{"id":"https://openalex.org/W2951384144","doi":"https://doi.org/10.1145/3307334.3326083","title":"Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud","display_name":"Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud","publication_year":2019,"publication_date":"2019-06-12","ids":{"openalex":"https://openalex.org/W2951384144","doi":"https://doi.org/10.1145/3307334.3326083","mag":"2951384144"},"language":"en","primary_location":{"id":"doi:10.1145/3307334.3326083","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3307334.3326083","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011008509","display_name":"Fan Dang","orcid":"https://orcid.org/0000-0002-9949-6987"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Fan Dang","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100357922","display_name":"Zhenhua Li","orcid":"https://orcid.org/0000-0001-7286-122X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhenhua Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101877971","display_name":"Yunhao Liu","orcid":"https://orcid.org/0000-0002-6262-3313"},"institutions":[{"id":"https://openalex.org/I87216513","display_name":"Michigan State University","ror":"https://ror.org/05hs6h993","country_code":"US","type":"education","lineage":["https://openalex.org/I87216513"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yunhao Liu","raw_affiliation_strings":["Michigan State University &amp; Tsinghua University, East Lansing, MI, USA"],"affiliations":[{"raw_affiliation_string":"Michigan State University &amp; Tsinghua University, East Lansing, MI, USA","institution_ids":["https://openalex.org/I87216513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103040133","display_name":"Ennan Zhai","orcid":"https://orcid.org/0000-0003-4352-7497"},"institutions":[{"id":"https://openalex.org/I4210095624","display_name":"Alibaba Group (United States)","ror":"https://ror.org/00rn0m335","country_code":"US","type":"company","lineage":["https://openalex.org/I4210095624","https://openalex.org/I45928872"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ennan Zhai","raw_affiliation_strings":["Alibaba Group, Seattle, WA, USA"],"affiliations":[{"raw_affiliation_string":"Alibaba Group, Seattle, WA, USA","institution_ids":["https://openalex.org/I4210095624"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063270515","display_name":"Qi Alfred Chen","orcid":"https://orcid.org/0000-0003-0316-9285"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qi Alfred Chen","raw_affiliation_strings":["University of California, Irvine, Irvine, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Irvine, Irvine, CA, USA","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027605695","display_name":"Tianyin Xu","orcid":"https://orcid.org/0000-0003-4443-8170"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tianyin Xu","raw_affiliation_strings":["University of Illinois Urbana-Champaign, Urbana and Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois Urbana-Champaign, Urbana and Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100378166","display_name":"Yan Chen","orcid":"https://orcid.org/0000-0003-4103-1498"},"institutions":[{"id":"https://openalex.org/I111979921","display_name":"Northwestern University","ror":"https://ror.org/000e0be47","country_code":"US","type":"education","lineage":["https://openalex.org/I111979921"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Chen","raw_affiliation_strings":["Northwestern University, Evanston, IL, USA"],"affiliations":[{"raw_affiliation_string":"Northwestern University, Evanston, IL, USA","institution_ids":["https://openalex.org/I111979921"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5063288559","display_name":"Jingyu Yang","orcid":"https://orcid.org/0000-0002-7521-7920"},"institutions":[{"id":"https://openalex.org/I2250653659","display_name":"Tencent (China)","ror":"https://ror.org/00hhjss72","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250653659"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingyu Yang","raw_affiliation_strings":["Tencent Anti-Virus Lab, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tencent Anti-Virus