{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:56:32Z","timestamp":1763740592739,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":96,"publisher":"ACM","funder":[{"name":"European Commission","award":["Horizon Europe Programme&#x3a; SafeHorizon &#x23;101168562 AND RECITALS &#x23;101168490"],"award-info":[{"award-number":["Horizon Europe Programme&#x3a; SafeHorizon &#x23;101168562 AND RECITALS &#x23;101168490"]}]},{"name":"NWO","award":["ADAPTIve"],"award-info":[{"award-number":["ADAPTIve"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,28]]},"DOI":"10.1145\/3730567.3764481","type":"proceedings-article","created":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:22:38Z","timestamp":1763738558000},"page":"709-726","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Decoy Databases: Analyzing Attacks on Public Facing Databases"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-9010-8668","authenticated-orcid":false,"given":"Yuqian","family":"Song","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7990-7802","authenticated-orcid":false,"given":"Harm","family":"Griffioen","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"HTB: Surveillance. https:\/\/0xdf.gitlab.io\/2024\/04\/20\/htb-surveillance.html","year":"2024","unstructured":"0xdf. 2024. HTB: Surveillance. https:\/\/0xdf.gitlab.io\/2024\/04\/20\/htb-surveillance.html"},{"key":"e_1_3_2_1_2_1","unstructured":"AbuseIPDB. 2024. AbuseIPDB. https:\/\/www.abuseipdb.com\/"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. 77-82","author":"Allman Mark","year":"2007","unstructured":"Mark Allman, Vern Paxson, and Jeff Terrell. 2007. A Brief History of Scanning. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. 77-82."},{"key":"e_1_3_2_1_4_1","volume-title":"2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). IEEE, 900-906","author":"Almohannadi Hamad","year":"2018","unstructured":"Hamad Almohannadi, Irfan Awan, Jassim Al Hamar, Andrea Cullen, Jules Pagan Disso, and Lorna Armitage. 2018. Cyber Threat Intelligence from Honeypot Data using Elasticsearch. In 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). IEEE, 900-906."},{"key":"e_1_3_2_1_5_1","volume-title":"Aggressive Internet-Wide Scanners: Network Impact and Longitudinal Characterization. In Companion of the 19th International Conference on emerging Networking EXperiments and Technologies. 1-8.","author":"Anand Aniket","year":"2023","unstructured":"Aniket Anand, Michalis Kallitsis, Jackson Sippe, and Alberto Dainotti. 2023. Aggressive Internet-Wide Scanners: Network Impact and Longitudinal Characterization. In Companion of the 19th International Conference on emerging Networking EXperiments and Technologies. 1-8."},{"key":"e_1_3_2_1_6_1","volume-title":"Use of Honeypots for Mitigating DoS Attacks Targeted on IoT Networks. In 2017 International conference on computer, communication and signal processing (ICCCSP). IEEE, 1-4.","author":"Anirudh M","year":"2017","unstructured":"M Anirudh, S Arul Thileeban, and Daniel Jeswin Nallathambi. 2017. Use of Honeypots for Mitigating DoS Attacks Targeted on IoT Networks. In 2017 International conference on computer, communication and signal processing (ICCCSP). IEEE, 1-4."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994487.2994493"},{"key":"e_1_3_2_1_8_1","unstructured":"AquilaIrreale. 2024. Mongodb Honeypot Github Repo. https:\/\/github.com\/AquilaIrreale\/mongodb-honeypot"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423613"},{"key":"e_1_3_2_1_10_1","unstructured":"AT&T. 2024. AT&T Addresses Illegal Download of Customer Data. https:\/\/about.att.com\/story\/2024\/addressing-illegal-download.html."