{"id":"https://openalex.org/W2960721637","doi":"https://doi.org/10.1109/isdfs.2019.8757484","title":"Analysis of Malware Hidden Behind Firewalls with Back Scans","display_name":"Analysis of Malware Hidden Behind Firewalls with Back Scans","publication_year":2019,"publication_date":"2019-06-01","ids":{"openalex":"https://openalex.org/W2960721637","doi":"https://doi.org/10.1109/isdfs.2019.8757484","mag":"2960721637"},"language":"en","primary_location":{"id":"doi:10.1109/isdfs.2019.8757484","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757484","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100627830","display_name":"Zhiqing Zhang","orcid":"https://orcid.org/0000-0002-1846-5477"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Zhiqing Zhang","raw_affiliation_strings":["The University of Tokyo"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052106822","display_name":"Hiroshi Esaki","orcid":"https://orcid.org/0000-0001-5657-9216"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Hiroshi Esaki","raw_affiliation_strings":["The University of Tokyo"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045456657","display_name":"Hideya Ochiai","orcid":"https://orcid.org/0000-0002-4568-6726"},"institutions":[{"id":"https://openalex.org/I74801974","display_name":"The University of Tokyo","ror":"https://ror.org/057zh3y96","country_code":"JP","type":"education","lineage":["https://openalex.org/I74801974"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Hideya Ochiai","raw_affiliation_strings":["The University of Tokyo"],"affiliations":[{"raw_affiliation_string":"The University of Tokyo","institution_ids":["https://openalex.org/I74801974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100627830"],"corresponding_institution_ids":["https://openalex.org/I74801974"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.0926767,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"8","issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9050109386444092},{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.9039373397827148},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7668428421020508},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6507852673530579},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5999281406402588},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.5566982626914978},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.524041473865509},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.5082826018333435},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4613938331604004},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.42028194665908813},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1037672758102417},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.09652373194694519},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.06414756178855896}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9050109386444092},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.9039373397827148},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7668428421020508},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6507852673530579},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5999281406402588},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.5566982626914978},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.524041473865509},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.5082826018333435},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4613938331604004},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.42028194665908813},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1037672758102417},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.09652373194694519},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.06414756178855896},{"id":"https://openalex.org/C104062141","wikidata":"https://www.wikidata.org/wiki/Q2601295","display_name":"Extremal black hole","level":3,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C183915046","wikidata":"https://www.wikidata.org/wiki/Q1316152","display_name":"Charged black hole","level":4,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isdfs.2019.8757484","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757484","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1517527854","https://openalex.org/W1521478692","https://openalex.org/W1546137167","https://openalex.org/W1576185228","https://openalex.org/W1616112455","https://openalex.org/W1775772884","https://openalex.org/W2009033060","https://openalex.org/W2043356179","https://openalex.org/W2114398364","https://openalex.org/W2121008990","https://openalex.org/W2166924764","https://openalex.org/W2594353089","https://openalex.org/W2748868501","https://openalex.org/W4294284964","https://openalex.org/W6632538867","https://openalex.org/W6634619446","https://openalex.org/W6677217071","https://openalex.org/W6743493502"],"related_works":["https://openalex.org/W2387982609","https://openalex.org/W2359453783","https://openalex.org/W2133389611","https://openalex.org/W2357071520","https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539"],"abstract_inverted_index":{"Malware":[0],"infection":[1,93,145,153],"and":[2,104,112,124,140],"propagation":[3],"in":[4,14,92,128,149],"Local":[5],"Area":[6],"Network(LAN)":[7],"have":[8],"became":[9],"a":[10,85],"critical":[11],"security":[12],"consideration":[13],"IoT":[15],"systems.":[16],"Recent":[17],"cases":[18],"happen":[19],"when":[20],"hosts":[21,95],"are":[22,52],"observed":[23],"to":[24,80],"be":[25],"infected":[26,39],"even":[27,96],"protected":[28,97],"by":[29,98],"firewall.":[30,99],"If":[31],"we":[32,41,51,62],"go":[33],"deep":[34],"into":[35],"the":[36,45,59],"analysis":[37,103],"on":[38,44,58,69,71,89,94,131,143],"hosts,":[40],"can":[42,63],"measure":[43],"possibility":[46],"of":[47,54,56,73],"this":[48],"situation.":[49],"When":[50],"aware":[53],"status":[55],"ports":[57],"source":[60,82],"host,":[61],"determine":[64],"how":[65],"intrusion":[66,139],"happens":[67],"based":[68],"classification":[70,141],"manner":[72],"infection.":[74],"We":[75,120,147],"propose":[76],"SB-MSS":[77],"(scan":[78],"back":[79,106,110,114],"malicious":[81,118],"scan":[83],"source),":[84],"network":[86],"measurement":[87],"method":[88],"malware":[90,138,152],"behaviors":[91],"This":[100],"includes":[101],"passive":[102],"active":[105],"scan,":[107],"i.e.,":[108],"port":[109,135],"scanning":[111,115],"vertical":[113],"methods":[116],"towards":[117],"sources.":[119],"conducted":[121],"2-week":[122],"experiment":[123],"provide":[125],"our":[126],"results":[127],"attack":[129],"distribution":[130],"different":[132,144],"factors,":[133],"possible":[134],"entrances":[136],"for":[137],"result":[142],"type.":[146],"found":[148],"82.52%":[150],"cases,":[151],"bypasses":[154],"firewalls.":[155]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}