{"id":"https://openalex.org/W2183249120","doi":"https://doi.org/10.1109/cns.2015.7346890","title":"A predictive zero-day network defense using long-term port-scan recording","display_name":"A predictive zero-day network defense using long-term port-scan recording","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2183249120","doi":"https://doi.org/10.1109/cns.2015.7346890","mag":"2183249120"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2015.7346890","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346890","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008768413","display_name":"Chia-Nan Kao","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chia-Nan Kao","raw_affiliation_strings":["Institute of Communication Engineering, National Tsing Hua University, Taiwan, R.O.C","Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Communication Engineering, National Tsing Hua University, Taiwan, R.O.C","institution_ids":["https://openalex.org/I25846049"]},{"raw_affiliation_string":"Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110154079","display_name":"Yung-Cheng Chang","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yung-Cheng Chang","raw_affiliation_strings":["Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C","institution_ids":["https://openalex.org/I25846049"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111917638","display_name":"Nen-Fu Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Nen-Fu Huang","raw_affiliation_strings":["Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C","institution_ids":["https://openalex.org/I25846049"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110281699","display_name":"I Salim S","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"I Salim S","raw_affiliation_strings":["Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109255528","display_name":"I-Ju Liao","orcid":null},"institutions":[{"id":"https://openalex.org/I25846049","display_name":"National Tsing Hua University","ror":"https://ror.org/00zdnkx70","country_code":"TW","type":"education","lineage":["https://openalex.org/I25846049"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"I-Ju Liao","raw_affiliation_strings":["Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, National Tsing Hua University, Taiwan, R.O.C","institution_ids":["https://openalex.org/I25846049"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073090853","display_name":"Rong-Tai Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rong-Tai Liu","raw_affiliation_strings":["Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5032849908","display_name":"Hsien-Wei Hung","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hsien-Wei Hung","raw_affiliation_strings":["Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Network Threat Defense Technology Group, Trend Micro Incorporated, Taiwan, R.O.C","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.7013,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.76045875,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"695","last_page":"696"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.7883424758911133},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.6638649702072144},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6635096669197083},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6387292146682739},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.6353278160095215},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.5933167934417725},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5621933937072754},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5565191507339478},{"id":"https://openalex.org/keywords/zero","display_name":"Zero (linguistics)","score":0.4916263222694397},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.442993700504303},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3444983959197998},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17269045114517212},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09022271633148193},{"id":"https://openalex.org/keywords/electrical-engineering","display_name":"Electrical engineering","score":0.0814967155456543}],"concepts":[{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.7883424758911133},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.6638649702072144},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6635096669197083},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6387292146682739},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.6353278160095215},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.5933167934417725},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5621933937072754},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5565191507339478},{"id":"https://openalex.org/C2780813799","wikidata":"https://www.wikidata.org/wiki/Q3274237","display_name":"Zero (linguistics)","level":2,"score":0.4916263222694397},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.442993700504303},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3444983959197998},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17269045114517212},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09022271633148193},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0814967155456543},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns.2015.7346890","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2015.7346890","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":1,"referenced_works":["https://openalex.org/W1744212210"],"related_works":["https://openalex.org/W2362574935","https://openalex.org/W1926248","https://openalex.org/W3118687971","https://openalex.org/W3159372857","https://openalex.org/W2363507101","https://openalex.org/W1522996108","https://openalex.org/W4320401378","https://openalex.org/W1517527854","https://openalex.org/W776729438","https://openalex.org/W2147767253"],"abstract_inverted_index":{"Zero-day":[0],"attack":[1,9],"is":[2,12,117,132],"a":[3,21,41,82],"critical":[4],"network":[5],"attack.":[6],"The":[7,125],"zero-day":[8,29,72,123],"period":[10,14],"(ZDAP)":[11],"the":[13,16,108,129],"from":[15,102],"release":[17],"of":[18,81,128],"malware/exploit":[19],"until":[20],"patch":[22],"becomes":[23],"available.":[24],"IDS/IPS":[25],"cannot":[26],"effectively":[27],"block":[28,126],"attacks":[30,73],"because":[31],"they":[32],"use":[33,80],"pattern-based":[34],"signatures":[35],"in":[36,99],"general.":[37],"This":[38],"paper":[39],"proposes":[40],"Prophetic":[42],"Defender":[43],"(PD)":[44],"by":[45,97],"which":[46],"ZDAP":[47],"can":[48,68],"be":[49,69],"minimized.":[50],"Prior":[51],"to":[52,58,87,104],"actual":[53],"attack,":[54],"hackers":[55],"scan":[56],"networks":[57],"identify":[59],"hosts":[60],"with":[61],"vulnerable":[62],"ports.":[63],"If":[64],"this":[65],"port":[66,90],"scanning":[67],"detected":[70],"early,":[71],"will":[74],"become":[75],"detectable.":[76],"PD":[77,116],"architecture":[78,131],"makes":[79],"honeypot-based":[83],"pseudo":[84],"server":[85],"deployed":[86],"detect":[88],"malicious":[89],"scans.":[91],"A":[92],"port-scanning":[93,110],"honeypot":[94],"was":[95],"operated":[96],"us":[98],"6":[100],"years":[101],"2009":[103],"2015.":[105],"By":[106],"analyzing":[107],"6-year":[109],"log":[111],"data,":[112],"we":[113],"understand":[114],"that":[115],"effective":[118],"for":[119],"detecting":[120],"and":[121],"blocking":[122],"attacks.":[124],"rate":[127],"proposed":[130],"98.5%.":[133]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2017,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}