},{"key":"e_1_3_2_1_11_1","unstructured":"author. 2024. FEODO tracker Abuse.ch. uhttps:\/\/feodotracker.abuse.ch\/blocklist\/l"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Richard J Barnett and Barry Irwin. 2008. Towards a Taxonomy of Network Scanning Techniques. In Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology. 1-7.","DOI":"10.1145\/1456659.1456660"},{"key":"e_1_3_2_1_13_1","volume-title":"Database Security: Research and Practice. Information systems","author":"Bertino Elisa","year":"1995","unstructured":"Elisa Bertino, Sushil Jajodia, and Pierangela Samarati. 1995. Database Security: Research and Practice. Information systems, Vol. 20, 7 (1995), 537-556."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2005.9"},{"key":"e_1_3_2_1_15_1","unstructured":"betheroot. 2024. PostgreSQL Honeypot Github Repo. https:\/\/github.com\/betheroot\/sticky_elephant"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2014.03.001"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","first-page":"1496","DOI":"10.1109\/SURV.2013.102913.00020","article-title":"Cyber Scanning: A Comprehensive Survey","volume":"16","author":"Bou-Harb Elias","year":"2013","unstructured":"Elias Bou-Harb, Mourad Debbabi, and Chadi Assi. 2013. Cyber Scanning: A Comprehensive Survey. IEEE Communications Surveys & Tutorials, Vol. 16, 3 (2013), 1496-1519.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"e_1_3_2_1_18_1","unstructured":"Censys. 2024. Censys. https:\/\/censys.com\/"},{"key":"e_1_3_2_1_19_1","unstructured":"Cockroach Labs. 2024. Cockroach DB website. https:\/\/www.cockroachlabs.com\/."},{"key":"e_1_3_2_1_20_1","unstructured":"CoudhDB. 2024. CouchDB website. https:\/\/couchdb.apache.org\/"},{"key":"e_1_3_2_1_21_1","unstructured":"Cowrie. 2024. Cowrie Honeypot Github Repo. https:\/\/github.com\/cowrie\/cowrie"},{"key":"e_1_3_2_1_22_1","unstructured":"TEAM CYMRU. 2024. team-cymru.com. https:\/\/www.team-cymru.com\/"},{"key":"e_1_3_2_1_23_1","unstructured":"cypwnpwnsocute. 2024. Redis Honeypot Github repo. https:\/\/github.com\/cypwnpwnsocute\/RedisHoneyPot"},{"key":"e_1_3_2_1_24_1","unstructured":"Jaromir Horejsi David Fiser. 2024. Exposed Redis Instances Abused for Remote Code Execution Cryptocurrency Mining. https:\/\/www.trendmicro.com\/en_us\/research\/20\/d\/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining.html"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/505733.505737","article-title":"A Review of Port Scanning Techniques","volume":"29","author":"Vivo Marco De","year":"1999","unstructured":"Marco De Vivo, Eddy Carrasco, Germinal Isern, and Gabriela O De Vivo. 1999. A Review of Port Scanning Techniques. ACM SIGCOMM Computer Communication Review, Vol. 29, 2 (1999), 41-48.","journal-title":"ACM SIGCOMM Computer Communication Review"},{"key":"e_1_3_2_1_26_1","volume-title":"Data security. ACM computing surveys (CSUR)","author":"Denning Dorothy E","year":"1979","unstructured":"Dorothy E Denning and Peter J Denning. 1979. Data security. ACM computing surveys (CSUR), Vol. 11, 3 (1979), 227-249."},{"key":"e_1_3_2_1_27_1","unstructured":"Docker. 2024. Docker website. https:\/\/www.docker.com\/"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","first-page":"275","DOI":"10.23919\/CyCon49761.2020.9131734","volume-title":"2020 12th International Conference on Cyber Conflict (CyCon)","volume":"1300","author":"Dodson Michael","year":"2020","unstructured":"Michael Dodson, Alastair R Beresford, and Mikael Vingaard. 2020. Using Global Honeypot Networks to Detect Targeted ICS Attacks. In 2020 12th International Conference on Cyber Conflict (CyCon), Vol. 1300. IEEE, 275-291."},{"key":"e_1_3_2_1_29_1","unstructured":"Chris Doman. 