{"id":"https://openalex.org/W4414539120","doi":"https://doi.org/10.1109/icc52391.2025.11160775","title":"PortScout: A Communication Flow-Based Approach to Detect Port Scanning Evasion Attacks","display_name":"PortScout: A Communication Flow-Based Approach to Detect Port Scanning Evasion Attacks","publication_year":2025,"publication_date":"2025-06-08","ids":{"openalex":"https://openalex.org/W4414539120","doi":"https://doi.org/10.1109/icc52391.2025.11160775"},"language":"en","primary_location":{"id":"doi:10.1109/icc52391.2025.11160775","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc52391.2025.11160775","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2025 - IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5001628686","display_name":"Muhammad Sangeen","orcid":null},"institutions":[{"id":"https://openalex.org/I899713450","display_name":"Air University","ror":"https://ror.org/03yfe9v83","country_code":"PK","type":"education","lineage":["https://openalex.org/I899713450"]}],"countries":["PK"],"is_corresponding":true,"raw_author_name":"Muhammad Sangeen","raw_affiliation_strings":["Air University,Department of Cyber Security,Islamabad,Pakistan"],"affiliations":[{"raw_affiliation_string":"Air University,Department of Cyber Security,Islamabad,Pakistan","institution_ids":["https://openalex.org/I899713450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062319431","display_name":"Naveed Anwar Bhatti","orcid":"https://orcid.org/0000-0003-4115-9889"},"institutions":[{"id":"https://openalex.org/I207789805","display_name":"Lahore University of Management Sciences","ror":"https://ror.org/05b5x4a35","country_code":"PK","type":"education","lineage":["https://openalex.org/I207789805"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Naveed Anwar Bhatti","raw_affiliation_strings":["Lahore University of Management Sciences (LUMS),Department of Computer Science,Lahore,Pakistan"],"affiliations":[{"raw_affiliation_string":"Lahore University of Management Sciences (LUMS),Department of Computer Science,Lahore,Pakistan","institution_ids":["https://openalex.org/I207789805"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5106182605","display_name":"Kashif Kifayat","orcid":"https://orcid.org/0000-0001-5088-0825"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kashif Kifayat","raw_affiliation_strings":["University of Khorfakkan,Sharjah,United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"University of Khorfakkan,Sharjah,United Arab Emirates","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5001628686"],"corresponding_institution_ids":["https://openalex.org/I899713450"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.32433981,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3045","last_page":"3050"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9174000024795532,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9174000024795532,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.623199999332428},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6003000140190125},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5972999930381775},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5713000297546387},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4666999876499176},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.42910000681877136}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.732699990272522},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.623199999332428},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6003000140190125},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5972999930381775},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5713000297546387},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4666999876499176},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.45100000500679016},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.42910000681877136},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3910999894142151},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.3781000077724457},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.3427000045776367},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.33169999718666077},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3025999963283539},{"id":"https://openalex.org/C135510737","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Performance indicator","level":2,"score":0.27869999408721924},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.266400009393692},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.26510000228881836}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icc52391.2025.11160775","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc52391.2025.11160775","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2025 - IEEE International Conference on Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1988899701","https://openalex.org/W2041453110","https://openalex.org/W2770887848","https://openalex.org/W2936630130","https://openalex.org/W2992744256","https://openalex.org/W3021838326","https://openalex.org/W3138395127","https://openalex.org/W4206103323","https://openalex.org/W4226437737","https://openalex.org/W4231973052","https://openalex.org/W4376256938","https://openalex.org/W4382281941","https://openalex.org/W4391285268"],"related_works":[],"abstract_inverted_index":{"Port":[0],"scanning":[1,30,58,114,178],"is":[2],"a":[3,49,67,109,129,161],"fundamental":[4],"technique":[5],"used":[6],"by":[7],"attackers":[8],"to":[9,33,55,155],"identify":[10,56],"open":[11],"ports,":[12],"services,":[13],"and":[14,28,42,71,89,108,128,166],"vulnerabilities":[15],"in":[16,44,151,174],"target":[17],"systems.":[18],"Advanced":[19],"evasion":[20,59,179],"methods":[21],"such":[22],"as":[23],"distributed":[24],"scanning,":[25,27],"slow":[26],"decoy":[29],"enable":[31],"them":[32],"bypass":[34],"traditional":[35],"detection":[36,52,101,122],"systems":[37,173],"that":[38,75],"are":[39],"often":[40],"resource-intensive":[41],"limited":[43],"scope.":[45],"We":[46],"introduce":[47],"PortScout,":[48],"novel":[50],"lightweight":[51],"approach":[53,117],"designed":[54],"port":[57,113,177],"attacks":[60],"efficiently.":[61],"Unlike":[62],"existing":[63,172],"methods,":[64,157],"PortScout":[65],"leverages":[66],"unique":[68],"flow":[69],"aggregation":[70],"anomaly":[72],"scoring":[73],"mechanism":[74],"analyzes":[76],"communication":[77],"flows":[78],"using":[79],"only":[80],"three":[81],"key":[82],"packet":[83],"attributes:":[84],"source":[85],"IP,":[86,88],"destination":[87,90],"port.":[91],"Despite":[92],"the":[93,169],"minimal":[94],"data":[95],"requirements,":[96],"our":[97,116,158],"method":[98],"maintains":[99],"high":[100],"accuracy.":[102],"Evaluated":[103],"on":[104],"real-time":[105,149],"benign":[106],"traffic":[107],"diverse":[110],"set":[111],"of":[112,125,135,164,171],"attacks,":[115],"achieves":[118],"an":[119],"average":[120],"attack":[121],"rate":[123,133],"(AADR)":[124],"89.5":[126],"%":[127],"low":[130,142],"false":[131],"positive":[132],"(AFPR)":[134],"0.34":[136],"%.":[137],"Additionally,":[138],"it":[139,146],"operates":[140],"with":[141],"computational":[143],"overhead,":[144],"making":[145],"suitable":[147],"for":[148],"deployment":[150],"high-speed":[152],"networks.":[153],"Compared":[154],"state-of-the-art":[156],"solution":[159],"offers":[160],"robust":[162],"balance":[163],"efficiency":[165],"effectiveness,":[167],"addressing":[168],"limitations":[170],"detecting":[175],"sophisticated":[176],"attacks.":[180]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}