{"id":"https://openalex.org/W2563821677","doi":"https://doi.org/10.1109/ntms.2016.7792471","title":"Remote Identification of Port Scan Toolchains","display_name":"Remote Identification of Port Scan Toolchains","publication_year":2016,"publication_date":"2016-11-01","ids":{"openalex":"https://openalex.org/W2563821677","doi":"https://doi.org/10.1109/ntms.2016.7792471","mag":"2563821677"},"language":"en","primary_location":{"id":"doi:10.1109/ntms.2016.7792471","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ntms.2016.7792471","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://resolver.tudelft.nl/uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071674047","display_name":"Vincent Ghi\u00ebtte","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Vincent Ghiette","raw_affiliation_strings":["Delft University of Technology Cybersecurity Group Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology Cybersecurity Group Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066257891","display_name":"Norbert Blenn","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Norbert Blenn","raw_affiliation_strings":["Delft University of Technology Cybersecurity Group Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology Cybersecurity Group Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000335949","display_name":"Christian Doerr","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Christian Doerr","raw_affiliation_strings":["Delft University of Technology Cybersecurity Group Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology Cybersecurity Group Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5071674047"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":1.1581,"has_fulltext":true,"cited_by_count":16,"citation_normalized_percentile":{"value":0.82257175,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8843799829483032},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7408507466316223},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.7390552759170532},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7300783395767212},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6958869099617004},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6535207033157349},{"id":"https://openalex.org/keywords/globe","display_name":"Globe","score":0.5900278091430664},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4622606337070465},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4498459994792938},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17577597498893738}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8843799829483032},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7408507466316223},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.7390552759170532},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7300783395767212},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6958869099617004},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6535207033157349},{"id":"https://openalex.org/C2775899829","wikidata":"https://www.wikidata.org/wiki/Q3109007","display_name":"Globe","level":2,"score":0.5900278091430664},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4622606337070465},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4498459994792938},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17577597498893738},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C118487528","wikidata":"https://www.wikidata.org/wiki/Q161437","display_name":"Ophthalmology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ntms.2016.7792471","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ntms.2016.7792471","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)","raw_type":"proceedings-article"},{"id":"pmh:tud:oai:tudelft.nl:uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","is_oa":true,"landing_page_url":"http://resolver.tudelft.nl/uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","pdf_url":"http://resolver.tudelft.nl/uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IFIP International Conference on New Technologies, Mobility and Security","raw_type":"info:eu-repo/semantics/conferencepaper"}],"best_oa_location":{"id":"pmh:tud:oai:tudelft.nl:uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","is_oa":true,"landing_page_url":"http://resolver.tudelft.nl/uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","pdf_url":"http://resolver.tudelft.nl/uuid:4abea0f6-4fae-4d57-950b-cd30d51c3c89","source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IFIP International Conference on New Technologies, Mobility and Security","raw_type":"info:eu-repo/semantics/conferencepaper"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2563821677.pdf","grobid_xml":"https://content.openalex.org/works/W2563821677.grobid-xml"},"referenced_works_count":9,"referenced_works":["https://openalex.org/W284347760","https://openalex.org/W1540641082","https://openalex.org/W2009250465","https://openalex.org/W2116227232","https://openalex.org/W2152969395","https://openalex.org/W2158880761","https://openalex.org/W2590339818","https://openalex.org/W6610362903","https://openalex.org/W6682673070"],"related_works":["https://openalex.org/W1539266347","https://openalex.org/W17155033","https://openalex.org/W2267913355","https://openalex.org/W2788570199","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W2000787479","https://openalex.org/W4248006302","https://openalex.org/W1590307681","https://openalex.org/W2573831620"],"abstract_inverted_index":{"Port":[0],"scans":[1],"are":[2,101],"typically":[3],"at":[4],"the":[5,16,73,107],"begin":[6],"of":[7,10,20,36,84],"a":[8,21,24,50,115],"chain":[9,75],"events":[11],"that":[12,67,94,110],"will":[13],"lead":[14],"to":[15,71,113,121],"attack":[17],"and":[18,109],"exploitation":[19],"host":[22],"over":[23],"network.":[25],"Since":[26],"building":[27],"an":[28,38,45,78,81],"effective":[29],"defense":[30],"relies":[31],"on":[32],"information":[33],"what":[34],"kind":[35],"threat":[37,42],"organization":[39],"is":[40,49],"facing,":[41],"intelligence":[43],"outlining":[44],"actor's":[46],"modus":[47],"operandi":[48],"critical":[51],"ingredient":[52],"for":[53],"network":[54],"security.":[55],"In":[56,80],"this":[57],"paper,":[58],"we":[59,92],"describe":[60],"characteristic":[61],"patterns":[62],"in":[63],"port":[64,98],"scan":[65,85,99],"packets":[66],"can":[68],"be":[69],"used":[70,76],"identify":[72],"tool":[74,117],"by":[77,88,104],"adversary.":[79],"empirical":[82],"analysis":[83],"traffic":[86],"received":[87],"two":[89],"/16":[90],"networks,":[91],"find":[93],"common":[95],"open":[96],"source":[97],"tools":[100],"adopted":[102],"differently":[103],"communities":[105],"across":[106],"globe,":[108],"groups":[111],"specializing":[112],"use":[114],"particular":[116,123],"have":[118],"also":[119],"specialized":[120],"exploit":[122],"services.":[124]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}