2024. The Continued Evolution of Abcbot. https:\/\/www.cadosecurity.com\/blog\/the-continued-evolution-of-abcbot"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3689012"},{"key":"e_1_3_2_1_32_1","first-page":"65","volume-title":"An Internet-Wide View of Internet-Wide Scanning. In 23rd USENIX Security Symposium (USENIX Security 14)","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2014. An Internet-Wide View of Internet-Wide Scanning. In 23rd USENIX Security Symposium (USENIX Security 14). 65-78."},{"key":"e_1_3_2_1_33_1","unstructured":"Forbes. 2021. Details On 700 Million LinkedIn Users For Sale On Notorious Hacking Forum. https:\/\/www.forbes.com\/sites\/leemathews\/2021\/06\/29\/details-on-700-million-linkedin-users-for-sale-on-notorious-hacking-forum\/."},{"key":"e_1_3_2_1_34_1","unstructured":"William Gamazo and Nathaniel Quist. 2024. P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm. https:\/\/unit42.paloaltonetworks.com\/peer-to-peer-worm-p2pinfect\/?utm_source=thenewstack&utm_medium=website&utm_content=inline-mention&utm_campaign=platform"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 2024 ACM on Internet Measurement Conference. 241-258","author":"Gao Max","unstructured":"Max Gao, Ricky Mok, Esteban Carisimo, Eric Li, Shubham Kulkarni, and kc claffy. 2024. DarkSim: A Similarity-Based Time Series Analytic Framework for Darknet Traffic. In Proceedings of the 2024 ACM on Internet Measurement Conference. 241-258."},{"key":"e_1_3_2_1_36_1","unstructured":"Greynoise. 2024. Greynoise.io. https:\/\/www.greynoise.io\/"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 743-756","author":"Griffioen Harm","year":"2020","unstructured":"Harm Griffioen and Christian Doerr. 2020. Examining Mirai's Battle over the Internet of Things. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 743-756."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688409"},{"key":"e_1_3_2_1_39_1","first-page":"431","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Hiesgen Raphael","year":"2022","unstructured":"Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C Schmidt, and Matthias W\u00e4hlisch. 2022. Spoki: Unveiling a New Wave of Scanners Through a Reactive Network Telescope. In 31st USENIX Security Symposium (USENIX Security 22). 431-448."},{"key":"e_1_3_2_1_40_1","unstructured":"Dotan Horovits. 2024. 5 Best Practices For Keeping Your Elasticsearch Secure. https:\/\/logz.io\/blog\/elasticsearch-security-best-practices\/"},{"key":"e_1_3_2_1_41_1","volume-title":"MySQL-Pot: A LLM-Based Honeypot for MySQL Threat Protection. In 2024 9th International Conference on Big Data Analytics (ICBDA). IEEE, 227-232","author":"Hu Yuqi","year":"2024","unstructured":"Yuqi Hu, Siyu Cheng, Yuanyi Ma, Shuangwu Chen, Fengrui Xiao, and Quan Zheng. 2024. MySQL-Pot: A LLM-Based Honeypot for MySQL Threat Protection. In 2024 9th International Conference on Big Data Analytics (ICBDA). IEEE, 227-232."},{"key":"e_1_3_2_1_42_1","unstructured":"The Vulnerabilities Hub. 2024. Redis Lua Sandbox Escape and Remote Code Execution (CVE-2022-0543). https:\/\/github.com\/vulhub\/vulhub\/blob\/master\/redis\/CVE-2022-0543\/README.md"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624818"},{"key":"e_1_3_2_1_44_1","unstructured":"Brian Krebs. 2015. Online Cheating Site AshleyMadison Hacked. https:\/\/krebsonsecurity.com\/2015\/07\/online-cheating-site-ashleymadison-hacked\/."},{"key":"e_1_3_2_1_45_1","unstructured":"Brian Krebs. 2024. National Public Data Published Its Own Passwords. https:\/\/krebsonsecurity.com\/2024\/08\/national-public-data-published-its-own-passwords\/."