{"id":"https://openalex.org/W2065197158","doi":"https://doi.org/10.1109/iwcmc.2013.6583681","title":"On detecting and clustering distributed cyber scanning","display_name":"On detecting and clustering distributed cyber scanning","publication_year":2013,"publication_date":"2013-07-01","ids":{"openalex":"https://openalex.org/W2065197158","doi":"https://doi.org/10.1109/iwcmc.2013.6583681","mag":"2065197158"},"language":"en","primary_location":{"id":"doi:10.1109/iwcmc.2013.6583681","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwcmc.2013.6583681","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039079298","display_name":"Elias Bou\u2010Harb","orcid":"https://orcid.org/0000-0001-8040-4635"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Elias Bou-Harb","raw_affiliation_strings":["CIISE, Concordia University, Montreal, QUE, Canada","[CIISE, Concordia University, Montreal, Qc, Canada]"],"affiliations":[{"raw_affiliation_string":"CIISE, Concordia University, Montreal, QUE, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"[CIISE, Concordia University, Montreal, Qc, Canada]","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028605138","display_name":"Mourad Debbabi","orcid":"https://orcid.org/0000-0003-3015-3043"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mourad Debbabi","raw_affiliation_strings":["CIISE, Concordia University, Montreal, QUE, Canada","[CIISE, Concordia University, Montreal, Qc, Canada]"],"affiliations":[{"raw_affiliation_string":"CIISE, Concordia University, Montreal, QUE, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"[CIISE, Concordia University, Montreal, Qc, Canada]","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072393948","display_name":"Chadi Assi","orcid":"https://orcid.org/0000-0002-3161-1846"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Chadi Assi","raw_affiliation_strings":["CIISE, Concordia University, Montreal, QUE, Canada","[CIISE, Concordia University, Montreal, Qc, Canada]"],"affiliations":[{"raw_affiliation_string":"CIISE, Concordia University, Montreal, QUE, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"[CIISE, Concordia University, Montreal, Qc, Canada]","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5039079298"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":0.36207187,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.67395727,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"10","issue":null,"first_page":"926","last_page":"933"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10064","display_name":"Complex Network Analysis Techniques","score":0.9805999994277954,"subfield":{"id":"https://openalex.org/subfields/3109","display_name":"Statistical and Nonlinear Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8090345859527588},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.7521476745605469},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5783690810203552},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5531078577041626},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.537361204624176},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.4748561382293701},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4519774615764618},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.44905993342399597},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.42493346333503723},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3446013331413269},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12380111217498779}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8090345859527588},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.7521476745605469},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5783690810203552},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5531078577041626},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.537361204624176},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.4748561382293701},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4519774615764618},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.44905993342399597},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.42493346333503723},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3446013331413269},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12380111217498779},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iwcmc.2013.6583681","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwcmc.2013.6583681","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1543783240","https://openalex.org/W1563061804","https://openalex.org/W1576185228","https://openalex.org/W1649901946","https://openalex.org/W1967151415","https://openalex.org/W1973493882","https://openalex.org/W2000497232","https://openalex.org/W2011493390","https://openalex.org/W2015581520","https://openalex.org/W2017010982","https://openalex.org/W2017821362","https://openalex.org/W2020162074","https://openalex.org/W2032691150","https://openalex.org/W2065890363","https://openalex.org/W2101547937","https://openalex.org/W2101895618","https://openalex.org/W2109418235","https://openalex.org/W2147029177","https://openalex.org/W2149725068","https://openalex.org/W2163899311","https://openalex.org/W2167003214","https://openalex.org/W2295102560","https://openalex.org/W4389829190","https://openalex.org/W6633671634","https://openalex.org/W6684422367","https://openalex.org/W6697529566"],"related_works":["https://openalex.org/W3042604642","https://openalex.org/W121858127","https://openalex.org/W2112204274","https://openalex.org/W2165263102","https://openalex.org/W4289329995","https://openalex.org/W2373574911","https://openalex.org/W2046727832","https://openalex.org/W4247895841","https://openalex.org/W2097742961","https://openalex.org/W2000598421"],"abstract_inverted_index":{"This":[0],"paper":[1],"proposes":[2],"an":[3],"approach":[4,37,60],"that":[5,11,38,61,126],"is":[6,30,42,48,62,190],"composed":[7],"of":[8,16,69,101,150,159,207],"two":[9,87,94],"techniques":[10],"respectively":[12],"tackle":[13],"the":[14,50,66,75,107,140,183,186,197,205],"issues":[15],"detecting":[17],"corporate":[18],"cyber":[19],"scanning":[20,198],"and":[21,77,92,136,155,177,195],"clustering":[22,188],"distributed":[23],"reconnaissance":[24],"activity.":[25],"The":[26,52,97,120],"first":[27,98],"employed":[28],"technique":[29,54,189],"based":[31],"on":[32,40,123],"a":[33,56,70,117,128,147,156],"non-attribution":[34],"anomaly":[35],"detection":[36,142],"focuses":[39],"what":[41],"being":[43],"scanned":[44],"rather":[45],"than":[46,152],"who":[47],"performing":[49],"scanning.":[51],"second":[53,108,154],"adopts":[55],"statistical":[57],"time":[58,149],"series":[59],"rendered":[63],"by":[64],"observing":[65],"correlation":[67],"status":[68],"traffic":[71,90,105],"signal":[72],"to":[73,172,192],"perform":[74],"identification":[76],"clustering.":[78],"To":[79],"empirically":[80],"validate":[81],"both":[82],"techniques,":[83],"we":[84],"experiment":[85],"with":[86,132,165,200],"real":[88],"network":[89,131],"datasets":[91],"implement":[93],"proof-of-concept":[95],"environments.":[96],"dataset":[99,109],"comprises":[100],"unsolicited":[102],"one-way":[103],"telescope/darknet":[104],"while":[106],"has":[110],"been":[111],"captured":[112],"in":[113,163,204],"our":[114],"lab":[115],"through":[116],"customized":[118],"setup.":[119],"results":[121],"show,":[122],"one":[124],"hand,":[125,185],"for":[127],"class":[129],"C":[130],"250":[133],"active":[134],"hosts":[135],"5":[137],"monitored":[138],"servers,":[139],"proposed":[141,187],"technique's":[143],"training":[144],"period":[145],"required":[146],"stabilization":[148],"less":[151],"1":[153],"state":[157],"memory":[158],"80":[160],"bytes.":[161],"Moreover,":[162],"comparison":[164],"Snort's":[166],"sfPortscan":[167],"technique,":[168],"it":[169],"was":[170],"able":[171,191],"detect":[173],"4215":[174],"unique":[175],"scans":[176],"yielded":[178],"zero":[179],"false":[180],"negative.":[181],"On":[182],"other":[184],"correctly":[193],"identify":[194],"cluster":[196],"machines":[199],"high":[201],"accuracy":[202],"even":[203],"presence":[206],"legitimate":[208],"traffic.":[209]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}