{"id":"https://openalex.org/W7123352754","doi":"https://doi.org/10.1109/candarw68385.2025.00053","title":"Penetration Testing Without Port Scanning Using EPSS-Based Vulnerability Lists in Port-Scan Countermeasure Environments","display_name":"Penetration Testing Without Port Scanning Using EPSS-Based Vulnerability Lists in Port-Scan Countermeasure Environments","publication_year":2025,"publication_date":"2025-11-25","ids":{"openalex":"https://openalex.org/W7123352754","doi":"https://doi.org/10.1109/candarw68385.2025.00053"},"language":null,"primary_location":{"id":"doi:10.1109/candarw68385.2025.00053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/candarw68385.2025.00053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 Thirteenth International Symposium on Computing and Networking Workshops (CANDARW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Kosei Okumura","orcid":null},"institutions":[{"id":"https://openalex.org/I116465919","display_name":"Kogakuin University","ror":"https://ror.org/01wc2tq75","country_code":"JP","type":"education","lineage":["https://openalex.org/I116465919"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Kosei Okumura","raw_affiliation_strings":["Kogakuin University,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Kogakuin University,Tokyo,Japan","institution_ids":["https://openalex.org/I116465919"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101610974","display_name":"Ryotaro Kobayashi","orcid":"https://orcid.org/0000-0001-5956-3455"},"institutions":[{"id":"https://openalex.org/I116465919","display_name":"Kogakuin University","ror":"https://ror.org/01wc2tq75","country_code":"JP","type":"education","lineage":["https://openalex.org/I116465919"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Ryotaro Kobayashi","raw_affiliation_strings":["Kogakuin University,Tokyo,Japan"],"affiliations":[{"raw_affiliation_string":"Kogakuin University,Tokyo,Japan","institution_ids":["https://openalex.org/I116465919"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I116465919"],"apc_list":null,"apc_paid":null,"fwci":2.9453,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94340903,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"274","last_page":"279"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5925999879837036,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5925999879837036,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.20229999721050262,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.05570000037550926,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9205999970436096},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.6880000233650208},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.599399983882904},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.490200012922287},{"id":"https://openalex.org/keywords/countermeasure","display_name":"Countermeasure","score":0.47780001163482666},{"id":"https://openalex.org/keywords/penetration","display_name":"Penetration (warfare)","score":0.36039999127388},{"id":"https://openalex.org/keywords/system-under-test","display_name":"System under test","score":0.35370001196861267},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.34119999408721924}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9205999970436096},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.6880000233650208},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.599399983882904},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5763999819755554},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.490200012922287},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.47780001163482666},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.45339998602867126},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.38909998536109924},{"id":"https://openalex.org/C80107235","wikidata":"https://www.wikidata.org/wiki/Q7162625","display_name":"Penetration (warfare)","level":2,"score":0.36039999127388},{"id":"https://openalex.org/C108913964","wikidata":"https://www.wikidata.org/wiki/Q2376856","display_name":"System under test","level":4,"score":0.35370001196861267},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.34119999408721924},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3407999873161316},{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.33980000019073486},{"id":"https://openalex.org/C98214672","wikidata":"https://www.wikidata.org/wiki/Q1501923","display_name":"Penetration