},{"key":"e_1_3_2_1_46_1","volume-title":"Multi Platform Honeypot for Generation of Cyber Threat Intelligence. In 2019 IEEE 9th International Conference on Advanced Computing (IACC). IEEE, 25-29","author":"Kumar Sanjeev","year":"2019","unstructured":"Sanjeev Kumar, Barnabas Janet, and Rajagopal Eswari. 2019. Multi Platform Honeypot for Generation of Cyber Threat Intelligence. In 2019 IEEE 9th International Conference on Advanced Computing (IACC). IEEE, 25-29."},{"key":"e_1_3_2_1_47_1","unstructured":"Elastic Security Labs. 2024. Betting on Bots: Investigating Linux malware crypto mining and gambling API abuse. https:\/\/www.elastic.co\/security-labs\/betting-on-bots"},{"key":"e_1_3_2_1_48_1","unstructured":"Tony Lambert. 2024. Connecting Kinsing Malware to Citrix and SaltStack Campaigns. https:\/\/www.trendmicro.com\/en_us\/research\/20\/d\/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining.html"},{"key":"e_1_3_2_1_49_1","first-page":"274","volume-title":"High-Interaction Honeypot System for SQL Injection Analysis. In 2011 International Conference of Information Technology, Computer Engineering and Management Sciences","volume":"3","author":"Ma Jiao","year":"2011","unstructured":"Jiao Ma, Kun Chai, Yao Xiao, Tian Lan, and Wei Huang. 2011. High-Interaction Honeypot System for SQL Injection Analysis. In 2011 International Conference of Information Technology, Computer Engineering and Management Sciences, Vol. 3. IEEE, 274-277."},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings of the 2011 international conference on communication, computing & security. 600-605","author":"Mairh Abhishek","year":"2011","unstructured":"Abhishek Mairh, Debabrat Barik, Kanchan Verma, and Debasish Jena. 2011. Honeypot in Network Security: A Survey. In Proceedings of the 2011 international conference on communication, computing & security. 600-605."},{"key":"e_1_3_2_1_51_1","first-page":"175","article-title":"Database Security: Attacks and Control Methods","volume":"6","author":"Malik Mubina","year":"2016","unstructured":"Mubina Malik and Trisha Patel. 2016. Database Security: Attacks and Control Methods. International Journal of Information, Vol. 6, 1\/2 (2016), 175-183.","journal-title":"International Journal of Information"},{"key":"e_1_3_2_1_52_1","unstructured":"MariaDB. 2024. MardiaDB website. https:\/\/mariadb.org\/"},{"key":"e_1_3_2_1_53_1","first-page":"463","article-title":"Scanning for Vulnerable Devices in the Internet of Things. In 2015 IEEE 8th International conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), Vol. 1","author":"Markowsky Linda","year":"2015","unstructured":"Linda Markowsky and George Markowsky. 2015. Scanning for Vulnerable Devices in the Internet of Things. In 2015 IEEE 8th International conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), Vol. 1. IEEE, 463-467.","journal-title":"IEEE"},{"key":"e_1_3_2_1_54_1","unstructured":"MaxMind. 2024. GeoLite2 Free Geolocation Data. https:\/\/dev.maxmind.com\/geoip\/geolite2-free-geolocation-data"},{"key":"e_1_3_2_1_55_1","volume-title":"IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Mladenov Martin","year":"2025","unstructured":"Martin Mladenov, Laszlo Erdodi, and Georgios Smaragdakis. 2025. All that Glitters is not Gold: Uncovering Exposed Industrial Control Systems and Honeypots in the Wild. In IEEE European Symposium on Security and Privacy (EuroS&P) 2025. Venice, Italy."},{"key":"e_1_3_2_1_56_1","unstructured":"Mockaroo. 2024. Random Data Generator and API Mocking Tool. https:\/\/www.mockaroo.com\/"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of the 45th annual southeast regional conference. 321-326","author":"Mokube Iyatiti","year":"2007","unstructured":"Iyatiti Mokube and Michele Adams. 