{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,28]],"date-time":"2025-12-28T19:50:55Z","timestamp":1766951455518,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":107,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,28]]},"DOI":"10.1145\/3730567.3764475","type":"proceedings-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:22:38Z","timestamp":1763738558000},"page":"628-644","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Attacks Come to Those Who Wait: Long-Term Observations in an SSH Honeynet"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3728-9958","authenticated-orcid":false,"given":"Cristian","family":"Munteanu","sequence":"first","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbrucken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-6304-0095","authenticated-orcid":false,"given":"Yogesh Bhargav","family":"Suriyanarayanan","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbrucken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands and Max Planck Institute for Informatics, Saarbrucken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5530-6993","authenticated-orcid":false,"given":"Anja","family":"Feldmann","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbrucken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0163-5134","authenticated-orcid":false,"given":"Tobias","family":"Fiebig","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbrucken, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2020. Git Crypto Miner Hack. https:\/\/github.com\/dangoldin\/crypto-minerhack."},{"key":"e_1_3_2_2_2_1","unstructured":"2021. WorkMiner Bot. https:\/\/www.a1ee.cn\/medium\/workminer\/."},{"key":"e_1_3_2_2_3_1","unstructured":"2024. C2-Daily-Feed. https:\/\/github.com\/criminalip\/C2-Daily-Feed."},{"key":"e_1_3_2_2_4_1","unstructured":"2024. Dreambox Configuration. https:\/\/dreamboxedit.com\/en\/workshop-2\/konfiguration\/."},{"key":"e_1_3_2_2_5_1","unstructured":"2024. Dreambox Enigma 1. https:\/\/dreambox.de\/board\/index.php?board\/15-enigma-1-alle-themen\/."},{"key":"e_1_3_2_2_6_1","unstructured":"2024. Killnet: Inside the World's Most Prominent Pro-Kremlin Hacktivist Collective. https:\/\/flashpoint.io\/intelligence-101\/killnet\/."},{"key":"e_1_3_2_2_7_1","unstructured":"2024. PeeringDB. https:\/\/www.peeringdb.com."},{"key":"e_1_3_2_2_8_1","unstructured":"2024. ZNC. https:\/\/wiki.znc.in\/ZNC."},{"key":"e_1_3_2_2_9_1","volume-title":"van Oorschot","author":"Abdou AbdelRahman","year":"2016","unstructured":"AbdelRahman Abdou, David Barrera, and Paul C. van Oorschot. 2016. What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks. In International Conference on Passwords. Springer International Publishing, Cham, 72--91."},{"key":"e_1_3_2_2_10_1","unstructured":"abuse.ch. 2024. abuse.ch: Fighting Malware and Botnets. https:\/\/abuse.ch\/."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103629"},{"key":"e_1_3_2_2_12_1","volume-title":"Understanding the Mirai Botnet. In USENIX Security Symposium.","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In USENIX Security Symposium."},{"key":"e_1_3_2_2_13_1","unstructured":"Daryna Antoniuk. 2023. Ukraine energy facility took unique Sandworm hit on day of missile strikes report says. https:\/\/therecord.media\/sandworm-attackukraine-energy-facility-missile-strikes."},{"key":"e_1_3_2_2_14_1","unstructured":"Daryna Antoniuk. 2024. Russian hackers infiltrated Ukrainian telecom giant months before cyberattack. https:\/\/therecord.media\/russians-infiltratedkyivstar-months-before."},{"key":"e_1_3_2_2_15_1","unstructured":"ArmstrongTechs. 2024. ArmstrongTechs Indicators-of-compromise-IOCs. https:\/\/github.com\/ArmstrongTechs\/Indicators-of-compromise-IOCs?tab=readme-ov-file."},{"key":"e_1_3_2_2_16_1","unstructured":"P. Baecher M. Koetter and G. Wicherski. 