{"id":"https://openalex.org/W7106234496","doi":"https://doi.org/10.1145/3730567.3764481","title":"Decoy Databases: Analyzing Attacks on Public Facing Databases","display_name":"Decoy Databases: Analyzing Attacks on Public Facing Databases","publication_year":2025,"publication_date":"2025-10-28","ids":{"openalex":"https://openalex.org/W7106234496","doi":"https://doi.org/10.1145/3730567.3764481"},"language":null,"primary_location":{"id":"doi:10.1145/3730567.3764481","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764481","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3730567.3764481","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yuqian Song","orcid":"https://orcid.org/0009-0005-9010-8668"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Yuqian Song","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"raw_orcid":"https://orcid.org/0009-0005-9010-8668","affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Georgios Smaragdakis","orcid":"https://orcid.org/0000-0002-4127-3617"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Georgios Smaragdakis","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-4127-3617","affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":null,"display_name":"Harm Griffioen","orcid":"https://orcid.org/0009-0006-7990-7802"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Harm Griffioen","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"raw_orcid":"https://orcid.org/0009-0006-7990-7802","affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"709","last_page":"726"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.29820001125335693,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.29820001125335693,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.2451999932527542,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.11900000274181366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.9067000150680542},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.48170000314712524},{"id":"https://openalex.org/keywords/centralized-database","display_name":"Centralized database","score":0.3564999997615814},{"id":"https://openalex.org/keywords/decoy","display_name":"Decoy","score":0.3467999994754791},{"id":"https://openalex.org/keywords/distributed-database","display_name":"Distributed database","score":0.33719998598098755},{"id":"https://openalex.org/keywords/database-security","display_name":"Database security","score":0.33410000801086426},{"id":"https://openalex.org/keywords/data-management","display_name":"Data management","score":0.31540000438690186}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.9067000150680542},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6661999821662903},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6072999835014343},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.48170000314712524},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.4726000130176544},{"id":"https://openalex.org/C2781462938","wikidata":"https://www.wikidata.org/wiki/Q5062195","display_name":"Centralized database","level":2,"score":0.3564999997615814},{"id":"https://openalex.org/C2779179475","wikidata":"https://www.wikidata.org/wiki/Q3545649","display_name":"Decoy","level":3,"score":0.3467999994754791},{"id":"https://openalex.org/C70061542","wikidata":"https://www.wikidata.org/wiki/Q989016","display_name":"Distributed database","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C2778553114","wikidata":"https://www.wikidata.org/wiki/Q1035293","display_name":"Database security","level":2,"score":0.33410000801086426},{"id":"https://openalex.org/C1668388","wikidata":"https://www.wikidata.org/wiki/Q1149776","display_name":"Data management","level":2,"score":0.31540000438690186},{"id":"https://openalex.org/C2984717058","wikidata":"https://www.wikidata.org/wiki/Q1789476","display_name":"Reference database","level":2,"score":0.290800005197525},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.2872999906539917},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.2831000089645386},{"id":"https://openalex.org/C5655090","wikidata":"https://www.wikidata.org/wiki/Q192588","display_name":"Relational database","level":2,"score":0.2799000144004822},{"id":"https://openalex.org/C198783460","wikidata":"https://www.wikidata.org/wiki/Q629173","display_name":"Management system","level":2,"score":0.2639000117778778},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2619999945163727},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.25200000405311584}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3730567.3764481","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764481","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3730567.3764481","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764481","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1983442091","https://openalex.org/W2001637908","https://openalex.org/W2041453110","https://openalex.org/W2056239009","https://openalex.org/W2151472800","https://openalex.org/W2170924378","https://openalex.org/W2360903897","https://openalex.org/W2540831950","https://openalex.org/W3039975887","https://openalex.org/W3094419698","https://openalex.org/W4387075239","https://openalex.org/W4387880650","https://openalex.org/W4387881105","https://openalex.org/W4403980999","https://openalex.org/W4403981167"],"related_works":[],"abstract_inverted_index":{"Databases":[0],"often":[1],"store":[2],"sensitive":[3],"organizational":[4],"data":[5],"but":[6,73],"may":[7,20],"be":[8,21,32],"exposed":[9,23],"to":[10,24,29,99,122],"the":[11,25,95,101,110,116,125],"Internet":[12],"through":[13],"misconfiguration":[14,30],"or":[15,31],"vulnerabilities.":[16],"However,":[17],"such":[18],"databases":[19],"unintentionally":[22],"Internet,":[26],"e.g.,":[27],"due":[28],"vulnerable.":[33],"To":[34],"study":[35],"real-world":[36],"attacks":[37,93,105,133],"on":[38,94,138],"public-facing":[39],"database":[40,96,117],"management":[41,97],"systems":[42,141],"(DBMS),":[43],"we":[44],"deployed":[45],"278":[46],"honeypots":[47,57],"over":[48,124],"20":[49],"days":[50],"in":[51],"March\u2013April":[52],"2024.":[53],"Our":[54,128],"220":[55],"low-interaction":[56],"emulate":[58],"MySQL,":[59],"MSSQL,":[60],"PostgreSQL,":[61],"and":[62,108,113,142],"Redis,":[63],"revealing":[64],"that":[65,106,131],"scanning":[66],"activity":[67],"is":[68],"relatively":[69],"low":[70],"(?3,000":[71],"IPs),":[72],"brute-force":[74],"attempts":[75],"are":[76,134],"persistent.":[77],"We":[78],"also":[79],"deploy":[80],"58":[81],"medium/high-interaction":[82],"honeypots,":[83],"which":[84],"reveal":[85],"three":[86],"distinct":[87,135],"types":[88],"of":[89],"exploitation:":[90],"(i)":[91],"direct":[92],"system":[98],"manipulate":[100],"database,":[102],"(ii)":[103],"ransom-driven":[104],"copy":[107],"delete":[109],"targeted":[111],"data,":[112],"(iii)":[114],"use":[115],"as":[118],"an":[119],"attack":[120],"vector":[121],"take":[123],"underlying":[126],"system.":[127],"findings":[129],"highlight":[130],"DBMS-targeted":[132],"from":[136],"those":[137],"other":[139],"Internet-facing":[140],"deserve":[143],"focused":[144],"attention.":[145]},"counts_by_year":[],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2025-11-23T00:00:00"}
