{"id":"https://openalex.org/W4378364088","doi":"https://doi.org/10.1109/isdfs58141.2023.10131856","title":"Who are you? OSINT-based Profiling of Infrastructure Honeypot Visitors","display_name":"Who are you? OSINT-based Profiling of Infrastructure Honeypot Visitors","publication_year":2023,"publication_date":"2023-05-11","ids":{"openalex":"https://openalex.org/W4378364088","doi":"https://doi.org/10.1109/isdfs58141.2023.10131856"},"language":"en","primary_location":{"id":"doi:10.1109/isdfs58141.2023.10131856","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/isdfs58141.2023.10131856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 11th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071744763","display_name":"Takayuki Sasaki","orcid":"https://orcid.org/0000-0001-8534-1346"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Takayuki Sasaki","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028367744","display_name":"Katsunari Yoshioka","orcid":"https://orcid.org/0000-0003-0964-8631"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Katsunari Yoshioka","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108109302","display_name":"Tsutomu Matsumoto","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tsutomu Matsumoto","raw_affiliation_strings":["Yokohama National University"],"affiliations":[{"raw_affiliation_string":"Yokohama National University","institution_ids":["https://openalex.org/I180203408"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071744763"],"corresponding_institution_ids":["https://openalex.org/I180203408"],"apc_list":null,"apc_paid":null,"fwci":0.6027,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.66873438,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.9762601852416992},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7762653827667236},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.7274847030639648},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.665245532989502},{"id":"https://openalex.org/keywords/telnet","display_name":"Telnet","score":0.5736410617828369},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.5669115781784058},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5630931258201599},{"id":"https://openalex.org/keywords/cybercrime","display_name":"Cybercrime","score":0.5192139744758606},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.46853557229042053},{"id":"https://openalex.org/keywords/negotiation","display_name":"Negotiation","score":0.44632384181022644},{"id":"https://openalex.org/keywords/visitor-pattern","display_name":"Visitor pattern","score":0.42837515473365784},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.41246938705444336},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.41027116775512695},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.32293206453323364},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10896965861320496}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.9762601852416992},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7762653827667236},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.7274847030639648},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.665245532989502},{"id":"https://openalex.org/C2776538122","wikidata":"https://www.wikidata.org/wiki/Q160470","display_name":"Telnet","level":4,"score":0.5736410617828369},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5669115781784058},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5630931258201599},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.5192139744758606},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.46853557229042053},{"id":"https://openalex.org/C199776023","wikidata":"https://www.wikidata.org/wiki/Q202875","display_name":"Negotiation","level":2,"score":0.44632384181022644},{"id":"https://openalex.org/C48947383","wikidata":"https://www.wikidata.org/wiki/Q830719","display_name":"Visitor pattern","level":2,"score":0.42837515473365784},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.41246938705444336},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.41027116775512695},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.32293206453323364},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10896965861320496},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C169485995","wikidata":"https://www.wikidata.org/wiki/Q42283","display_name":"File Transfer Protocol","level":3,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isdfs58141.2023.10131856","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/isdfs58141.2023.10131856","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 11th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320325628","display_name":"Ministry of Internal Affairs and Communications","ror":"https://ror.org/00vs1pz50"},{"id":"https://openalex.org/F4320335839","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349"},{"id":"https://openalex.org/F4320337504","display_name":"Research and Development","ror":"https://ror.org/027s68j25"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2028217834","https://openalex.org/W2148725298","https://openalex.org/W2345495655","https://openalex.org/W2519655440","https://openalex.org/W2614012654","https://openalex.org/W2635012095","https://openalex.org/W2883159010","https://openalex.org/W2937619061","https://openalex.org/W3100545544","https://openalex.org/W3142490413","https://openalex.org/W4288057737","https://openalex.org/W4312969228","https://openalex.org/W6843255143"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W1522996108","https://openalex.org/W4285325964","https://openalex.org/W1599449514","https://openalex.org/W2782717270","https://openalex.org/W2387080733","https://openalex.org/W4386823106","https://openalex.org/W4362496491","https://openalex.org/W4378364088"],"abstract_inverted_index":{"Cyber":[0],"attacks":[1],"are":[2,20],"reported":[3],"daily":[4],"and":[5,21,69,112,130,158],"have":[6],"become":[7],"a":[8,144],"major":[9],"social":[10],"issue.":[11],"However,":[12],"it":[13,153],"is":[14,154],"still":[15],"unclear":[16],"who":[17,165],"the":[18,34,52,57,81,117,137,148,162],"attackers":[19,38],"their":[22],"background.":[23],"In":[24],"this":[25],"paper,":[26],"using":[27],"OSINT-based":[28],"profiling,":[29],"we":[30,60,72],"shed":[31],"light":[32],"on":[33,46],"identity":[35],"of":[36,41,51,109,161],"individual":[37,77],"visiting":[39],"honeypots":[40],"connected":[42],"infrastructure.":[43],"Specifically,":[44],"focusing":[45],"unique":[47],"hostnames":[48],"and/or":[49,91],"usernames":[50],"connecting":[53],"client":[54],"machines":[55],"in":[56,147],"Telnet":[58],"negotiations,":[59],"found":[61],"SNS":[62,85],"accounts,":[63,86],"such":[64,123],"as":[65,124],"LinkedIn,":[66],"Twitter,":[67],"Facebook,":[68],"GitHub,":[70],"which":[71],"believe":[73],"belong":[74],"to":[75,80,156],"eight":[76],"attackers.":[78],"According":[79],"information":[82],"from":[83],"these":[84],"seven":[87],"were":[88,95],"with":[89],"IT":[90,99,102],"security":[92],"expertise.":[93],"Four":[94],"employed":[96],"by":[97],"security,":[98],"consulting,":[100],"or":[101],"engineering":[103],"companies.":[104],"Two":[105],"publicized":[106],"open":[107],"repositories":[108],"vulnerability":[110],"exploits":[111],"malware.":[113],"After":[114],"logging":[115],"into":[116],"honeypot,":[118],"three":[119],"showed":[120],"aggressive":[121],"activities":[122],"installing":[125],"external":[126],"tools,":[127],"escalating":[128],"privilege,":[129],"attempting":[131],"lateral":[132],"movement.":[133],"One":[134],"visitor":[135],"accessed":[136],"honeypot":[138,163],"for":[139],"over":[140],"six":[141],"months,":[142],"exhibiting":[143],"special":[145],"interest":[146],"system.":[149],"We":[150],"conclude":[151],"that":[152],"possible":[155],"identify":[157],"profile":[159],"some":[160],"visitors":[164],"publicize":[166],"themselves.":[167]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-12-24T23:09:58.560324","created_date":"2025-10-10T00:00:00"}