2023. Nepenthes on GitHub. https:\/\/github.com\/jrwren\/nepenthes."},{"key":"e_1_3_2_2_17_1","volume-title":"Annual Computer Security Applications Conference.","author":"Barron Timothy","year":"2017","unstructured":"Timothy Barron and Nick Nikiforakis. 2017. Picky attackers: Quantifying the role of system properties on intruder behavior. In Annual Computer Security Applications Conference."},{"key":"e_1_3_2_2_18_1","volume-title":"Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"B\u00e4umer Fabian","year":"2024","unstructured":"Fabian B\u00e4umer, Marcus Brinkmann, and J\u00f6rg Schwenk. 2024. Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation. In 33rd USENIX Security Symposium (USENIX Security 24). 7463--7480."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/UBMK52708.2021.9558948"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-33229-7_21"},{"key":"e_1_3_2_2_21_1","unstructured":"Blog Port22. 2022. mdrfckrs -- part one. https:\/\/blog.port22.dk\/mdrfckrs-partone\/."},{"key":"e_1_3_2_2_22_1","unstructured":"Blog Port22. 2022. mdrfckrs -- part two. https:\/\/blog.port22.dk\/mdrfckrs-parttwo\/."},{"key":"e_1_3_2_2_23_1","volume-title":"Towards NLP-based Processing of Honeypot Logs. In IEEE European Symposium on Security and Privacy Workshops.","author":"Boffa Matteo","year":"2022","unstructured":"Matteo Boffa, Giulia Milan, Luca Vassio, Idilio Drago, Marco Mellia, and Zied Ben Houidi. 2022. Towards NLP-based Processing of Honeypot Logs. In IEEE European Symposium on Security and Privacy Workshops."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.5815\/ijcnis.2012.10.07"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2019.8885003"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI46756.2018.00012"},{"volume-title":"The Cybersecurity Service for the Union institutions, bodies, offices and agencies","year":"2024","key":"e_1_3_2_2_27_1","unstructured":"CERT-EU: The Cybersecurity Service for the Union institutions, bodies, offices and agencies. 2024. Cyber Security Brief 24-02 - January 2024; APT29 cyberattacks. https:\/\/cert.europa.eu\/publications\/threat-intelligence\/cb24-02\/."},{"key":"e_1_3_2_2_28_1","first-page":"1","article-title":"IoT malware: Comprehensive survey, analysis framework and case studies","volume":"1","author":"Costin Andrei","year":"2018","unstructured":"Andrei Costin and Jonas Zaddach. 2018. IoT malware: Comprehensive survey, analysis framework and case studies. BlackHat USA 1, 1 (2018), 1--9.","journal-title":"BlackHat USA"},{"key":"e_1_3_2_2_29_1","unstructured":"Cowrie. 2024. Cowrie on GitHub. https:\/\/github.com\/cowrie\/cowrie."},{"key":"e_1_3_2_2_30_1","unstructured":"Cyber Peace Institute. 2023. Cyber Dimensions of the Armed Conflict in Ukraine. https:\/\/cyberconflicts.cyberpeaceinstitute.org\/report."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30143-1_3"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/363958.363994"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7178164"},{"key":"e_1_3_2_2_34_1","unstructured":"DutchSec B.V. 2023. Honeytrap on GitHub. https:\/\/github.com\/honeytrap\/honeytrap."},{"key":"e_1_3_2_2_35_1","unstructured":"Tobias Fiebig. 2013. Getting back at Trudy: SSH Botnet Member Credential Collection using Connect Back Honeypots. (2013). Universiteit van Amsterdam."},{"key":"e_1_3_2_2_36_1","volume-title":"Igloo22225, Jeroen Massar, Job Snijders, Molly Miller, Puck Meerburg, Roelf Wichertjes, Tim Stallard, and Tommy Bowditch.","author":"Fillan Basil","year":"2023","unstructured":"Basil Fillan, Ben Cartwright-Cox, Cynthia Revstr\u00f6m, Elimalko Saado, eraters, Igloo22225, Jeroen Massar, Job Snijders, Molly Miller, Puck Meerburg, Roelf Wichertjes, Tim Stallard, and Tommy Bowditch. 2023. BGP.tools. https:\/\/bgp.tools\/."},{"key":"e_1_3_2_2_37_1","unstructured":"Jason Firch. 