{"id":"https://openalex.org/W3108707471","doi":"https://doi.org/10.1145/3372297.3423356","title":"HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems","display_name":"HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems","publication_year":2020,"publication_date":"2020-10-30","ids":{"openalex":"https://openalex.org/W3108707471","doi":"https://doi.org/10.1145/3372297.3423356","mag":"3108707471"},"language":"en","primary_location":{"id":"doi:10.1145/3372297.3423356","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3423356","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073390580","display_name":"Efr\u00e9n L\u00f3pez-Morales","orcid":"https://orcid.org/0009-0001-4014-4776"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Efr\u00e9n L\u00f3pez-Morales","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031836695","display_name":"Carlos Rubio-Medrano","orcid":"https://orcid.org/0000-0001-8931-6412"},"institutions":[{"id":"https://openalex.org/I96749437","display_name":"Texas A&M University \u2013 Corpus Christi","ror":"https://ror.org/01mrfdz82","country_code":"US","type":"education","lineage":["https://openalex.org/I96749437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Carlos Rubio-Medrano","raw_affiliation_strings":["Texas A&amp;M University - Corpus Christi, Corpus Christi, TX, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University - Corpus Christi, Corpus Christi, TX, USA","institution_ids":["https://openalex.org/I96749437"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050806439","display_name":"Adam Doup\u00e9","orcid":"https://orcid.org/0000-0003-2634-3901"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Doup\u00e9","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026842092","display_name":"Yan Shoshitaishvili","orcid":"https://orcid.org/0000-0001-8832-1789"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yan Shoshitaishvili","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100653709","display_name":"Ruoyu Wang","orcid":"https://orcid.org/0000-0002-5181-785X"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ruoyu Wang","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076987446","display_name":"Tiffany Bao","orcid":"https://orcid.org/0000-0001-6424-0001"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tiffany Bao","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025770693","display_name":"Gail\u2010Joon Ahn","orcid":"https://orcid.org/0000-0002-4271-1666"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gail-Joon Ahn","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5073390580"],"corresponding_institution_ids":["https://openalex.org/I55732556"],"apc_list":null,"apc_paid":null,"fwci":5.2078,"has_fulltext":false,"cited_by_count":82,"citation_normalized_percentile":{"value":0.96091405,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"279","last_page":"291"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":1.0,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":1.0,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.861714243888855},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7460125088691711},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6521832346916199},{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.6435778141021729},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.617542564868927},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6070436239242554},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.5117161273956299},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.49937009811401367},{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.4969172775745392},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.4663953185081482},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.46495115756988525},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.42647719383239746},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.42530661821365356},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3257666230201721},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.32309281826019287},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2577240467071533},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.14522910118103027}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.861714243888855},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7460125088691711},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6521832346916199},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.6435778141021729},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.617542564868927},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6070436239242554},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.5117161273956299},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.49937009811401367},{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.4969172775745392},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.4663953185081482},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.46495115756988525},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.42647719383239746},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.42530661821365356},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3257666230201721},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.32309281826019287},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2577240467071533},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.14522910118103027},{"id":"https://openalex.org/C50522688","wikidata":"https://www.wikidata.org/wiki/Q189833","display_name":"Economic growth","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3372297.3423356","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3372297.3423356","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:item:57069","is_oa":false,"landing_page_url":"http://hdl.handle.net/2286/R.I.57069","pdf_url":null,"source":{"id":"https://openalex.org/S4306400254","display_name":"Arizona