2007. Honeypots: Concepts, Approaches, and Challenges. In Proceedings of the 45th annual southeast regional conference. 321-326."},{"key":"e_1_3_2_1_58_1","volume-title":"Database Security Threats and Challenges. In 2020 8th International Symposium on Digital Forensics and Security (ISDFS). IEEE, 1-5.","author":"Mousa Abdulazeez","year":"2020","unstructured":"Abdulazeez Mousa, Murat Karabatak, and Twana Mustafa. 2020. Database Security Threats and Challenges. In 2020 8th International Symposium on Digital Forensics and Security (ISDFS). IEEE, 1-5."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624826"},{"key":"e_1_3_2_1_60_1","volume-title":"Documentation","author":"SQL.","year":"2024","unstructured":"MySQL. 2024. Documentation: Chapter 8 Security. https:\/\/dev.mysql.com\/doc\/refman\/8.4\/en\/security.html"},{"key":"e_1_3_2_1_61_1","unstructured":"n0b0dy. 2024. Redis Rogue Server. https:\/\/github.com\/n0b0dyCN\/redis-rogue-server\/blob\/master\/redis-rogue-server.py"},{"key":"e_1_3_2_1_62_1","unstructured":"Ori Nakar Nadav Avital. 2024. New research shows 75 percent of 'open' Redis servers infected. https:\/\/www.imperva.com\/blog\/archive\/new-research-shows-75-of-open-redis-servers-infected\/"},{"key":"e_1_3_2_1_63_1","unstructured":"NIST. 2024a. CVE-2021-22005 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22005"},{"key":"e_1_3_2_1_64_1","unstructured":"NIST. 2024b. CVE-2022-0543 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-0543"},{"key":"e_1_3_2_1_65_1","unstructured":"NIST. 2024c. CVE-2023-41892 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-41892"},{"key":"e_1_3_2_1_66_1","unstructured":"Lasne Olivier. 2024. Craft CMS CVE-2023-41892. https:\/\/github.com\/0xfalafel\/CraftCMS_CVE-2023-41892\/blob\/main\/craft-cms.py"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.24.522"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624810"},{"key":"e_1_3_2_1_69_1","first-page":"5989","volume-title":"DScope: A Cloud-Native Internet Telescope. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Pauley Eric","year":"2023","unstructured":"Eric Pauley, Paul Barford, and Patrick McDaniel. 2023b. DScope: A Cloud-Native Internet Telescope. In 32nd USENIX Security Symposium (USENIX Security 23). 5989-6006."},{"key":"e_1_3_2_1_70_1","unstructured":"PwnDefend. 2024. Exposed VMWARE vCenter Servers around the world (CVE-2021-22005)-PwnDefend. https:\/\/www.pwndefend.com\/2021\/09\/23\/exposed-vmware-vcenter-servers-around-the-world-cve-2021-22005\/"},{"key":"e_1_3_2_1_71_1","unstructured":"Qeeqbox. 2024. Honeypots. https:\/\/github.com\/qeeqbox\/honeypots"},{"key":"e_1_3_2_1_72_1","unstructured":"Tenable Research. 2024. Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers. https:\/\/www.tenable.com\/blog\/kinsing-malware-hides-itself-as-a-manual-page-and-targets-cloud-servers"},{"key":"e_1_3_2_1_73_1","volume-title":"Proceedings of the Internet Measurement Conference. 144-157","author":"Richter Philipp","year":"2019","unstructured":"Philipp Richter and Arthur Berger. 2019. Scanning the Scanners: Sensing the Internet from a Massively Distributed Network Telescope. In Proceedings of the Internet Measurement Conference. 144-157."},{"key":"e_1_3_2_1_74_1","unstructured":"Lior Rochberger. 2024. Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities. https:\/\/www.cybereason.com\/blog\/research\/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities"},{"key":"e_1_3_2_1_75_1","volume-title":"Kinsing: The Malware with Two Faces. https:\/\/www.cyberark.com\/resources\/threat-research-blog\/kinsing-the-malware-with-two-faces","author":"Shaari Aluma Lavi","year":"2024","unstructured":"Aluma Lavi Shaari. 