2022. Russian Hacktivists Killnet Take Down US Airport Websites. https:\/\/purplesec.us\/breach-report\/killnet-ddos-airport-websites\/."},{"key":"e_1_3_2_2_38_1","volume-title":"On Recognizing Virtual Honeypots and Countermeasures. In 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing. IEEE, 211--218","author":"Fu Xinwen","year":"2006","unstructured":"Xinwen Fu, Wei Yu, Dan Cheng, Xuejun Tan, Kevin Streff, and Steve Graham. 2006. On Recognizing Virtual Honeypots and Countermeasures. In 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing. IEEE, 211--218."},{"key":"e_1_3_2_2_39_1","unstructured":"Vincent Ghiette Harm Griffioen and Christian Doerr. 2019. Fingerprinting Tooling used for SSH Compromisation Attempts. In RAID."},{"key":"e_1_3_2_2_40_1","unstructured":"Global Cyber Alliance. 2023. GCA AIDE -- Automated IoT Defense Ecosystem. https:\/\/www.globalcyberalliance.org\/."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688409"},{"key":"e_1_3_2_2_42_1","unstructured":"Hewlett Packard. 2022. HP Poly acquisition. https:\/\/www.hp.com\/us-en\/newsroom\/press-releases\/2022\/hp-inc-completes-acquisition-of-poly.html."},{"key":"e_1_3_2_2_43_1","volume-title":"USENIX Security Symposium.","author":"Hiesgen Raphael","year":"2022","unstructured":"Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, and Matthias W\u00e4hlisch. 2022. Spoki: Unveiling a NewWave of Scanners Through a Reactive Network Telescope. In USENIX Security Symposium."},{"key":"e_1_3_2_2_44_1","unstructured":"Shane Huntley. 2023. Fog of war: how the Ukraine conflict transformed the cyber threat. (2023). https:\/\/blog.google\/threat-analysis-group\/fog-of-warhow- the-ukraine-conflict-transformed-the-cyber-threat-landscape\/"},{"key":"e_1_3_2_2_45_1","volume-title":"Cloud Watching: Understanding Attacks Against Cloud-hosted Services. In Internet Measurement Conference. 313--327","author":"Izhikevich Liz","year":"2023","unstructured":"Liz Izhikevich, Manda Tran, Michalis Kallitsis, Aurore Fass, and Zakir Durumeric. 2023. Cloud Watching: Understanding Attacks Against Cloud-hosted Services. In Internet Measurement Conference. 313--327."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963437"},{"key":"e_1_3_2_2_47_1","volume-title":"Zero Botnets: An Observe-Pursue-Counter Approach. arXiv preprint arXiv:2201.06068","author":"Kepner Jeremy","year":"2022","unstructured":"Jeremy Kepner, Jonathan Bernays, Stephen Buckley, Kenjiro Cho, Cary Conrad, Leslie Daigle, Keeley Erhardt, Vijay Gadepally, Barry Greene, Michael Jones, et al. 2022. Zero Botnets: An Observe-Pursue-Counter Approach. arXiv preprint arXiv:2201.06068 (2022)."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427477.3429772"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3539009"},{"key":"e_1_3_2_2_50_1","unstructured":"Kippo. 2019. Kippo on GitHub. https:\/\/github.com\/desaster\/kippo."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/EUROCON.2013.6624967"},{"key":"e_1_3_2_2_52_1","volume-title":"Conference on Cyber Conflict. CCD COE Publications. Tallinn, Estonia. Citeseer, 21--44","author":"Kotenko Igor","year":"2010","unstructured":"Igor Kotenko, Alexey Konovalov, and Andrey Shorov. 2010. Agent-based modeling and simulation of botnets and botnet defense. In Conference on Cyber Conflict. CCD COE Publications. Tallinn, Estonia. Citeseer, 21--44."},{"key":"e_1_3_2_2_53_1","volume-title":"Proceedings of the Soviet physics doklady","author":"Levenshtein VI","year":"1966","unstructured":"VI Levenshtein. 1966. Binary codes capable of correcting deletions, insertions, and reversals. Proceedings of the Soviet physics doklady (1966)."},{"volume-title":"Passive and Active Measurement","author":"Li Vector Guo","key":"e_1_3_2_2_54_1","unstructured":"Vector Guo Li, Gautam Akiwate, Kirill Levchenko, Geoffrey M Voelker, and Stefan Savage. 