Lab, Beijing, China","institution_ids":["https://openalex.org/I2250653659"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5011008509"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":6.2882,"has_fulltext":false,"cited_by_count":64,"citation_normalized_percentile":{"value":0.97204493,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"482","last_page":"493"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.896295428276062},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8567252159118652},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7574722766876221},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7292963266372681},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7268703579902649},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5579205751419067},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.5367845892906189},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.45432981848716736},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22665271162986755}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.896295428276062},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8567252159118652},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7574722766876221},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7292963266372681},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7268703579902649},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5579205751419067},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.5367845892906189},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.45432981848716736},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22665271162986755}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3307334.3326083","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3307334.3326083","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5099999904632568,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W40177048","https://openalex.org/W78162143","https://openalex.org/W1514368868","https://openalex.org/W1517527854","https://openalex.org/W1561749229","https://openalex.org/W1573594453","https://openalex.org/W1669806660","https://openalex.org/W1873122431","https://openalex.org/W2033811087","https://openalex.org/W2039858940","https://openalex.org/W2057787526","https://openalex.org/W2098881120","https://openalex.org/W2133453279","https://openalex.org/W2149359921","https://openalex.org/W2152969395","https://openalex.org/W2153500642","https://openalex.org/W2309749574","https://openalex.org/W2403386687","https://openalex.org/W2748868501","https://openalex.org/W2762503738","https://openalex.org/W2766295581","https://openalex.org/W2784592234","https://openalex.org/W2788455797","https://openalex.org/W2797678261","https://openalex.org/W2831820991","https://openalex.org/W2902566288","https://openalex.org/W2968580482","https://openalex.org/W4231945399","https://openalex.org/W6743493502"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W2375896275","https://openalex.org/W2612547561","https://openalex.org/W1966145327","https://openalex.org/W2478244259","https://openalex.org/W2902040535","https://openalex.org/W2187854411","https://openalex.org/W4388925690","https://openalex.org/W41015297","https://openalex.org/W2883540030"],"abstract_inverted_index":{"With":[0],"the":[1,64,109,155],"wide":[2,134],"adoption,":[3],"Linux-based":[4,56,105],"IoT":[5,57,69,106,121,128,138,177],"devices":[6,107],"have":[7],"emerged":[8],"as":[9,36],"one":[10],"primary":[11],"target":[12],"of":[13,68,77,114,136],"today's":[14],"cyber":[15],"attacks.":[16,139],"Traditional":[17],"malware-based":[18],"attacks":[19,103],"can":[20,173],"quickly":[21],"spread":[22],"across":[23],"these":[24,146],"devices,":[25,58],"but":[26],"they":[27],"are":[28],"well-understood":[29],"threats":[30,62],"with":[31,148],"effective":[32],"defense":[33,170],"techniques":[34],"such":[35],"malware":[37,51],"fingerprinting":[38],"and":[39,59,66,80,86,123,130,159,179],"community-based":[40],"fingerprint":[41],"sharing.":[42],"Recently,":[43],"fileless":[44,102,152],"attacks---attacks":[45],"that":[46,172],"do":[47],"not":[48],"rely":[49],"on":[50,55,104,145,151],"files---have":[52],"been":[53,73],"increasing":[54],"posing":[60],"significant":[61],"to":[63,89,165],"security":[65],"privacy":[67],"systems.":[70],"Little":[71],"has":[72],"known":[74],"in":[75,100,108],"terms":[76],"their":[78],"characteristics":[79],"attack":[81],"vectors,":[82],"which":[83],"hinders":[84],"research":[85],"development":[87],"efforts":[88],"defend":[90],"against":[91],"them.":[92],"In":[93],"this":[94],"paper,":[95],"we":[96,117],"present":[97,141],"our":[98,142],"endeavor":[99],"understanding":[101],"wild.":[110],"Over":[111],"a":[112,133,149],"span":[113],"twelve":[115],"months,":[116],"deploy":[118],"4":[119],"hardware":[120],"honeypots":[122],"108":[124],"specially":[125],"designed":[126],"software":[127],"honeypots,":[129],"successfully":[131],"attract":[132],"variety":[135],"real-world":[137],"We":[140],"measurement":[143],"study":[144,162],"attacks,":[147,153],"focus":[150],"including":[154],"prevalence,":[156],"exploits,":[157],"environments,":[158],"impacts.":[160],"Our":[161],"further":[163],"leads":[164],"multi-fold":[166],"insights":[167],"towards":[168],"actionable":[169],"strategies":[171],"be":[174],"adopted":[175],"by":[176],"vendors":[178],"end":[180],"users.":[181]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":10},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":9},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":14},{"year":2019,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}