{"id":"https://openalex.org/W4387298133","doi":"https://doi.org/10.1145/3607199.3607205","title":"Container Orchestration Honeypot: Observing Attacks in the Wild","display_name":"Container Orchestration Honeypot: Observing Attacks in the Wild","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298133","doi":"https://doi.org/10.1145/3607199.3607205"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607205","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607205","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607205","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607205","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009899842","display_name":"Noah Spahn","orcid":"https://orcid.org/0000-0002-2723-0370"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Noah Spahn","raw_affiliation_strings":["University of California, Santa Barbara, USA"],"raw_orcid":"https://orcid.org/0000-0002-2723-0370","affiliations":[{"raw_affiliation_string":"University of California, Santa Barbara, USA","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090556148","display_name":"Nils Hanke","orcid":"https://orcid.org/0000-0001-8649-6462"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nils Hanke","raw_affiliation_strings":["Ruhr University Bochum, Germany"],"raw_orcid":"https://orcid.org/0009-0001-7995-6210","affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Germany"],"raw_orcid":"https://orcid.org/0000-0002-2783-1264","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022177364","display_name":"Christopher Kruegel","orcid":"https://orcid.org/0000-0001-5140-3414"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christopher Kruegel","raw_affiliation_strings":["University of California, Santa Barbara, United States of America"],"raw_orcid":"https://orcid.org/0000-0001-5140-3414","affiliations":[{"raw_affiliation_string":"University of California, Santa Barbara, United States of America","institution_ids":["https://openalex.org/I154570441"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075685499","display_name":"Giovanni Vigna","orcid":"https://orcid.org/0000-0002-3422-5369"},"institutions":[{"id":"https://openalex.org/I154570441","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463","country_code":"US","type":"education","lineage":["https://openalex.org/I154570441"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Giovanni Vigna","raw_affiliation_strings":["University of California, Santa Barbara, United States of America"],"raw_orcid":"https://orcid.org/0000-0002-3422-5369","affiliations":[{"raw_affiliation_string":"University of California, Santa Barbara, United States of America","institution_ids":["https://openalex.org/I154570441"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.4019,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.89965334,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"381","last_page":"396"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.9028821587562561},{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.8142627477645874},{"id":"https://openalex.org/keywords/orchestration","display_name":"Orchestration","score":0.7682718634605408},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7037773132324219},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.668636679649353},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5947997570037842},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.528497040271759},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4913858473300934},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.476900577545166},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.46314355731010437},{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.42860543727874756},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4163685441017151},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4026685059070587},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.24133849143981934},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16783204674720764}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.9028821587562561},{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.8142627477645874},{"id":"https://openalex.org/C199168358","wikidata":"https://www.wikidata.org/wiki/Q3367000","display_name":"Orchestration","level":3,"score":0.7682718634605408},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7037773132324219},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.668636679649353},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5947997570037842},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.528497040271759},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4913858473300934},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.476900577545166},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.46314355731010437},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.42860543727874756},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4163685441017151},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4026685059070587},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.24133849143981934},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16783204674720764},{"id":"https://openalex.org/C153349607","wikidata":"https://www.wikidata.org/wiki/Q36649","display_name":"Visual