{"id":"https://openalex.org/W7116948239","doi":"https://doi.org/10.1109/itnac66378.2025.11302674","title":"Explaining Cyber Attacks Captured on Honeypots Through Attacker Issued Commands","display_name":"Explaining Cyber Attacks Captured on Honeypots Through Attacker Issued Commands","publication_year":2025,"publication_date":"2025-11-26","ids":{"openalex":"https://openalex.org/W7116948239","doi":"https://doi.org/10.1109/itnac66378.2025.11302674"},"language":null,"primary_location":{"id":"doi:10.1109/itnac66378.2025.11302674","is_oa":false,"landing_page_url":"https://doi.org/10.1109/itnac66378.2025.11302674","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Telecommunication Networks and Applications Conference (ITNAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121049357","display_name":"Daniel McAlpine","orcid":null},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Daniel McAlpine","raw_affiliation_strings":["University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand","institution_ids":["https://openalex.org/I52179390"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027225262","display_name":"Junaid Haseeb","orcid":"https://orcid.org/0000-0003-0847-5353"},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Junaid Haseeb","raw_affiliation_strings":["University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand","institution_ids":["https://openalex.org/I52179390"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5113417948","display_name":"M. Guru Vimal Kumar","orcid":null},"institutions":[{"id":"https://openalex.org/I52179390","display_name":"University of Waikato","ror":"https://ror.org/013fsnh78","country_code":"NZ","type":"education","lineage":["https://openalex.org/I52179390"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Vimal Kumar","raw_affiliation_strings":["University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Waikato,Computing and Mathematical Sciences,Hamilton,New Zealand","institution_ids":["https://openalex.org/I52179390"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5121049357"],"corresponding_institution_ids":["https://openalex.org/I52179390"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.66161766,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.11599999666213989,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.11599999666213989,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.09790000319480896,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.09449999779462814,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.5461999773979187},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.4851999878883362},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.42250001430511475},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.4189000129699707},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3686999976634979},{"id":"https://openalex.org/keywords/attack-patterns","display_name":"Attack patterns","score":0.3203999996185303},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3133000135421753}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7569000124931335},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6480000019073486},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.5461999773979187},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.4851999878883362},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.42250001430511475},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.4189000129699707},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3686999976634979},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.3203999996185303},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3133000135421753},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3027999997138977},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.3018999993801117},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C103278499","wikidata":"https://www.wikidata.org/wiki/Q254465","display_name":"Similarity (geometry)","level":3,"score":0.2806999981403351},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.27090001106262207},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.2653999924659729}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/itnac66378.2025.11302674","is_oa":false,"landing_page_url":"https://doi.org/10.1109/itnac66378.2025.11302674","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Telecommunication Networks and Applications Conference (ITNAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2908954810","https://openalex.org/W3082491627","https://openalex.org/W3107245277","https://openalex.org/W3123076006","https://openalex.org/W3132321084","https://openalex.org/W3149409808","https://openalex.org/W3162111110","https://openalex.org/W4207081242","https://openalex.org/W4251136770","https://openalex.org/W4308086462","https://openalex.org/W4320915457","https://openalex.org/W4362704786","https://openalex.org/W4377042690","https://openalex.org/W4383900630","https://openalex.org/W4387693250","https://openalex.org/W4387713342","https://openalex.org/W4392947753","https://openalex.org/W4392984510","https://openalex.org/W4395674846","https://openalex.org/W4395700374"],"related_works":[],"abstract_inverted_index":{"The":[0],"growing":[1],"scale":[2],"of":[3,73],"cyber":[4],"attacks":[5,51],"demands":[6],"automated":[7,46],"behavioural":[8],"analysis":[9],"to":[10,56,75,97],"enable":[11],"timely":[12],"mitigation.":[13],"Current":[14],"approaches":[15],"often":[16],"rely":[17],"on":[18,35,91],"Cyber":[19],"Threat":[20],"Intelligence":[21],"(CTI)":[22],"reports":[23],"and":[24,27,40,61],"Common":[25],"Vulnerabilities":[26],"Exposures":[28,74],"(CVE)":[29],"descriptions,":[30],"but":[31],"these":[32],"depend":[33],"heavily":[34],"expert":[36],"input,":[37],"introducing":[38],"subjectivity":[39],"limiting":[41],"scalability.":[42],"We":[43],"propose":[44],"an":[45],"method":[47],"that":[48],"analyses":[49],"honeypot-captured":[50],"by":[52],"mapping":[53],"Shell":[54],"commands":[55],"Linux":[57],"man":[58],"page":[59],"descriptions":[60,84],"aligning":[62],"them":[63],"with":[64,101],"the":[65,70],"MITRE":[66],"ATT&CK":[67],"framework":[68],"using":[69],"Semantic":[71],"Mapping":[72],"Techniques":[76],"(SMET)":[77],"tool.":[78],"To":[79],"provide":[80],"richer":[81],"context,":[82],"command":[83],"are":[85],"also":[86],"chained":[87],"into":[88],"reports.":[89],"Evaluation":[90],"a":[92],"public":[93],"dataset":[94],"achieved":[95],"up":[96],"$82":[98],"\\%$":[99],"similarity":[100],"manual":[102],"annotations.":[103]},"counts_by_year":[],"updated_date":"2025-12-24T23:09:58.560324","created_date":"2025-12-23T00:00:00"}