{"id":"https://openalex.org/W2079316669","doi":"https://doi.org/10.1109/isias.2011.6122824","title":"Slow port scanning detection","display_name":"Slow port scanning detection","publication_year":2011,"publication_date":"2011-12-01","ids":{"openalex":"https://openalex.org/W2079316669","doi":"https://doi.org/10.1109/isias.2011.6122824","mag":"2079316669"},"language":"en","primary_location":{"id":"doi:10.1109/isias.2011.6122824","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isias.2011.6122824","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 7th International Conference on Information Assurance and Security (IAS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048456765","display_name":"Mehiar Dabbagh","orcid":"https://orcid.org/0000-0002-3253-9321"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":true,"raw_author_name":"Mehiar Dabbagh","raw_affiliation_strings":["Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060978257","display_name":"Ali J. Ghandour","orcid":"https://orcid.org/0000-0002-2430-8443"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Ali J. Ghandour","raw_affiliation_strings":["Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042450214","display_name":"Kassem Fawaz","orcid":"https://orcid.org/0000-0002-4609-7691"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Kassem Fawaz","raw_affiliation_strings":["Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042406058","display_name":"Wassim El\u2010Hajj","orcid":"https://orcid.org/0000-0002-5206-2954"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Wassim El Hajj","raw_affiliation_strings":["Department of Computer Science, American University of Beirut","Dept. of Computer Science American University of Beirut,"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, American University of Beirut","institution_ids":["https://openalex.org/I98635879"]},{"raw_affiliation_string":"Dept. of Computer Science American University of Beirut,","institution_ids":["https://openalex.org/I98635879"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088085383","display_name":"Hazem Hajj","orcid":"https://orcid.org/0000-0002-9954-7924"},"institutions":[{"id":"https://openalex.org/I98635879","display_name":"American University of Beirut","ror":"https://ror.org/04pznsd21","country_code":"LB","type":"education","lineage":["https://openalex.org/I98635879"]}],"countries":["LB"],"is_corresponding":false,"raw_author_name":"Hazem Hajj","raw_affiliation_strings":["Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","Department of Electrical and Computer Engineering"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, American University of Beirut, Lebanon","institution_ids":["https://openalex.org/I98635879"]},{"raw_affiliation_string":"Department of Electrical and Computer Engineering","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5048456765"],"corresponding_institution_ids":["https://openalex.org/I98635879"],"apc_list":null,"apc_paid":null,"fwci":3.1507,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.91897745,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"228","last_page":"233"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7954544425010681},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7704106569290161},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6611033082008362},{"id":"https://openalex.org/keywords/scanner","display_name":"Scanner","score":0.6524198651313782},{"id":"https://openalex.org/keywords/port","display_name":"Port (circuit theory)","score":0.5864883661270142},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4693152904510498},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.44978204369544983},{"id":"https://openalex.org/keywords/false-positives-and-false-negatives","display_name":"False positives and false negatives","score":0.43942078948020935},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40796899795532227},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3639025092124939},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12980830669403076}],"concepts":[{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7954544425010681},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7704106569290161},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6611033082008362},{"id":"https://openalex.org/C2779751349","wikidata":"https://www.wikidata.org/wiki/Q1474480","display_name":"Scanner","level":2,"score":0.6524198651313782},{"id":"https://openalex.org/C32802771","wikidata":"https://www.wikidata.org/wiki/Q2443617","display_name":"Port (circuit