arts","level":1,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C142362112","wikidata":"https://www.wikidata.org/wiki/Q735","display_name":"Art","level":0,"score":0.0},{"id":"https://openalex.org/C558565934","wikidata":"https://www.wikidata.org/wiki/Q2743","display_name":"Musical","level":2,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3607199.3607205","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607205","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607205","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:oro.open.ac.uk:102718","is_oa":true,"landing_page_url":"https://oro.open.ac.uk/view/person/ns22457.html>;","pdf_url":"https://oro.open.ac.uk/102718/1/spahn_cohp_23.pdf","source":{"id":"https://openalex.org/S4306401187","display_name":"Open Research Online (The Open University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I204136569","host_organization_name":"The Open University","host_organization_lineage":["https://openalex.org/I204136569"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:figshare.com:article/25681371","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Container_Orchestration_Honeypot_Observing_Attacks_in_the_Wild/25681371","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.60882/cispa.25681371.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.25681371.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.1145/3607199.3607205","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3607199.3607205","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3607199.3607205","source":null,"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5199999809265137,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320332500","display_name":"University of California, Santa Barbara","ror":"https://ror.org/02t274463"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4387298133.pdf","grobid_xml":"https://content.openalex.org/works/W4387298133.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W1573594453","https://openalex.org/W3094094693","https://openalex.org/W3152342827","https://openalex.org/W3184498084","https://openalex.org/W4288057763","https://openalex.org/W4306406211","https://openalex.org/W4315480688","https://openalex.org/W4318275388","https://openalex.org/W4320168800","https://openalex.org/W4320477373","https://openalex.org/W4323054460"],"related_works":["https://openalex.org/W2789663798","https://openalex.org/W3110339796","https://openalex.org/W3135939249","https://openalex.org/W4376624698","https://openalex.org/W2610543177","https://openalex.org/W4288639410","https://openalex.org/W4288639263","https://openalex.org/W4288639245","https://openalex.org/W2897681223","https://openalex.org/W4389479984"],"abstract_inverted_index":{"Containers,":[0],"a":[1,10,81,106,137],"mechanism":[2],"to":[3,40,88,109,114,173,177],"package":[4],"software":[5],"and":[6,43,63,77,92,116,141,163],"its":[7],"dependencies":[8],"into":[9],"single":[11],"artifact,":[12],"have":[13],"helped":[14],"fuel":[15],"the":[16,23,34,41,57,64,86,100,143,174],"rapid":[17],"pace":[18],"of":[19,38,72,152,160,167],"technological":[20],"advancements":[21],"in":[22],"last":[24],"few":[25],"years.":[26],"However,":[27],"it":[28],"is":[29,118,126],"not":[30],"always":[31],"clear":[32],"what":[33,117],"potential":[35],"security":[36],"risk":[37],"moving":[39],"cloud":[42],"container-based":[44,73],"technologies":[45],"is.":[46],"In":[47,80,154],"this":[48],"paper,":[49],"we":[50,84,103,156],"investigate":[51],"exposed":[52,122],"container":[53,91,129],"orchestration":[54,130],"services":[55,94],"on":[56,96,128,133],"Internet:":[58],"how":[59],"many":[60],"there":[61],"are,":[62],"attacks":[65],"against":[66,121],"them.":[67],"We":[68],"considered":[69],"three":[70],"groups":[71],"software:":[74],"Docker,":[75],"Kubernetes,":[76],"workflow":[78],"tools.":[79],"measurement":[82],"study,":[83],"scanned":[85],"Internet":[87],"identify":[89],"vulnerable":[90],"container-orchestration":[93],"running":[95],"default":[97,144],"ports.":[98,145],"Considering":[99],"scan":[101],"data,":[102],"then":[104],"designed":[105],"high-interaction":[107],"honeypot":[108,125,147],"reveal":[110],"where":[111],"attackers":[112,149],"tend":[113],"strike":[115],"being":[119],"done":[120],"instances.":[123],"The":[124],"based":[127],"tools":[131],"installed":[132],"Ubuntu":[134],"servers,":[135],"behind":[136],"carefully":[138],"constructed":[139],"gateway,":[140],"using":[142],"Our":[146],"attracted":[148],"within":[150],"minutes":[151],"launch.":[153],"total,":[155],"collected":[157],"94":[158],"days":[159],"attack":[161],"data":[162],"extracted":[164],"associated":[165],"indicators":[166],"compromise":[168],"(IOCs),":[169],"which":[170],"are":[171],"provided":[172],"research":[175],"community":[176],"enable":[178],"further":[179],"insights.":[180]},"counts_by_year":[{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}