State University Library Digital Repository (Arizona State University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I55732556","host_organization_name":"Arizona State University","host_organization_lineage":["https://openalex.org/I55732556"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Masters Thesis"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2137409141","display_name":null,"funder_award_id":"1651661","funder_id":"https://openalex.org/F4320309085","funder_display_name":"Center for Selective C-H Functionalization, National Science Foundation"},{"id":"https://openalex.org/G6432118919","display_name":null,"funder_award_id":"W911NF-17-1-0370","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G6940101668","display_name":null,"funder_award_id":"DE-OE0000780","funder_id":"https://openalex.org/F4320332276","funder_display_name":"Advanced Research Projects Agency - Energy"},{"id":"https://openalex.org/G8037066698","display_name":null,"funder_award_id":"HR001118C0060 and FA875019C0003","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320309085","display_name":"Center for Selective C-H Functionalization, National Science Foundation","ror":"https://ror.org/02h8v7m77"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320332276","display_name":"Advanced Research Projects Agency - Energy","ror":"https://ror.org/03q1rgc19"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W313385724","https://openalex.org/W1517527854","https://openalex.org/W1522160383","https://openalex.org/W1545166287","https://openalex.org/W1573594453","https://openalex.org/W1576185228","https://openalex.org/W1983442091","https://openalex.org/W2028852905","https://openalex.org/W2039427951","https://openalex.org/W2048959175","https://openalex.org/W2122836287","https://openalex.org/W2151584216","https://openalex.org/W2294488712","https://openalex.org/W2540831950","https://openalex.org/W2546196488","https://openalex.org/W2552542906","https://openalex.org/W2566687636","https://openalex.org/W2784307305","https://openalex.org/W2796752342","https://openalex.org/W2962808527","https://openalex.org/W3135396589","https://openalex.org/W4256497308"],"related_works":["https://openalex.org/W2898126008","https://openalex.org/W86804927","https://openalex.org/W1583098994","https://openalex.org/W2386447999","https://openalex.org/W2130216882","https://openalex.org/W2091214382","https://openalex.org/W2376288852","https://openalex.org/W2100671106","https://openalex.org/W2364035342","https://openalex.org/W2061455058"],"abstract_inverted_index":{"Industrial":[0],"Control":[1],"Systems":[2],"(ICS)":[3],"provide":[4],"management":[5],"and":[6,18,41,58,81,110,141,157,168,204,218,247],"control":[7],"capabilities":[8],"for":[9,96,119,254],"mission-critical":[10],"utilities":[11],"such":[12],"as":[13,31,34,186],"the":[14,39,42,64,106,199,227],"nuclear,":[15],"power,":[16],"water,":[17],"transportation":[19],"grids.":[20],"Within":[21],"ICS,":[22],"Programmable":[23],"Logic":[24],"Controllers":[25],"(PLCs)":[26],"play":[27,60],"a":[28,35,154,162,178,207,220],"key":[29],"role":[30],"they":[32,133],"serve":[33],"convenient":[36],"bridge":[37],"between":[38],"cyber":[40],"physical":[43],"worlds,":[44],"e.g.,":[45,100],"controlling":[46],"centrifuge":[47],"machines":[48],"in":[49,235],"nuclear":[50],"power":[51],"plants.":[52],"The":[53],"critical":[54],"roles":[55],"that":[56,69,112,125,175,232,242],"ICS":[57,137,238],"PLCs":[59,120,166],"have":[61,88],"made":[62],"them":[63,249],"target":[65],"of":[66,165,181,210,223],"sophisticated":[67,122],"cyberattacks":[68],"are":[70,126,234],"designed":[71],"to":[72,91,103,128],"disrupt":[73],"their":[74],"operation,":[75],"which":[76],"creates":[77],"both":[78],"social":[79],"unrest":[80],"financial":[82],"losses.":[83],"In":[84],"this":[85],"context,":[86],"honeypots":[87,118],"been":[89],"shown":[90],"be":[92],"highly":[93],"valuable":[94,130],"tools":[95],"collecting":[97,159,251],"real":[98,187],"data,":[99],"malware":[101,138,158],"payload,":[102],"better":[104],"understand":[105],"many":[107],"different":[108],"methods":[109],"strategies":[111],"attackers":[113,233],"use.":[114],"However,":[115],"existing":[116],"state-of-the-art":[117],"lack":[121],"service":[123],"simulations":[124],"required":[127],"obtain":[129],"data.":[131],"Worse,":[132],"cannot":[134],"adapt":[135],"while":[136,250],"keeps":[139],"evolving,":[140],"attack":[142],"patterns":[143],"become":[144],"more":[145],"sophisticated.":[146],"To":[147],"overcome":[148],"these":[149],"shortcomings,":[150],"we":[151],"present":[152],"HoneyPLC,":[153],"high-interaction,":[155],"extensible,":[156],"honeypot":[160],"supporting":[161],"broad":[163],"spectrum":[164],"models":[167],"vendors.":[169],"Results":[170],"from":[171],"our":[172],"experiments":[173],"show":[174],"HoneyPLC":[176,214,243],"exhibits":[177],"high":[179,208],"level":[180,209],"camouflaging:":[182],"it":[183],"is":[184],"identified":[185],"devices":[188],"by":[189],"multiple":[190],"widely":[191],"used":[192],"reconnaissance":[193],"tools,":[194],"including":[195],"Nmap,":[196],"Shodan's":[197],"Honeyscore,":[198],"Siemens":[200],"Step7":[201],"Manager,":[202],"PLCinject,":[203],"PLCScan,":[205],"with":[206],"confidence.":[211],"We":[212],"deployed":[213],"on":[215],"Amazon":[216],"AWS":[217],"recorded":[219],"large":[221],"amount":[222],"interesting":[224],"interactions":[225],"over":[226],"Internet,":[228],"showing":[229],"not":[230],"only":[231],"fact":[236],"targeting":[237],"systems,":[239],"but":[240],"also":[241],"can":[244],"effectively":[245],"engage":[246],"deceive":[248],"data":[252],"samples":[253],"future":[255],"analysis.":[256]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":24},{"year":2024,"cited_by_count":19},{"year":2023,"cited_by_count":19},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":6}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}