2021. iClairvoyance: Inferring blocklist use on the internet. In Passive and Active Measurement. Springer, 57--75."},{"key":"e_1_3_2_2_55_1","first-page":"1","article-title":"Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices","volume":"1","author":"Luo Tongbo","year":"2017","unstructured":"Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, and Xin Ouyang. 2017. Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices. Black Hat 1 (2017), 1--11.","journal-title":"Black Hat"},{"key":"e_1_3_2_2_56_1","unstructured":"Jessica Lyons. 2024. Kremlin's Sandworm blamed for cyberattacks on US European water utilities. https:\/\/www.theregister.com\/2024\/04\/17\/russia_sandworm_cyberattacks_water\/."},{"key":"e_1_3_2_2_57_1","volume-title":"Mdrfckr: How to stay safe online this festive season. https:\/\/malware.news\/t\/dota-campaign-analyzing-a-coin-mining-andremote-access-hybrid-campaign\/30326.","author":"News Malware","year":"2019","unstructured":"Malware News. 2019. Mdrfckr: How to stay safe online this festive season. https:\/\/malware.news\/t\/dota-campaign-analyzing-a-coin-mining-andremote-access-hybrid-campaign\/30326."},{"volume-title":"Polycom Lync Update","year":"2017","key":"e_1_3_2_2_58_1","unstructured":"Microsoft. 2017. Polycom Lync Update 2017. https:\/\/support.microsoft.com\/enus\/ topic\/april-2017-cumulative-update-for-microsoft-lync-phone-editionfor-polycom-cx500-polycom-cx600-and-polycom-cx3000-telephoneskb4019529--7c85b54c-e4b1--44a8-b07b-e61d3eb92359."},{"key":"e_1_3_2_2_59_1","unstructured":"Microsoft. 2022. An overview of Russia's cyberattack activity in Ukraine. https:\/\/www.microsoft.com\/en-us\/security\/security-insider\/intelligencereports\/special-report-ukraine."},{"key":"e_1_3_2_2_60_1","unstructured":"Nguyen Quang Minh. 2019. Dasan H660DW. https:\/\/www.minhng99.cloud\/Exploring-router-Dasan_H660DW\/."},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1233341.1233399"},{"key":"e_1_3_2_2_62_1","unstructured":"Stephen Mondiguing. 2024. KillNet DDoS Blocklist. https:\/\/github.com\/securityscorecard\/SSC-Threat-Intel-IoCs\/tree\/master\/KillNet-DDoSBlocklist."},{"key":"e_1_3_2_2_63_1","volume-title":"Oliver Gasser, Georgios Smaragdakis, and Anja Feldmann.","author":"Munteanu Cristian","year":"2023","unstructured":"Cristian Munteanu, Said Jawad Saidi, Oliver Gasser, Georgios Smaragdakis, and Anja Feldmann. 2023. Fifteen Months in the Life of a Honeyfarm. In ACM IMC."},{"key":"e_1_3_2_2_64_1","volume-title":"A guided tour to approximate string matching. ACM computing surveys (CSUR) 33, 1","author":"Navarro Gonzalo","year":"2001","unstructured":"Gonzalo Navarro. 2001. A guided tour to approximate string matching. ACM computing surveys (CSUR) 33, 1 (2001), 31--88."},{"volume-title":"SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots","author":"Nawrocki Marcin","key":"e_1_3_2_2_65_1","unstructured":"Marcin Nawrocki, John Kristoff, Raphael Hiesgen, Chris Kanich, Thomas C. Schmidt, and Matthias W\u00e4hlisch. 2023. SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots. In IEEE Euro S&P."},{"key":"e_1_3_2_2_66_1","volume-title":"A Survey on Honeypot Software and Data Analysis. CoRR","author":"Nawrocki Marcin","year":"2016","unstructured":"Marcin Nawrocki, Matthias W\u00e4hlisch, Thomas C. Schmidt, Christian Keil, and Jochen Sch\u00f6nfelder. 2016. A Survey on Honeypot Software and Data Analysis. CoRR (2016). http:\/\/arxiv.org\/abs\/1608.06249"},{"key":"e_1_3_2_2_67_1","unstructured":"Michel Oosterhof. 2025. Cowrie Docs. https:\/\/readthedocs.org\/projects\/cowrie\/downloads\/pdf\/latest\/."},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.24.522"},{"key":"e_1_3_2_2_69_1","unstructured":"James Pearson. 2023. Russian spies behind cyber attack on Ukraine power grid in 2022 - researchers. https:\/\/www.reuters.com\/technology\/cybersecurity\/russianspies-behind-cyberattack-ukrainian-power-grid-2022-researchers-2023--11-09\/."