2024. Kinsing: The Malware with Two Faces. https:\/\/www.cyberark.com\/resources\/threat-research-blog\/kinsing-the-malware-with-two-faces"},{"key":"e_1_3_2_1_76_1","unstructured":"Shodan. 2024. Shodan. https:\/\/www.shodan.io\/"},{"key":"e_1_3_2_1_77_1","volume-title":"Threat Alert: Kinsing Malware Attacks Targeting Container Environments. https:\/\/www.aquasec.com\/blog\/threat-alert-kinsing-malware-container-vulnerability\/","author":"Singer Gal","year":"2024","unstructured":"Gal Singer. 2024. Threat Alert: Kinsing Malware Attacks Targeting Container Environments. https:\/\/www.aquasec.com\/blog\/threat-alert-kinsing-malware-container-vulnerability\/"},{"key":"e_1_3_2_1_78_1","first-page":"1731","volume-title":"Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24)","author":"Singh Sachin Kumar","year":"2024","unstructured":"Sachin Kumar Singh, Shreeman Gautam, Cameron Cartier, Sameer Patil, and Robert Ricci. 2024. Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24). 1731-1750."},{"key":"e_1_3_2_1_79_1","unstructured":"Identitiy theft resource center. 2024. 2023 data breach report. https:\/\/www.idtheftcenter.org\/wp-content\/uploads\/2024\/01\/ITRC_2023-Annual-Data-Breach-Report.pdf\/"},{"key":"e_1_3_2_1_80_1","unstructured":"Alex Turing and Hui Wang. 2024. Abcbot an Evolving Botnet. https:\/\/blog.netlab.360.com\/abcbot_an_evolving_botnet_en\/"},{"key":"e_1_3_2_1_81_1","volume-title":"Proc. of Network and Distributed System Security (NDSS) Symposium.","author":"van Liebergen Kevin","year":"2025","unstructured":"Kevin van Liebergen, Gibran Gomez, Srdjan Matic, and Juan Caballero. 2025. All your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks. In Proc. of Network and Distributed System Security (NDSS) Symposium."},{"key":"e_1_3_2_1_82_1","volume-title":"Multi-Stage Attack Detection and Signature Generation with ICS Honeypots. In NOMS 2016-2016 IEEE\/IFIP Network Operations and Management Symposium. IEEE, 1227-1232","author":"Vasilomanolakis Emmanouil","year":"2016","unstructured":"Emmanouil Vasilomanolakis, Shreyas Srinivasa, Carlos Garcia Cordero, and Max M\u00fchlh\u00e4user. 2016. Multi-Stage Attack Detection and Signature Generation with ICS Honeypots. In NOMS 2016-2016 IEEE\/IFIP Network Operations and Management Symposium. IEEE, 1227-1232."},{"key":"e_1_3_2_1_83_1","unstructured":"Virustotal. 2024a. Virustotal OSINT for P2Pinfect. https:\/\/www.virustotal.com\/gui\/file\/3a43116d507d58f3c9717f2cb0a3d06d0c5a7dc29f601e9c2b976ee6d9c8713f"},{"key":"e_1_3_2_1_84_1","unstructured":"Virustotal. 2024b. Virustotal scan of sss6 part 2. https:\/\/www.virustotal.com\/gui\/file\/792d2bf218370cd21f47ce0d7cf99a9f7963ff38d5077ece7ac9fb8d442e3554"},{"key":"e_1_3_2_1_85_1","unstructured":"Virustotal. 2024c. Virustotal scan of sv6 part 2. https:\/\/www.virustotal.com\/gui\/file\/72687dbb1d806910d7c5ed9be06b3916c37d469067deecefe03347dcbc5d36f7"},{"key":"e_1_3_2_1_86_1","unstructured":"Virustotal. 2024d. Virustotal scan of the malicious PostgreSQL pg.sh script. https:\/\/www.virustotal.com\/gui\/file\/787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c"},{"key":"e_1_3_2_1_87_1","volume-title":"2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI). IEEE, 1019-1024","author":"Vishwakarma Ruchi","year":"2019","unstructured":"Ruchi Vishwakarma and Ankit Kumar Jain. 2019. A Honeypot with Machine Learning-Based Detection Framework for Defending IoT-Based botnet DDoS Attacks. In 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI). IEEE, 1019-1024."},{"key":"e_1_3_2_1_88_1","unstructured":"Vry4n_. 