","unstructured":"Global Cyber Alliance. 2023. GCA AIDE - Automated IoT Defense Ecosystem. https:\/\/www.globalcyberalliance.org\/. (2023)."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"crossref","unstructured":"Harm Griffioen and Christian Doerr. 2020. Examining Mirai's Battle over the Internet of Things. In ACM CCS.","DOI":"10.1145\/3372297.3417277"},{"key":"e_1_3_2_2_19_1","volume-title":"Scan","author":"Griffioen Harm","unstructured":"Harm Griffioen, Kris Oosthoek, Paul van der Knaap, and Christian Doerr. 2021. Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks. In ACM CCS."},{"key":"e_1_3_2_2_20_1","unstructured":"Hwanjo Heo and Seungwon Shin. 2018. Who is Knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning. In ACM ASIACCS."},{"key":"e_1_3_2_2_21_1","volume-title":"USENIX Security Symposium.","author":"Hiesgen Raphael","year":"2022","unstructured":"Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, and Matthias W\u00e4hlisch. 2022. Spoki: Unveiling a New Wave of Scanners Through a Reactive Network Telescope. In USENIX Security Symposium."},{"key":"e_1_3_2_2_22_1","unstructured":"InQuest. 2023. InQuest. https:\/\/inquest.net\/. (2023)."},{"key":"e_1_3_2_2_23_1","unstructured":"SANS Internet Storm Center. 2023. DShield Honeypot. DShield Honeypot https:\/\/isc.sans.edu\/tools\/honeypot\/. (2023)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/EUROCON.2013.6624967"},{"key":"e_1_3_2_2_25_1","volume-title":"Amppot: Monitoring and defending against amplification ddos attacks. In RAID.","author":"Kr\u00e4mer Lukas","year":"2015","unstructured":"Lukas Kr\u00e4mer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, and Christian Rossow. 2015. Amppot: Monitoring and defending against amplification ddos attacks. In RAID."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Johannes Krupp Michael Backes and Christian Rossow. 2016. Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks. In ACM CCS.","DOI":"10.1145\/2976749.2978293"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_2_28_1","unstructured":"MaxMind. 2023. MaxMind. https:\/\/www.maxmind.com\/. (2023)."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1233341.1233399"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA400003"},{"key":"e_1_3_2_2_32_1","volume-title":"Network Telescopes: Technical Report. Technical Report","author":"Moore David","year":"2004","unstructured":"David Moore, Colleen Shannon, Geoffrey M Voelker, and Stefan Savage. 2004. Network Telescopes: Technical Report. Technical Report. Cooperative Association for Internet Data Analysis (CAIDA)."},{"key":"e_1_3_2_2_33_1","volume-title":"Oh Wait. An Internet-Wide View of Self-Revealing Honeypots. In IFIP\/IEEE Symposium on Integrated Network and Service Management.","author":"Morishita Shun","year":"2019","unstructured":"Shun Morishita, Takuya Hoizumi, Wataru Ueno, Rui Tanabe, Carlos Ga\u00f1\u00e1n, Michel J.G. van Eeten, Katsunari Yoshioka, and Tsutomu Matsumoto. 2019. Detect Me If You... Oh Wait. An Internet-Wide View of Self-Revealing Honeypots. In IFIP\/IEEE Symposium on Integrated Network and Service Management."},{"key":"e_1_3_2_2_34_1","volume-title":"SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots","author":"Nawrocki Marcin","unstructured":"Marcin Nawrocki, John Kristoff, Raphael Hiesgen, Chris Kanich, Thomas C. Schmidt, and Matthias W\u00e4hlisch. 2023. SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots. In IEEE Euro S&P."},{"key":"e_1_3_2_2_35_1","volume-title":"Thomas C. Schmidt, Christian Keil, and Jochen Sch\u00f6 nfelder.","author":"Nawrocki Marcin","year":"2016","unstructured":"Marcin Nawrocki, Matthias W\u00e4 hlisch, Thomas C. Schmidt, Christian Keil, and Jochen Sch\u00f6 nfelder. 2016. A Survey on Honeypot Software and Data Analysis. CoRR (2016). http:\/\/arxiv.org\/abs\/1608.06249"},{"key":"e_1_3_2_2_36_1","volume-title":"Dipping Into The Honeypot. https:\/\/www.netscout.com\/blog\/asert\/dipping-honeypot. (Oct","author":"Team NetScout ASERT","year":"2018","unstructured":"NetScout ASERT Team. 2018. Dipping Into The Honeypot. https:\/\/www.netscout.com\/blog\/asert\/dipping-honeypot. (Oct 2018)."},{"key":"e_1_3_2_2_37_1","unstructured":"Honeynet Project. 2023. The Honeynet Project. https:\/\/www.honeynet.org\/about\/. (2023)."},{"key":"e_1_3_2_2_38_1","volume-title":"USENIX Security Symposium.","author":"Provos Niels","year":"2004","unstructured":"Niels Provos. 