},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2398776.2398821"},{"key":"e_1_3_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/EIConRus.2019.8657100"},{"key":"e_1_3_2_2_72_1","volume-title":"Nathan Brubaker, Tyler McLellan, and Chris Sistrunk.","author":"Proska Ken","year":"2023","unstructured":"Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, and Chris Sistrunk. 2023. Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/sandworm-disrupts-power-ukraine-operational-technology\/."},{"key":"e_1_3_2_2_73_1","unstructured":"Niels Provos. 2023. Developments of the Honeyd Virtual Honeypot. https:\/\/www.honeyd.org\/."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICITCS.2016.7740316"},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC42927.2021.9500859"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2011.29"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW55150.2022.00036"},{"key":"e_1_3_2_2_78_1","volume-title":"Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24)","author":"Singh Sachin Kumar","year":"2024","unstructured":"Sachin Kumar Singh, Shreeman Gautam, Cameron Cartier, Sameer Patil, and Robert Ricci. 2024. Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24). USENIX Association, Santa Clara, CA, 1731--1750. https:\/\/www.usenix.org\/conference\/nsdi24\/presentation\/singhsachin"},{"key":"e_1_3_2_2_79_1","volume-title":"3rd International Conference on Malicious and Unwanted Software (MALWARE). IEEE, 57--64","author":"Sinha Sushant","year":"2008","unstructured":"Sushant Sinha, Michael Bailey, and Farnam Jahanian. 2008. Shades of Grey: On the effectiveness of reputation-based ''blacklists''. In 3rd International Conference on Malicious and Unwanted Software (MALWARE). IEEE, 57--64."},{"key":"e_1_3_2_2_80_1","volume-title":"Major Cyberattack","author":"Radar SOC","year":"2024","unstructured":"SOC Radar. 2024. Major Cyberattack April 2024: Sandworm. https:\/\/socradar.io\/major-cyber-attacks-in-review-april-2024\/."},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_2_82_1","volume-title":"Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets. In International Conference on Passive and Active Network Measurement. Springer, 209--226","author":"Streibelt Florian","year":"2023","unstructured":"Florian Streibelt, Martina Lindorfer, Seda G\u00fcrses, Carlos H Ga\u00f1\u00e1n, and Tobias Fiebig. 2023. Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets. In International Conference on Passive and Active Network Measurement. Springer, 209--226."},{"key":"e_1_3_2_2_83_1","unstructured":"Cymru Team. 2024. IP to ASN mapping. http:\/\/www.team-cymru.org\/IP-ASNmapping.html (2024)."},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.3390\/fi13080198"},{"key":"e_1_3_2_2_85_1","unstructured":"The Honeynet Project. 2023. The Honeynet Project. https:\/\/www.honeynet.org\/."},{"key":"e_1_3_2_2_86_1","unstructured":"The ShadowserverFoundation. 2024. Compromised SSH Host Special Report. https:\/\/www.shadowserver.org\/what-we-do\/network-reporting\/compromised-ssh-host-special\/."},{"key":"e_1_3_2_2_87_1","unstructured":"Trendmicro. 2018. Trendmicro Outlaw Hacking Group. https:\/\/www.trendmicro.com\/de_de\/research\/18\/k\/outlaw-group-distributesbotnet- for-cryptocurrency-mining-scanning-and-brute-force.html."},{"key":"e_1_3_2_2_88_1","unstructured":"Alex Turing Hui Wang and Genshen Ye. 2021. The death of Mozi. https:\/\/blog.netlab.360.com\/the_death_of_mozi_cn."},{"key":"e_1_3_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS.2019.8757534"},{"key":"e_1_3_2_2_90_1","first-page":"5","article-title":"A survey on anti-honeypot and anti-introspection methods","volume":"2","author":"Uitto Joni","year":"2017","unstructured":"Joni Uitto, Sampsa Rauti, Samuel Laur\u00e9n, and Ville Lepp\u00e4nen. 2017. A survey on anti-honeypot and anti-introspection methods. In Recent Advances in Information Systems and Technologies: Volume 2 5. Springer, 125--134.","journal-title":"Recent Advances in Information Systems and Technologies"},{"key":"e_1_3_2_2_91_1","unstructured":"Ukrainska Pravda. 