{"id":"https://openalex.org/W7116975680","doi":"https://doi.org/10.1109/itnac66378.2025.11302692","title":"A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud","display_name":"A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud","publication_year":2025,"publication_date":"2025-11-26","ids":{"openalex":"https://openalex.org/W7116975680","doi":"https://doi.org/10.1109/itnac66378.2025.11302692"},"language":null,"primary_location":{"id":"doi:10.1109/itnac66378.2025.11302692","is_oa":false,"landing_page_url":"https://doi.org/10.1109/itnac66378.2025.11302692","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Telecommunication Networks and Applications Conference (ITNAC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Darren Malvern Chin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210120792","display_name":"Whitecliffe College of Arts and Design","ror":"https://ror.org/02d6ntk65","country_code":"NZ","type":"education","lineage":["https://openalex.org/I4210120792"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Darren Malvern Chin","raw_affiliation_strings":["Whitecliffe College,School of Information Technology,Auckland,New Zealand"],"affiliations":[{"raw_affiliation_string":"Whitecliffe College,School of Information Technology,Auckland,New Zealand","institution_ids":["https://openalex.org/I4210120792"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120727145","display_name":"Bilal Isfaq","orcid":null},"institutions":[{"id":"https://openalex.org/I4210120792","display_name":"Whitecliffe College of Arts and Design","ror":"https://ror.org/02d6ntk65","country_code":"NZ","type":"education","lineage":["https://openalex.org/I4210120792"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Bilal Isfaq","raw_affiliation_strings":["Whitecliffe College,School of Information Technology,Auckland,New Zealand"],"affiliations":[{"raw_affiliation_string":"Whitecliffe College,School of Information Technology,Auckland,New Zealand","institution_ids":["https://openalex.org/I4210120792"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069316253","display_name":"Simon Yusuf Enoch","orcid":"https://orcid.org/0000-0002-0970-3621"},"institutions":[{"id":"https://openalex.org/I4210120792","display_name":"Whitecliffe College of Arts and Design","ror":"https://ror.org/02d6ntk65","country_code":"NZ","type":"education","lineage":["https://openalex.org/I4210120792"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Simon Yusuf Enoch","raw_affiliation_strings":["Whitecliffe College,School of Information Technology,Auckland,New Zealand"],"affiliations":[{"raw_affiliation_string":"Whitecliffe College,School of Information Technology,Auckland,New Zealand","institution_ids":["https://openalex.org/I4210120792"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I4210120792"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.63316988,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.6190999746322632,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.6190999746322632,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.08900000154972076,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.06239999830722809,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6956999897956848},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.6862999796867371},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.5296000242233276},{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.4699000120162964},{"id":"https://openalex.org/keywords/automation","display_name":"Automation","score":0.43130001425743103},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4205999970436096},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.41119998693466187},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.3894999921321869}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7250999808311462},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6956999897956848},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.6862999796867371},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6452999711036682},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.5296000242233276},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.4699000120162964},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.43130001425743103},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4205999970436096},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.41119998693466187},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.3894999921321869},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.37059998512268066},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.3393999934196472},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.33899998664855957},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.32829999923706055},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.30399999022483826},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.29420000314712524},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.2913999855518341},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2718000113964081},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.26330000162124634},{"id":"https://openalex.org/C2781133158","wikidata":"https://www.wikidata.org/wiki/Q1088669","display_name":"Survivability","level":2,"score":0.26330000162124634},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.26269999146461487},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.251800000667572}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/itnac66378.2025.11302692","is_oa":false,"landing_page_url":"https://doi.org/10.1109/itnac66378.2025.11302692","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 35th International Telecommunication Networks and Applications Conference (ITNAC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5711135864257812,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2075274830","https://openalex.org/W2536759866","https://openalex.org/W2792137967","https://openalex.org/W3158704653","https://openalex.org/W4313530783","https://openalex.org/W4382396215","https://openalex.org/W4386389417","https://openalex.org/W4406606513","https://openalex.org/W4407106963"],"related_works":[],"abstract_inverted_index":{"In":[0,47],"cloud":[1,37,203],"environments,":[2],"conventional":[3],"firewalls":[4],"rely":[5],"on":[6,136],"predefined":[7],"rules":[8,67],"and":[9,43,84,109,125,131,194],"manual":[10],"configurations,":[11],"limiting":[12],"their":[13],"ability":[14],"to":[15,18,39,59,63,97,157],"respond":[16],"effectively":[17],"evolving":[19],"or":[20],"zero-day":[21],"threats.":[22,46],"As":[23],"organizations":[24],"increasingly":[25],"adopt":[26],"platforms":[27],"such":[28],"as":[29],"Microsoft":[30],"Azure,":[31],"this":[32,48],"static":[33],"defense":[34,54,139,199],"model":[35,200],"exposes":[36],"assets":[38],"zeroday":[40],"exploits,":[41],"botnets,":[42],"advanced":[44],"persistent":[45],"paper,":[49],"we":[50,123],"introduce":[51],"an":[52,153],"automated":[53,144],"framework":[55,72],"that":[56,180],"leverages":[57],"medium-":[58],"high-interaction":[60],"honeypot":[61],"telemetry":[62,183],"dynamically":[64],"update":[65],"firewall":[66],"in":[68],"real":[69],"time.":[70],"The":[71,149],"integrates":[73],"deception":[74,182],"sensors":[75],"(Cowrie),":[76],"Azure-native":[77,185],"automation":[78,186],"tools":[79],"(Monitor,":[80],"Sentinel,":[81],"Logic":[82],"Apps),":[83],"MITRE":[85,106,174],"ATT&CKaligned":[86],"detection":[87],"within":[88],"a":[89,95,127,196],"closed-loop":[90],"feedback":[91],"mechanism.":[92],"We":[93],"developed":[94],"testbed":[96],"automatically":[98,113],"observe":[99],"adversary":[100],"tactics,":[101],"classify":[102],"them":[103],"using":[104],"the":[105,120],"ATT&CK":[107,175],"framework,":[108],"mitigate":[110],"network-level":[111],"threats":[112],"with":[114,184],"minimal":[115],"human":[116],"intervention.":[117],"To":[118],"assess":[119],"framework\u2019s":[121],"effectiveness,":[122],"define":[124],"applied":[126],"set":[128],"of":[129,159],"attack-":[130],"defense-oriented":[132],"security":[133],"metrics.":[134],"Building":[135],"existing":[137],"adaptive":[138],"strategies,":[140],"our":[141],"solution":[142],"extends":[143],"capabilities":[145],"into":[146],"cloud-native":[147],"environments.":[148],"experimental":[150],"results":[151],"show":[152],"average":[154],"Mean":[155],"Time":[156],"Block":[158],"0.86":[160],"seconds-significantly":[161],"faster":[162],"than":[163],"benchmark":[164],"systems-while":[165],"accurately":[166],"classifying":[167],"over":[168],"12,000":[169],"SSH":[170],"attempts":[171],"across":[172],"multiple":[173],"tactics.":[176],"These":[177],"findings":[178],"demonstrate":[179],"integrating":[181],"reduces":[187],"attacker":[188],"dwell":[189],"time,":[190],"enhances":[191],"SOC":[192],"visibility,":[193],"provides":[195],"scalable,":[197],"actionable":[198],"for":[201],"modern":[202],"infrastructures.":[204]},"counts_by_year":[],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2025-12-23T00:00:00"}