theory)","level":2,"score":0.5864883661270142},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4693152904510498},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.44978204369544983},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.43942078948020935},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40796899795532227},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3639025092124939},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12980830669403076},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isias.2011.6122824","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isias.2011.6122824","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2011 7th International Conference on Information Assurance and Security (IAS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W8376609","https://openalex.org/W199706120","https://openalex.org/W1521150922","https://openalex.org/W1583975142","https://openalex.org/W1649901946","https://openalex.org/W1744212210","https://openalex.org/W1887038067","https://openalex.org/W1964757918","https://openalex.org/W1979331166","https://openalex.org/W2036736235","https://openalex.org/W2079316669","https://openalex.org/W2101357108","https://openalex.org/W2115361362","https://openalex.org/W2131438134","https://openalex.org/W2163030488","https://openalex.org/W6600352083","https://openalex.org/W6608014598","https://openalex.org/W6634829514","https://openalex.org/W6639415379","https://openalex.org/W6659575672","https://openalex.org/W6684045068"],"related_works":["https://openalex.org/W1557094818","https://openalex.org/W2183246718","https://openalex.org/W1973412793","https://openalex.org/W2099261052","https://openalex.org/W4292605373","https://openalex.org/W2951146195","https://openalex.org/W4226316650","https://openalex.org/W3123215897","https://openalex.org/W2153600354","https://openalex.org/W4243739114"],"abstract_inverted_index":{"Port":[0,17],"scanning":[1,18,217],"is":[2,63,145],"the":[3,38,80,98,102,125,148,190,211],"most":[4,36,213],"popular":[5],"reconnaissance":[6],"technique":[7],"attackers":[8],"use":[9],"to":[10,83,133,182],"discover":[11],"services":[12],"they":[13,136],"can":[14,34],"break":[15],"into.":[16],"detection":[19],"has":[20],"received":[21],"a":[22,29,49,70,85,165],"lot":[23],"of":[24,37,66,168,192],"attention":[25],"by":[26,152],"researchers.":[27],"However":[28],"slow":[30,57,205],"port":[31,58,206,216],"scan":[32,207],"attack":[33],"deceive":[35],"existing":[39],"Intrusion":[40],"Detection":[41],"Systems":[42],"(IDS).":[43],"In":[44],"this":[45,143],"paper,":[46],"we":[47],"present":[48],"new,":[50],"simple,":[51],"and":[52,78,112,162,171,204],"efficient":[53],"method":[54,62,195,221],"for":[55,124,130],"detecting":[56],"scans.":[59],"Our":[60],"proposed":[61,185,194],"mainly":[64],"composed":[65],"two":[67],"phases:":[68],"(1)":[69],"feature":[71],"collection":[72],"phase":[73,95],"that":[74,96,154,225],"analyzes":[75],"network":[76],"traffic":[77],"extracts":[79],"features":[81],"needed":[82],"classify":[84,119],"certain":[86],"IP":[87],"as":[88,120,157,235],"malicious":[89,199,223],"or":[90,139,160],"not.":[91],"(2)":[92],"A":[93,174],"classification":[94],"divides":[97],"IPs,":[99,109],"based":[100],"on":[101],"collected":[103],"features,":[104],"into":[105],"three":[106,212],"groups:":[107],"normal":[108,203],"suspicious":[110,121],"IPs":[111,116,156],"scanner":[113],"IPs.":[114],"The":[115,187],"our":[117,184,193,220],"approach":[118,144,150],"are":[122,226],"kept":[123],"next":[126],"(K)":[127],"time":[128],"windows":[129],"further":[131],"examination":[132],"decide":[134],"whether":[135],"represent":[137],"scanners":[138,200,224],"legitimate":[140,159],"users.":[141],"Hence,":[142],"different":[146],"than":[147],"traditional":[149],"used":[151],"IDSs":[153,233],"classifies":[155],"either":[158],"scanners,":[161],"thus":[163],"producing":[164],"high":[166],"number":[167],"false":[169,172],"positives":[170],"negatives.":[173],"small":[175],"Local":[176],"Area":[177],"Network":[178],"was":[179],"put":[180],"together":[181],"test":[183],"method.":[186],"experiments":[188],"show":[189],"effectiveness":[191],"in":[196],"correctly":[197],"identifying":[198],"when":[201],"both":[202],"were":[208],"performed":[209],"using":[210,230],"common":[214],"TCP":[215],"techniques.":[218],"Moreover,":[219],"detects":[222],"otherwise":[227],"not":[228],"detected":[229],"well":[231],"known":[232],"such":[234],"Snort.":[236]},"counts_by_year":[{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":5},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}