2024. US charges 6 Russians with cyberattack on Ukraine and NATO before 2022 full-scale invasion. https:\/\/www.pravda.com.ua\/eng\/news\/2024\/09\/5\/7473672\/."},{"key":"e_1_3_2_2_92_1","unstructured":"US Department of Justice. 2024. Russian National Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data. https:\/\/www.justice.gov\/opa\/pr\/russian-national-chargedconspiring-russia-military-intelligence-destroy-ukrainian."},{"key":"e_1_3_2_2_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00025"},{"key":"e_1_3_2_2_94_1","unstructured":"VirusTotal. 2024. VirusTotal. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095825"},{"key":"e_1_3_2_2_96_1","volume-title":"Flow-based brute-force attack detection in large and highspeed networks","author":"Vykopal Jan","year":"2013","unstructured":"Jan Vykopal. 2013. Flow-based brute-force attack detection in large and highspeed networks. Masaryk University (Brno, Czech Republic), PhD Thesis (2013)."},{"key":"e_1_3_2_2_97_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICFN.2009.36"},{"key":"e_1_3_2_2_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/2377677.2377743"},{"key":"e_1_3_2_2_99_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60753-5_19"},{"key":"e_1_3_2_2_100_1","volume-title":"Design and Implementation ofWeb Honeypot Detection System Based on Search Engine. In 2020 International Conference on Intelligent Computing, Automation and Systems (ICICAS). IEEE, 130--135","author":"Wang Binbin","year":"2020","unstructured":"Binbin Wang, Yilian Zhang, Minjie Zhu, and Yan Chen. 2020. Design and Implementation ofWeb Honeypot Detection System Based on Search Engine. In 2020 International Conference on Intelligent Computing, Automation and Systems (ICICAS). IEEE, 130--135."},{"key":"e_1_3_2_2_101_1","doi-asserted-by":"publisher","DOI":"10.3390\/app11125713"},{"key":"e_1_3_2_2_102_1","article-title":"Busybox: A swiss army knife for linux","volume":"2000","author":"Wells Nicholas","year":"2000","unstructured":"Nicholas Wells. 2000. Busybox: A swiss army knife for linux. Linux Journal 2000, 78es (2000), 10--es.","journal-title":"Linux Journal"},{"key":"e_1_3_2_2_103_1","unstructured":"Yuming Wu Phuong M Cao Alexander Withers Zbigniew T Kalbarczyk and Ravishankar K Iyer. 2020. Mining Threat Intelligence from Billion-scale SSH Brute-Force Attacks. (2020)."},{"key":"e_1_3_2_2_104_1","unstructured":"Yoroi. 2020. Yoroi Outlaw Hacking Group. https:\/\/yoroi.company\/research\/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations\/."},{"key":"e_1_3_2_2_105_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2279800"},{"key":"e_1_3_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/3605758.3623495"},{"key":"e_1_3_2_2_107_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00122"}],"event":{"name":"IMC '25:ACM Internet Measurement Conference","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"],"location":"Madison WI USA"},"container-title":["Proceedings of the 2025 ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3730567.3764475","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,28]],"date-time":"2025-12-28T19:46:40Z","timestamp":1766951200000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3730567.3764475"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,28]]},"references-count":107,"alternative-id":["10.1145\/3730567.3764475","10.1145\/3730567"],"URL":"https:\/\/doi.org\/10.1145\/3730567.3764475","relation":{},"subject":[],"published":{"date-parts":[[2025,10,28]]},"assertion":[{"value":"2025-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}