{"id":"https://openalex.org/W2058336494","doi":"https://doi.org/10.1145/1655925.1656116","title":"TCP portscan detection based on single packet flows and entropy","display_name":"TCP portscan detection based on single packet flows and entropy","publication_year":2009,"publication_date":"2009-11-24","ids":{"openalex":"https://openalex.org/W2058336494","doi":"https://doi.org/10.1145/1655925.1656116","mag":"2058336494"},"language":"en","primary_location":{"id":"doi:10.1145/1655925.1656116","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1655925.1656116","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100457338","display_name":"Hai Zhang","orcid":"https://orcid.org/0000-0002-7183-9570"},"institutions":[{"id":"https://openalex.org/I58200834","display_name":"Southern Medical University","ror":"https://ror.org/01vjw4z39","country_code":"CN","type":"education","lineage":["https://openalex.org/I58200834"]},{"id":"https://openalex.org/I90610280","display_name":"South China University of Technology","ror":"https://ror.org/0530pts50","country_code":"CN","type":"education","lineage":["https://openalex.org/I90610280"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hai Zhang","raw_affiliation_strings":["South China University of Technology, Guangzhou, China and Southern Medical University, Guangzhou, China","South China University of Technology, Guangzhou, China and Southern Medical University, Guangzhou, China#TAB#"],"affiliations":[{"raw_affiliation_string":"South China University of Technology, Guangzhou, China and Southern Medical University, Guangzhou, China","institution_ids":["https://openalex.org/I90610280","https://openalex.org/I58200834"]},{"raw_affiliation_string":"South China University of Technology, Guangzhou, China and Southern Medical University, Guangzhou, China#TAB#","institution_ids":["https://openalex.org/I90610280"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045458921","display_name":"Xuyang Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I58200834","display_name":"Southern Medical University","ror":"https://ror.org/01vjw4z39","country_code":"CN","type":"education","lineage":["https://openalex.org/I58200834"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuyang Zhu","raw_affiliation_strings":["Southern Medical University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Southern Medical University, Guangzhou, China","institution_ids":["https://openalex.org/I58200834"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101130385","display_name":"Wenming Guo","orcid":"https://orcid.org/0000-0003-4167-4557"},"institutions":[{"id":"https://openalex.org/I58200834","display_name":"Southern Medical University","ror":"https://ror.org/01vjw4z39","country_code":"CN","type":"education","lineage":["https://openalex.org/I58200834"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenming Guo","raw_affiliation_strings":["Southern Medical University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Southern Medical University, Guangzhou, China","institution_ids":["https://openalex.org/I58200834"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100457338"],"corresponding_institution_ids":["https://openalex.org/I58200834","https://openalex.org/I90610280"],"apc_list":null,"apc_paid":null,"fwci":1.0282,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.77902976,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":"10","issue":null,"first_page":"1056","last_page":"1060"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8297121524810791},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6362078785896301},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6090850830078125},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5946339964866638},{"id":"https://openalex.org/keywords/web-traffic","display_name":"Web traffic","score":0.5646572113037109},{"id":"https://openalex.org/keywords/ip-address","display_name":"Ip address","score":0.544303297996521},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.4671209454536438},{"id":"https://openalex.org/keywords/internet-traffic","display_name":"Internet traffic","score":0.4647101163864136},{"id":"https://openalex.org/keywords/sampling","display_name":"Sampling (signal processing)","score":0.45342138409614563},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.45179250836372375},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.44874095916748047},{"id":"https://openalex.org/keywords/gigabit","display_name":"Gigabit","score":0.44575807452201843},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.44518420100212097},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4356297552585602},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.35998573899269104},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13934475183486938},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.11192148923873901}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8297121524810791},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6362078785896301},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6090850830078125},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5946339964866638},{"id":"https://openalex.org/C2777672014","wikidata":"https://www.wikidata.org/wiki/Q1172573","display_name":"Web traffic","level":3,"score":0.5646572113037109},{"id":"https://openalex.org/C2985371682","wikidata":"https://www.wikidata.org/wiki/Q11135","display_name":"Ip