{"id":"https://openalex.org/W2336291507","doi":"https://doi.org/10.1145/2872427.2882992","title":"No Honor Among Thieves","display_name":"No Honor Among Thieves","publication_year":2016,"publication_date":"2016-04-11","ids":{"openalex":"https://openalex.org/W2336291507","doi":"https://doi.org/10.1145/2872427.2882992","mag":"2336291507"},"language":"en","primary_location":{"id":"doi:10.1145/2872427.2882992","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2872427.2882992","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Conference on World Wide Web","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066620366","display_name":"Oleksii Starov","orcid":"https://orcid.org/0000-0002-2796-6345"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Oleksii Starov","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY, USA"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027679966","display_name":"Johannes Dahse","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johannes Dahse","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104135883","display_name":"Syed Ahmad","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Syed Sharique Ahmad","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY, USA"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["Ruhr-University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014031812","display_name":"Nick Nikiforakis","orcid":"https://orcid.org/0000-0002-9366-357X"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nick Nikiforakis","raw_affiliation_strings":["Stony Brook University, Stony Brook, NY, USA"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, NY, USA","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5066620366"],"corresponding_institution_ids":["https://openalex.org/I59553526"],"apc_list":null,"apc_paid":null,"fwci":11.2793,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.98227331,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1021","last_page":"1032"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7608721256256104},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.6899434924125671},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6865646243095398},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6792850494384766},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.6280443668365479},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.5548558235168457},{"id":"https://openalex.org/keywords/shell","display_name":"Shell (structure)","score":0.5108906626701355},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4985318183898926},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.47206810116767883},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.4626985192298889},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.44337400794029236},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.4422767758369446},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4312756359577179},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.32891857624053955},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.3180237412452698},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.24441921710968018},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.19531622529029846},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13715991377830505},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10259884595870972}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7608721256256104},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.6899434924125671},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6865646243095398},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6792850494384766},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.6280443668365479},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.5548558235168457},{"id":"https://openalex.org/C2781052500","wikidata":"https://www.wikidata.org/wiki/Q2230313","display_name":"Shell (structure)","level":2,"score":0.5108906626701355},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4985318183898926},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.47206810116767883},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.4626985192298889},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.44337400794029236},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.4422767758369446},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4312756359577179},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.32891857624053955},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.3180237412452698},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.24441921710968018},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.19531622529029846},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13715991377830505},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10259884595870972},{"id":"https://openalex.org/C147176958","wikidata":"https://www.wikidata.org/wiki/Q77590","display_name":"Civil engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2872427.2882992","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2872427.2882992","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Conference on World Wide Web","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.550000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W585806485","https://openalex.org/W1509260479","https://openalex.org/W1531027799","https://openalex.org/W1606590080","https://openalex.org/W1809422330","https://openalex.org/W2006374488","https://openalex.org/W2086631206","https://openalex.org/W2101678831","https://openalex.org/W2102671922","https://openalex.org/W2168154523","https://openalex.org/W2209064213","https://openalex.org/W2294744997","https://openalex.org/W3215498156"],"related_works":["https://openalex.org/W2071995472","https://openalex.org/W2548409577","https://openalex.org/W2407701912","https://openalex.org/W3180404666","https://openalex.org/W1531015913","https://openalex.org/W1484631816","https://openalex.org/W2167752994","https://openalex.org/W2907218437","https://openalex.org/W2117221897","https://openalex.org/W2181766705"],"abstract_inverted_index":{"Web":[0],"shells":[1,40,53,168,195],"are":[2],"malicious":[3,58,69,115],"scripts":[4],"that":[5,60,73,162,188],"attackers":[6,121,230],"upload":[7],"to":[8,15,62,75,205],"a":[9,180,190],"compromised":[10,153],"web":[11,39,52,93],"server":[12],"in":[13,31,36,79,179],"order":[14],"remotely":[16],"execute":[17],"arbitrary":[18],"commands,":[19],"maintain":[20],"their":[21,25,28],"access,":[22],"and":[23,33,65,99,105,109,117,142,235],"elevate":[24],"privileges.":[26],"Despite":[27],"high":[29],"prevalence":[30],"practice":[32],"heavy":[34],"involvement":[35],"security":[37,148],"breaches,":[38],"have":[41,54],"never":[42],"been":[43,55],"the":[44,88,107,133,145,152,166,183,193,199,210,214,226,243],"direct":[45],"subject":[46],"of":[47,71,92,125,135,147,157,165,182,192,212,216,228,252],"any":[48],"study.":[49],"In":[50,82,155],"contrast,":[51],"treated":[56],"as":[57],"blackboxes":[59],"need":[61,74],"be":[63,76,177],"detected":[64],"removed,":[66],"rather":[67],"than":[68],"pieces":[70],"software":[72,149],"analyzed":[77,167,194],"and,":[78],"detail,":[80],"understood.":[81],"this":[83,174],"paper,":[84],"we":[85,103,118,131,160,186,224],"report":[86],"on":[87,151],"first":[89],"comprehensive":[90],"study":[91],"shells.":[94,255],"By":[95,220],"utilizing":[96],"different":[97],"static":[98],"dynamic":[100],"analysis":[101],"methods,":[102],"discover":[104],"quantify":[106,225],"visible":[108,129],"invisible":[110,158],"features":[111],"offered":[112],"by":[113,240],"popular":[114],"shells,":[116,200],"discuss":[119],"how":[120,237],"can":[122,176,246],"take":[123,248],"advantage":[124],"these":[126],"features.":[127],"For":[128],"features,":[130,159],"find":[132,161,187],"presence":[134,146],"password":[136],"bruteforcers,":[137],"SQL":[138],"database":[139],"clients,":[140],"portscanners,":[141],"checks":[143],"for":[144],"installed":[150],"server.":[154],"terms":[156],"about":[163,189],"half":[164],"contain":[169],"an":[170,238],"authentication":[171],"mechanism,":[172],"but":[173],"mechanism":[175],"bypassed":[178],"third":[181,191,207],"cases.":[184],"Furthermore,":[185],"perform":[196],"homephoning,":[197],"i.e.,":[198],"upon":[201],"execution,":[202],"surreptitiously":[203],"communicate":[204],"various":[206],"parties":[208],"with":[209],"intent":[211],"revealing":[213],"location":[215],"new":[217],"shell":[218,233],"installations.":[219],"setting":[221],"up":[222],"honeypots,":[223],"number":[227],"third-party":[229],"benefiting":[231],"from":[232],"installations":[234,251],"show":[236],"attacker,":[239],"merely":[241],"registering":[242],"appropriate":[244],"domains,":[245],"completely":[247],"over":[249],"all":[250],"specific":[253],"vulnerable":[254]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}