2004. A Virtual Honeypot Framework. In USENIX Security Symposium."},{"key":"e_1_3_2_2_39_1","unstructured":"Niels Provos. 2023. Developments of the Honeyd Virtual Honeypot. https:\/\/www.honeyd.org\/. (2023)."},{"key":"e_1_3_2_2_40_1","unstructured":"Rapid7. 2023. Project Heisenberg. Rapid7 https:\/\/www.rapid7.com\/research\/project-heisenberg\/. (2023)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"crossref","unstructured":"Philipp Richter and Arthur Berger. 2019. Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope. In ACM IMC.","DOI":"10.1145\/3355369.3355595"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","unstructured":"Philipp Richter Oliver Gasser and Arthur Berger. 2022. Illuminating Large-Scale IPv6 Scanning in the Internet. In ACM IMC.","DOI":"10.1145\/3517745.3561452"},{"key":"e_1_3_2_2_43_1","unstructured":"RIPE. 2023. RIPE Stat. https:\/\/stat.ripe.net\/. (2023)."},{"key":"e_1_3_2_2_44_1","volume-title":"Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS","author":"Rossow Christian","year":"2014","unstructured":"Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. NDSS (2014)."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW55150.2022.00036"},{"key":"e_1_3_2_2_46_1","unstructured":"Shodan. 2023. Honeypot Or Not? Shodan ttps:\/\/honeyscore.shodan.io. (2023)."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1193207"},{"key":"e_1_3_2_2_48_1","unstructured":"T-Systems. 2023. The T-Sec Radar shows cyber attacks happening worldwide on our and our partners' honeypot infrastructure. . T-Sec Radar https:\/\/www.sicherheitstacho.eu\/start\/main. (2023)."},{"key":"e_1_3_2_2_49_1","unstructured":"The Honeynet Project. 2023. The Honeynet Project. https:\/\/www.honeynet.org\/. (2023)."},{"key":"e_1_3_2_2_50_1","volume-title":"Symposium on Electronic Crime Research (eCrime).","author":"Thomas Daniel R.","unstructured":"Daniel R. Thomas, Richard Clayton, and Alastair R. Beresford. 2017. 1000 days of UDP amplification DDoS attacks. In Symposium on Electronic Crime Research (eCrime)."},{"key":"e_1_3_2_2_51_1","volume-title":"Thinkst Canary, and Tines. https:\/\/www.runzero.com\/blog\/contextualize-honeypot-alerts\/. (Oct","author":"Varner Justin","year":"2022","unstructured":"Justin Varner. 2022. Contextualize honeypot alerts automatically with GreyNoise, runZero, Thinkst Canary, and Tines. https:\/\/www.runzero.com\/blog\/contextualize-honeypot-alerts\/. (Oct 2022)."},{"key":"e_1_3_2_2_52_1","volume-title":"USENIX Workshop on Offensive Technologies.","author":"Vetterl Alexander","year":"2018","unstructured":"Alexander Vetterl and Richard Clayton. 2018. Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale. In USENIX Workshop on Offensive Technologies."},{"key":"e_1_3_2_2_53_1","volume-title":"Counting Outdated Honeypots: Legal and Useful. In IEEE Security and Privacy Workshops.","author":"Vetterl Alexander","year":"2019","unstructured":"Alexander Vetterl, Richard Clayton, and Ian Walden. 2019. Counting Outdated Honeypots: Legal and Useful. In IEEE Security and Privacy Workshops."},{"key":"e_1_3_2_2_54_1","unstructured":"VirusTotal. 2023. VirusTotal. https:\/\/www.virustotal.com\/. (2023)."},{"key":"e_1_3_2_2_55_1","volume-title":"Harm Griffioen, Michalis Kallitsis, Alberto Dainotti, Georgios Smaragdakis, and Anja Feldmann.","author":"Wagner Daniel","year":"2023","unstructured":"Daniel Wagner, Sahil Ashish Ranadive, Harm Griffioen, Michalis Kallitsis, Alberto Dainotti, Georgios Smaragdakis, and Anja Feldmann. 2023. How to Operate a Meta-Telescope in your Spare Time. In ACM IMC."},{"key":"e_1_3_2_2_56_1","unstructured":"Yuming Wu Phuong M Cao Alexander Withers Zbigniew T Kalbarczyk and Ravishankar K Iyer. 2020. Mining Threat Intelligence from Billion-scale SSH Brute-Force Attacks. (2020)."},{"key":"e_1_3_2_2_57_1","unstructured":"YOROI YOMI. 2023. YOROI YOMI. https:\/\/yomi.yoroi.company\/. (2023)."}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","location":"Montreal QC Canada","acronym":"IMC '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624826","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624826","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:17:36Z","timestamp":1755868656000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624826"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":57,"alternative-id":["10.1145\/3618257.3624826","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624826","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}