{"id":"https://openalex.org/W2462751245","doi":"https://doi.org/10.1109/noms.2016.7502992","title":"Multi-stage attack detection and signature generation with ICS honeypots","display_name":"Multi-stage attack detection and signature generation with ICS honeypots","publication_year":2016,"publication_date":"2016-04-01","ids":{"openalex":"https://openalex.org/W2462751245","doi":"https://doi.org/10.1109/noms.2016.7502992","mag":"2462751245"},"language":"en","primary_location":{"id":"doi:10.1109/noms.2016.7502992","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms.2016.7502992","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083149653","display_name":"Emmanouil Vasilomanolakis","orcid":"https://orcid.org/0000-0001-5068-9158"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technische Universit\u00e4t Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]},{"id":"https://openalex.org/I4210135606","display_name":"National Research Center for Applied Cybersecurity ATHENE","ror":"https://ror.org/0378v2g76","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210135606"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Emmanouil Vasilomanolakis","raw_affiliation_strings":["Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt","institution_ids":["https://openalex.org/I4210135606","https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056423120","display_name":"Shreyas Srinivasa","orcid":"https://orcid.org/0000-0002-5720-5504"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technische Universit\u00e4t Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]},{"id":"https://openalex.org/I4210135606","display_name":"National Research Center for Applied Cybersecurity ATHENE","ror":"https://ror.org/0378v2g76","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210135606"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Shreyas Srinivasa","raw_affiliation_strings":["Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt","institution_ids":["https://openalex.org/I4210135606","https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033953374","display_name":"Carlos Garc\u00eda Cordero","orcid":"https://orcid.org/0000-0002-7244-3519"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technische Universit\u00e4t Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]},{"id":"https://openalex.org/I4210135606","display_name":"National Research Center for Applied Cybersecurity ATHENE","ror":"https://ror.org/0378v2g76","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210135606"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Carlos Garcia Cordero","raw_affiliation_strings":["Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt","institution_ids":["https://openalex.org/I4210135606","https://openalex.org/I31512782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021712397","display_name":"Max M\u00fchlh\u00e4user","orcid":"https://orcid.org/0000-0003-4713-5327"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technische Universit\u00e4t Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]},{"id":"https://openalex.org/I4210135606","display_name":"National Research Center for Applied Cybersecurity ATHENE","ror":"https://ror.org/0378v2g76","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210135606"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Max Muhlhauser","raw_affiliation_strings":["Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Center for Advanced Security Research Darmstadt (CASED), Technische Universit\u00e4t Darmstadt","institution_ids":["https://openalex.org/I4210135606","https://openalex.org/I31512782"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":52,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1227","last_page":"1232"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.9926030039787292},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7577476501464844},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6870401501655579},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6806342601776123},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5033146739006042},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.460178017616272},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.4451453387737274},{"id":"https://openalex.org/keywords/warning-system","display_name":"Warning system","score":0.4349295496940613},{"id":"https://openalex.org/keywords/stage","display_name":"Stage (stratigraphy)","score":0.412129670381546},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.22554504871368408},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.10953408479690552},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.08824864029884338},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.06934621930122375}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.9926030039787292},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7577476501464844},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6870401501655579},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6806342601776123},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5033146739006042},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.460178017616272},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.4451453387737274},{"id":"https://openalex.org/C29825287","wikidata":"https://www.wikidata.org/wiki/Q1427940","display_name":"Warning system","level":2,"score":0.4349295496940613},{"id":"https://openalex.org/C146357865","wikidata":"https://www.wikidata.org/wiki/Q1123245","display_name":"Stage (stratigraphy)","level":2,"score":0.412129670381546},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.22554504871368408},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.10953408479690552},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.08824864029884338},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.06934621930122375},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/noms.2016.7502992","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms.2016.7502992","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"},{"id":"pmh:oai:tubiblio.ulb.tu-darmstadt.de:104133","is_oa":false,"landing_page_url":"http://tubiblio.ulb.tu-darmstadt.de/104133/","pdf_url":null,"source":{"id":"https://openalex.org/S4377196390","display_name":"TUbilio (Technical University of Darmstadt)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I31512782","host_organization_name":"Technische Universit\u00e4t Darmstadt","host_organization_lineage":["https://openalex.org/I31512782"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Konferenzver\u00f6ffentlichung"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6499999761581421}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W88694106","https://openalex.org/W1498757329","https://openalex.org/W1516506771","https://openalex.org/W1669806660","https://openalex.org/W1772700132","https://openalex.org/W1964484213","https://openalex.org/W1983442091","https://openalex.org/W1999489595","https://openalex.org/W2033811087","https://openalex.org/W2039427951","https://openalex.org/W2101173463","https://openalex.org/W2114698832","https://openalex.org/W2158480297","https://openalex.org/W6603729080"],"related_works":["https://openalex.org/W2312996858","https://openalex.org/W2392120181","https://openalex.org/W2307276533","https://openalex.org/W2390124310","https://openalex.org/W2594597562","https://openalex.org/W4389485405","https://openalex.org/W2796752342","https://openalex.org/W313385724","https://openalex.org/W3084463301","https://openalex.org/W1967903162"],"abstract_inverted_index":{"New":[0],"attack":[1],"surfaces":[2],"are":[3,32],"emerging":[4],"with":[5],"the":[6,16,94,105,115,121],"rise":[7],"of":[8,65,93],"Industrial":[9],"Control":[10],"System":[11],"(ICS)":[12],"devices":[13,19],"exposed":[14],"on":[15,47],"Internet.":[17],"ICS":[18,70],"must":[20],"be":[21],"protected":[22],"in":[23],"a":[24,61,74],"holistic":[25],"and":[26,51,104,113],"efficient":[27],"manner;":[28],"especially":[29],"when":[30],"these":[31],"supporting":[33],"critical":[34],"infrastructure.":[35],"Taking":[36],"this":[37,57],"issue":[38],"into":[39],"account,":[40],"cyber-security":[41],"research":[42],"is":[43],"recently":[44],"being":[45],"focused":[46],"providing":[48],"early":[49],"detection":[50,111],"warning":[52],"mechanisms":[53],"for":[54],"ICSs.":[55],"In":[56],"paper":[58],"we":[59],"present":[60],"novel":[62],"honeypot":[63,78,103],"capable":[64],"detecting":[66,73],"multi-stage":[67,75],"attacks":[68,92],"targeting":[69],"networks.":[71],"Upon":[72],"attack,":[76],"our":[77,102],"can":[79,89,118],"generate":[80],"signatures":[81,106,122],"so":[82],"that":[83,101,114],"misuse":[84],"Intrusion":[85],"Detection":[86],"Systems":[87],"(IDSs)":[88],"subsequently":[90],"thwart":[91],"same":[95],"type.":[96],"Our":[97],"experimental":[98],"results":[99],"indicate":[100],"it":[107],"generates":[108],"provide":[109],"good":[110],"accuracy":[112],"Bro":[116],"IDS":[117],"successfully":[119],"use":[120],"to":[123],"prevent":[124],"future":[125],"attacks.":[126]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":1}],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2025-10-10T00:00:00"}