2024. [Exploitation](CVE-2023-41892) Craft CMS code execution (Unauthenticated). https:\/\/vk9-sec.com\/exploitationcve-2023-41892-craft-cms-code-execution-unauthenticated\/"},{"key":"e_1_3_2_1_89_1","unstructured":"Christian Wahl. 2024. Elasticsearch Honeypot Gitlab Repo. https:\/\/gitlab.com\/christian.wahl\/elasticpot"},{"key":"e_1_3_2_1_90_1","volume-title":"Proceedings of the ACM Internet Measurement Conference. 662-679","author":"Wan Gerry","year":"2020","unstructured":"Gerry Wan, Liz Izhikevich, David Adrian, Katsunari Yoshioka, Ralph Holz, Christian Rossow, and Zakir Durumeric. 2020. On the Origin of Scanning: The Impact of Location on Internet-Wide Scans. In Proceedings of the ACM Internet Measurement Conference. 662-679."},{"key":"e_1_3_2_1_91_1","volume-title":"ThingPot: An Interactive Internet-of-Things Honeypot. arXiv preprint arXiv:1807.04114","author":"Wang Meng","year":"2018","unstructured":"Meng Wang, Javier Santillan, and Fernando Kuipers. 2018. ThingPot: An Interactive Internet-of-Things Honeypot. arXiv preprint arXiv:1807.04114 (2018)."},{"key":"e_1_3_2_1_92_1","volume-title":"2016 International Conference on Software Security and Assurance (ICSSA). IEEE, 6-10","author":"Wegerer Mathias","year":"2016","unstructured":"Mathias Wegerer and Simon Tjoa. 2016. Defeating the Database Adversary using Deception: A MySQL Database Honeypot. In 2016 International Conference on Software Security and Assurance (ICSSA). IEEE, 6-10."},{"key":"e_1_3_2_1_93_1","volume-title":"Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. IEEE, 109-114","author":"Weiler Nathalie","year":"2002","unstructured":"Nathalie Weiler. 2002. Honeypots for Distributed Denial-of-Service Attacks. In Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. IEEE, 109-114."},{"key":"e_1_3_2_1_94_1","first-page":"203","volume-title":"Proceedings of the Internet Measurement Conference","author":"Weinberg Zachary","year":"2018","unstructured":"Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. 2018. How to Catch When Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation. In Proceedings of the Internet Measurement Conference 2018. 203-217."},{"key":"e_1_3_2_1_95_1","volume-title":"Proc. of Network and Distributed System Security (NDSS) Symposium.","author":"Wu Mengying","year":"2025","unstructured":"Mengying Wu, Geng Hong, Jinsong Chen, Qi Liu, Shujun Tang, Youhao Li, Baojun Liu, Haixin Duan, and Min Yang. 2025. Revealing the Black Box of Device Search Engine: Scanning Assets, Strategies, and Ethical Consideration. In Proc. of Network and Distributed System Security (NDSS) Symposium."},{"key":"e_1_3_2_1_96_1","volume-title":"Proceedings of the 21st ACM Internet Measurement Conference. 703-719","author":"Ziv Maya","year":"2021","unstructured":"Maya Ziv, Liz Izhikevich, Kimberly Ruth, Katherine Izhikevich, and Zakir Durumeric. 2021. ASdb: A System for Classifying Owners of Autonomous Systems. In Proceedings of the 21st ACM Internet Measurement Conference. 703-719."}],"event":{"name":"IMC '25:ACM Internet Measurement Conference","location":"Madison WI USA","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2025 ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3730567.3764481","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T15:29:57Z","timestamp":1763738997000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3730567.3764481"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,28]]},"references-count":96,"alternative-id":["10.1145\/3730567.3764481","10.1145\/3730567"],"URL":"https:\/\/doi.org\/10.1145\/3730567.3764481","relation":{},"subject":[],"published":{"date-parts":[[2025,10,28]]},"assertion":[{"value":"2025-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}