{"id":"https://openalex.org/W7123500812","doi":"https://doi.org/10.1109/ecrime66972.2025.11327971","title":"ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity","display_name":"ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity","publication_year":2025,"publication_date":"2025-11-04","ids":{"openalex":"https://openalex.org/W7123500812","doi":"https://doi.org/10.1109/ecrime66972.2025.11327971"},"language":null,"primary_location":{"id":"doi:10.1109/ecrime66972.2025.11327971","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327971","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053161190","display_name":"Beliz Kaleli","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Beliz Kaleli","raw_affiliation_strings":["Palo Alto Networks,Santa Clara,CA,US"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks,Santa Clara,CA,US","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122922912","display_name":"Tony Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tony Li","raw_affiliation_strings":["Palo Alto Networks,Santa Clara,CA,US"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks,Santa Clara,CA,US","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122951800","display_name":"Fang Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fang Liu","raw_affiliation_strings":["Palo Alto Networks,Santa Clara,CA,US"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks,Santa Clara,CA,US","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122627635","display_name":"Oleksii Starov","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Oleksii Starov","raw_affiliation_strings":["Palo Alto Networks,Santa Clara,CA,US"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks,Santa Clara,CA,US","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044975798","display_name":"Manuel Egele","orcid":"https://orcid.org/0000-0001-5038-2682"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manuel Egele","raw_affiliation_strings":["Boston University,Boston,MA,US"],"affiliations":[{"raw_affiliation_string":"Boston University,Boston,MA,US","institution_ids":["https://openalex.org/I111088046"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046881273","display_name":"Gianluca Stringhini","orcid":"https://orcid.org/0000-0002-6162-578X"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gianluca Stringhini","raw_affiliation_strings":["Boston University,Boston,MA,US"],"affiliations":[{"raw_affiliation_string":"Boston University,Boston,MA,US","institution_ids":["https://openalex.org/I111088046"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5053161190"],"corresponding_institution_ids":["https://openalex.org/I4210108451"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.72382931,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"18"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.27639999985694885,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.27639999985694885,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.25099998712539673,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.21130000054836273,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.6837999820709229},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6632999777793884},{"id":"https://openalex.org/keywords/3d-scanning","display_name":"3d scanning","score":0.611299991607666},{"id":"https://openalex.org/keywords/visibility","display_name":"Visibility","score":0.5684000253677368},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5349000096321106},{"id":"https://openalex.org/keywords/intersection","display_name":"Intersection (aeronautics)","score":0.42829999327659607}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6895999908447266},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.6837999820709229},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6632999777793884},{"id":"https://openalex.org/C3019493240","wikidata":"https://www.wikidata.org/wiki/Q94701573","display_name":"3d scanning","level":2,"score":0.611299991607666},{"id":"https://openalex.org/C123403432","wikidata":"https://www.wikidata.org/wiki/Q654068","display_name":"Visibility","level":2,"score":0.5684000253677368},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5349000096321106},{"id":"https://openalex.org/C64543145","wikidata":"https://www.wikidata.org/wiki/Q162942","display_name":"Intersection (aeronautics)","level":2,"score":0.42829999327659607},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.3702999949455261},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35249999165534973},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.34689998626708984},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3345000147819519},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29980000853538513},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.2791000008583069},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.26109999418258667},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2603999972343445},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.2563999891281128},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.25529998540878296},{"id":"https://openalex.org/C2987419075","wikidata":"https://www.wikidata.org/wiki/Q8004","display_name":"Traffic signal","level":2,"score":0.2547000050544739}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ecrime66972.2025.11327971","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ecrime66972.2025.11327971","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5803192853927612}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W1993370323","https://openalex.org/W2040424958","https://openalex.org/W2061133001","https://openalex.org/W2103378897","https://openalex.org/W2114996745","https://openalex.org/W2152436591","https://openalex.org/W2158060559","https://openalex.org/W2342408547","https://openalex.org/W2399941526","https://openalex.org/W2606697812","https://openalex.org/W2753863426","https://openalex.org/W2886320151","https://openalex.org/W2899670782","https://openalex.org/W2947969447","https://openalex.org/W2962703433","https://openalex.org/W2965177386","https://openalex.org/W2978956219","https://openalex.org/W2981181114","https://openalex.org/W2990216812","https://openalex.org/W3155567600","https://openalex.org/W3178212987","https://openalex.org/W3211430557","https://openalex.org/W4206544014","https://openalex.org/W4225697716","https://openalex.org/W4245460974","https://openalex.org/W4387834972","https://openalex.org/W4403980999"],"related_works":[],"abstract_inverted_index":{"Scanning":[0],"is":[1,37],"a":[2,38,60,118],"prevalent":[3],"method":[4],"used":[5],"by":[6,190],"threat":[7],"actors":[8],"to":[9,71],"identify":[10,76],"vulnerabilities":[11],"in":[12,40,48,84,96,106,183,216],"networks":[13,70],"or":[14,25],"systems":[15],"for":[16,28],"subsequent":[17],"exploitation.":[18],"Prior":[19],"research":[20],"has":[21],"focused":[22],"on":[23,32],"signature":[24],"anomaly-based":[26],"methods":[27],"detecting":[29],"malicious":[30,180],"traffic":[31,85,98,204],"limited":[33],"datasets.":[34],"However,":[35],"there":[36],"gap":[39],"the":[41,49,52,111,124,130,139],"comprehensive":[42],"understanding":[43],"of":[44,51,114,129,141,167,208],"scanning":[45,55,73,78,95,131,148,154],"activity,":[46],"particularly":[47],"context":[50],"Web.":[53],"Our":[54],"detection":[56],"system,":[57,143],"DVader,":[58],"leverages":[59],"unique":[61],"vantage":[62],"point":[63],"that":[64,77,86,176,195],"provides":[65],"visibility":[66],"over":[67],"nearly":[68],"100,000":[69],"monitor":[72],"patterns.":[74],"We":[75,122,150,174,193],"activity":[79,132],"often":[80],"causes":[81],"sudden":[82],"bursts":[83],"are":[87,169],"distinct":[88],"from":[89],"typical":[90],"user":[91],"behavior.":[92],"To":[93],"detect":[94,151],"mixed":[97,203],"(benign":[99],"and":[100,116,155,162,210,221],"malicious),":[101],"we":[102,144],"track":[103],"unusual":[104],"spikes":[105],"volume-based":[107],"features,":[108],"such":[109,213],"as":[110,214],"total":[112],"number":[113],"requests,":[115],"employ":[117],"machine":[119],"learning":[120],"model.":[121],"conduct":[123],"first":[125],"large-scale":[126],"longitudinal":[127],"study":[128],"leveraging":[133],"our":[134,142,177,196],"multi-network":[135],"approach.":[136],"By":[137],"analyzing":[138],"detections":[140],"provide":[145],"insights":[146],"into":[147],"activity.":[149],"316":[152],"million":[153],"exploiting":[156],"requests":[157,185],"between":[158],"May":[159,163],"1,":[160,164],"2023":[161],"2024,":[165],"58%":[166],"which":[168],"directed":[170],"at":[171],"router":[172,223],"vulnerabilities.":[173],"show":[175,194],"system":[178,197],"detects":[179,199],"URLs":[181],"embedded":[182],"exploit":[184],"before":[186],"they":[187],"were":[188],"detected":[189],"VirusTotal":[191],"vendors.":[192],"effectively":[198],"emerging":[200],"threats":[201],"within":[202],"through":[205],"case":[206],"studies":[207],"recent":[209],"notable":[211],"vulnerabilities,":[212],"those":[215],"Ivanti":[217],"Connect":[218],"Secure,":[219],"Log4j,":[220],"Zyxel":[222],"Web":[224],"UI.":[225]},"counts_by_year":[],"updated_date":"2026-02-23T20:09:44.859080","created_date":"2026-01-14T00:00:00"}