address","level":2,"score":0.544303297996521},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.4671209454536438},{"id":"https://openalex.org/C63969886","wikidata":"https://www.wikidata.org/wiki/Q3536440","display_name":"Internet traffic","level":3,"score":0.4647101163864136},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.45342138409614563},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.45179250836372375},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.44874095916748047},{"id":"https://openalex.org/C21922175","wikidata":"https://www.wikidata.org/wiki/Q3105497","display_name":"Gigabit","level":2,"score":0.44575807452201843},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.44518420100212097},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4356297552585602},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.35998573899269104},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13934475183486938},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.11192148923873901},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1655925.1656116","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1655925.1656116","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1649901946","https://openalex.org/W1744212210","https://openalex.org/W1763961826","https://openalex.org/W1973515534","https://openalex.org/W1974918169","https://openalex.org/W1988897678","https://openalex.org/W2031657002","https://openalex.org/W2090775316","https://openalex.org/W2097662376","https://openalex.org/W2130598205","https://openalex.org/W2156447535","https://openalex.org/W2164532265","https://openalex.org/W2169636627","https://openalex.org/W3143455850","https://openalex.org/W6637945393"],"related_works":["https://openalex.org/W2149855662","https://openalex.org/W3129437314","https://openalex.org/W1594793042","https://openalex.org/W2382966707","https://openalex.org/W2033811694","https://openalex.org/W2743139118","https://openalex.org/W2017388544","https://openalex.org/W2009529053","https://openalex.org/W2015037455","https://openalex.org/W4362496549"],"abstract_inverted_index":{"Portscanning":[0],"is":[1,9,29,51,83,112,127,231,309],"a":[2,45,65,79,210,233],"common":[3],"activity":[4,25],"of":[5,52,64,95,103,108,224,241,248,266,268,274],"considerable":[6,53],"importance.":[7],"It":[8],"often":[10],"used":[11,191],"by":[12],"computer":[13],"attackers":[14,56],"to":[15,38,44,55,57,113,138,213],"characterize":[16],"hosts":[17,293],"or":[18,60],"networks":[19],"which":[20,220,244,292],"they":[21],"are":[22,67,160,168,294],"considering":[23,195],"hostile":[24],"against.":[26],"Thus":[27,49],"it":[28,50,69],"useful":[30],"for":[31,131,171,305],"system":[32],"administrators":[33],"and":[34,99,105,152,229,253],"other":[35,153],"network":[36,66],"defenders":[37,63],"detect":[39,114,139],"portscans":[40,77,115],"as":[41],"possible":[42],"preliminaries":[43],"more":[46,278],"serious":[47],"attack.":[48],"interest":[54],"determine":[58],"whether":[59],"not":[61],"the":[62,85,118,122,157,164,177,205,218,239,246,264,272,287,302],"portscanning":[68],"regularly.":[70],"A":[71],"major":[72],"difficulty":[73],"with":[74,204],"detecting":[75],"these":[76],"on":[78,88,117,121,149,176,263],"high-speed":[80],"monitoring":[81],"point":[82],"that":[84,284,301],"traffic":[86,148],"volume":[87,107],"high":[89,106],"speed":[90],"links":[91],"can":[92,100,237,290,318],"be":[93,277],"tens":[94],"gigabits":[96],"per":[97],"second":[98],"contain":[101],"millions":[102],"flow":[104,119,200],"traffic.":[109],"Our":[110],"purpose":[111],"based":[116],"records":[120,201],"internet.":[123],"This":[124],"data":[125,158,165,178],"set":[126],"sometimes":[128],"too":[129,169],"large":[130,170,222],"us.":[132,172],"Fortunately,":[133],"we":[134,190,208,236],"have":[135],"an":[136],"approach":[137],"some":[140],"specific":[141],"portscan.":[142],"First,":[143],"filter":[144],"out":[145,322],"any":[146],"web":[147],"port":[150,295],"80":[151],"non-TCP":[154],"flows.":[155],"So":[156,314],"sets":[159,166],"reduced":[161],"significantly.":[162],"However,":[163],"still":[167],"Then":[173],"employ":[174],"sampling":[175,185,259],"sets.":[179],"There":[180],"had":[181],"been":[182],"many":[183],"alternative":[184],"methods.":[186],"In":[187,255],"this":[188,196],"paper,":[189],"simple":[192,257],"random":[193,258],"sampling,":[194],"method":[197],"could":[198],"select":[199],"uniformly.":[202],"Finally,":[203],"sampled":[206],"data,":[207],"introduce":[209],"new":[211],"way":[212],"identify":[214],"ports":[215,230,234],"scanners.":[216],"As":[217],"host":[219],"scan":[221],"number":[223],"different":[225],"destination":[226,250,306],"IP":[227,251,307],"addresses":[228,252],"probably":[232],"scanners":[235,296,323],"compute":[238],"entropy":[240,267,275,304],"each":[242,269],"host,":[243],"reflect":[245],"distribution":[247],"its":[249],"ports.":[254],"theory,":[256],"has":[260],"minimal":[261],"impact":[262],"result":[265],"host.":[270],"Therefore":[271],"estimation":[273],"will":[276,299],"precise.":[279],"The":[280],"experimental":[281],"results":[282],"show":[283],"datum":[285],"from":[286],"sample":[288],"also":[289],"tell":[291],"accurately.":[297],"We":[298],"see":[300],"attackers'":[303],"address":[308],"bigger":[310],"than":[311],"others":[312],"clearly.":[313],"entropy-based":[315],"SYN":[316],"detection":[317],"help":[319],"us":[320],"find":[321],"effectively.":[324]},"counts_by_year":[{"year":2013,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}