test","level":3,"score":0.321399986743927},{"id":"https://openalex.org/C7166840","wikidata":"https://www.wikidata.org/wiki/Q1199682","display_name":"System testing","level":2,"score":0.30550000071525574},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3050999939441681},{"id":"https://openalex.org/C2780070844","wikidata":"https://www.wikidata.org/wiki/Q857815","display_name":"Plug and play","level":2,"score":0.2727999985218048},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.2703999876976013},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.2676999866962433},{"id":"https://openalex.org/C188598960","wikidata":"https://www.wikidata.org/wiki/Q7705805","display_name":"Test strategy","level":3,"score":0.2653999924659729},{"id":"https://openalex.org/C182122060","wikidata":"https://www.wikidata.org/wiki/Q6752328","display_name":"Manual testing","level":5,"score":0.2637999951839447},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2623000144958496},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.25609999895095825}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/candarw68385.2025.00053","is_oa":false,"landing_page_url":"https://doi.org/10.1109/candarw68385.2025.00053","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 Thirteenth International Symposium on Computing and Networking Workshops (CANDARW)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4158778786659241,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0,80],"many":[1],"cyberattacks,":[2],"adversaries":[3],"employ":[4],"port":[5,34,94,107,202],"scanning":[6,95,108,203],"as":[7],"pre-attack":[8],"reconnaissance":[9],"to":[10,18,55,61,77,85,160,169,181,208,220],"identify":[11],"running":[12,165],"services":[13],"and":[14,22,30,52,74,89,109,125,136,142,154,184],"potential":[15],"vulnerabilities.":[16,79],"Consequently,":[17],"ensure":[19],"rapid":[20],"response":[21],"situational":[23],"awareness,":[24],"some":[25],"organizations":[26],"operate":[27],"under":[28],"policies":[29],"mechanisms":[31],"that":[32,92,103,132,139,198,200,213],"restrict":[33],"scanning.":[35],"When":[36],"penetration":[37,157],"tests":[38,158,176,199],"are":[39],"conducted":[40],"in":[41,83,190],"such":[42],"environments,":[43],"however,":[44],"test":[45],"procedures":[46],"can":[47,70],"interfere":[48],"with":[49,96,192],"system":[50],"defenses":[51],"become":[53],"difficult":[54],"execute,":[56],"or":[57,67],"testers":[58],"may":[59,217],"need":[60],"temporarily":[62],"disable":[63],"port-scan":[64,193,214],"countermeasures-Such":[65],"interferences":[66],"temporary":[68],"disabling":[69],"reduce":[71,222],"testing":[72,88,91],"frequency":[73],"diminish":[75],"opportunities":[76],"discover":[78],"this":[81],"study,":[82],"addition":[84],"conventional":[86],"manual":[87,153],"automated":[90,156],"performs":[93],"Nmap,":[97,166],"we":[98],"evaluate":[99],"penetration-testing":[100],"approach":[101],"(tool)":[102],"does":[104],"not":[105,178],"perform":[106],"instead":[110],"selects":[111],"targets":[112],"based":[113],"on":[114],"the":[115,150,152,174,223],"Exploit":[116],"Prediction":[117],"Scoring":[118],"System":[119],"(EPSS).":[120],"Our":[121],"testbed":[122],"uses":[123],"metasploitable3_ubuntu":[124],"includes":[126],"two":[127],"hardened":[128],"configurations:":[129],"a":[130,137,147,187],"setting":[131,138],"misleads":[133],"scan":[134],"results,":[135],"detects":[140],"scans":[141],"blocks":[143],"subsequent":[144],"traffic.":[145],"As":[146],"result":[148],"of":[149,225],"evaluation,":[151],"Nmap-based":[155],"led":[159],"IP":[161],"blocking":[162],"immediately":[163],"after":[164],"preventing":[167],"progression":[168],"exploit":[170,182],"execution.":[171],"By":[172],"contrast,":[173],"EPSS-based":[175],"were":[177],"blocked,":[179],"proceeded":[180],"execution,":[183,209],"successfully":[185],"established":[186],"session":[188],"even":[189],"environments":[191],"countermeasures.":[194],"These":[195],"findings":[196],"suggest":[197],"forgo":[201],"encounter":[204],"relatively":[205],"fewer":[206],"impediments":[207],"while":[210],"also":[211],"indicating":[212],"countermeasures":[215],"alone":[216],"be":[218],"insufficient":[219],"meaningfully":[221],"impact":[224],"cyberattacks.":[226]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-21T08:09:41.155169","created_date":"2026-01-14T00:00:00"}