{"id":"https://openalex.org/W2076075999","doi":"https://doi.org/10.1145/2590296.2590297","title":"Scanner hunter","display_name":"Scanner hunter","publication_year":2014,"publication_date":"2014-05-30","ids":{"openalex":"https://openalex.org/W2076075999","doi":"https://doi.org/10.1145/2590296.2590297","mag":"2076075999"},"language":"en","primary_location":{"id":"doi:10.1145/2590296.2590297","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2590296.2590297","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050041449","display_name":"Guowu Xie","orcid":"https://orcid.org/0009-0003-8756-8327"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Guowu Xie","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA","University of California, RIverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]},{"raw_affiliation_string":"University of California, RIverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046612532","display_name":"Huy Hang","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Huy Hang","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA","University of California, RIverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]},{"raw_affiliation_string":"University of California, RIverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018876909","display_name":"Michalis Faloutsos","orcid":"https://orcid.org/0000-0002-3882-9987"},"institutions":[{"id":"https://openalex.org/I169521973","display_name":"University of New Mexico","ror":"https://ror.org/05fs6jp91","country_code":"US","type":"education","lineage":["https://openalex.org/I169521973"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michalis Faloutsos","raw_affiliation_strings":["University of New Mexico, Albuquerque, Albuquerque, NM, USA"],"affiliations":[{"raw_affiliation_string":"University of New Mexico, Albuquerque, Albuquerque, NM, USA","institution_ids":["https://openalex.org/I169521973"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050041449"],"corresponding_institution_ids":["https://openalex.org/I103635307"],"apc_list":null,"apc_paid":null,"fwci":0.3448,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.66649227,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"27","last_page":"38"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8290750980377197},{"id":"https://openalex.org/keywords/scanner","display_name":"Scanner","score":0.7443109154701233},{"id":"https://openalex.org/keywords/haystack","display_name":"Haystack","score":0.6596242189407349},{"id":"https://openalex.org/keywords/novelty","display_name":"Novelty","score":0.4681903123855591},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.44740110635757446},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.438438355922699},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4257264733314514},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.3529210090637207},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3221312463283539},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21404528617858887}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8290750980377197},{"id":"https://openalex.org/C2779751349","wikidata":"https://www.wikidata.org/wiki/Q1474480","display_name":"Scanner","level":2,"score":0.7443109154701233},{"id":"https://openalex.org/C13424479","wikidata":"https://www.wikidata.org/wiki/Q5687237","display_name":"Haystack","level":2,"score":0.6596242189407349},{"id":"https://openalex.org/C2778738651","wikidata":"https://www.wikidata.org/wiki/Q16546687","display_name":"Novelty","level":2,"score":0.4681903123855591},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.44740110635757446},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.438438355922699},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4257264733314514},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.3529210090637207},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3221312463283539},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21404528617858887},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C27206212","wikidata":"https://www.wikidata.org/wiki/Q34178","display_name":"Theology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2590296.2590297","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2590296.2590297","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th ACM symposium on Information, computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4099999964237213,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W15977527","https://openalex.org/W122790780","https://openalex.org/W180886567","https://openalex.org/W1488754173","https://openalex.org/W1493883477","https://openalex.org/W1500920619","https://openalex.org/W1514368868","https://openalex.org/W1525967479","https://openalex.org/W1543320899","https://openalex.org/W1744212210","https://openalex.org/W1779735989","https://openalex.org/W1845321769","https://openalex.org/W1861561811","https://openalex.org/W2064889936","https://openalex.org/W2074937974","https://openalex.org/W2124929753","https://openalex.org/W2132791332","https://openalex.org/W2133576408","https://openalex.org/W2155589792","https://openalex.org/W6631337276","https://openalex.org/W6637957265"],"related_works":["https://openalex.org/W4253878822","https://openalex.org/W1965563707","https://openalex.org/W1736550718","https://openalex.org/W4210692028","https://openalex.org/W2808729870","https://openalex.org/W2479343091","https://openalex.org/W2278064783","https://openalex.org/W3174858427","https://openalex.org/W1972480475","https://openalex.org/W275553111"],"abstract_inverted_index":{"This":[0],"paper":[1],"focuses":[2],"on":[3,36,75],"detecting":[4],"and":[5,67,135,178,227,233,239],"studying":[6],"HTTP":[7,59,130,159,217,298,348],"scanners,":[8,238],"which":[9,42,191,249,282],"are":[10,43,65,246],"malicious":[11],"entities":[12],"that":[13,20,105,164,205,294,337],"explore":[14],"a":[15,71,76,82,111,275,333],"website":[16],"selectively":[17],"for":[18,25,342],"\"opportunities\"":[19],"can":[21,250,338],"potentially":[22],"be":[23],"used":[24,235],"subsequent":[26,257],"intrusion":[27],"attempts.":[28],"Interestingly,":[29],"there":[30],"is":[31,61,81,163,192,300],"practically":[32],"no":[33],"prior":[34],"work":[35,114,315],"the":[37,86,96,102,125,138,142,165,198,201,231,237,241,256,278,295,319,322,329,340,344],"detection":[38,189,335],"of":[39,137,144,158,171,200,216,243,267,297,310,321],"these":[40],"entities,":[41],"different":[44],"from":[45,274,288],"web":[46,268],"crawlers":[47],"or":[48],"machines":[49],"performing":[50],"network-level":[51],"reconnaissance":[52],"activities":[53],"such":[54],"as":[55,63,195,197,208,253],"port":[56],"scanning.":[57],"Detecting":[58],"scanners":[60,131,172,218,299],"challenging":[62],"they":[64,89,94,245],"stealthy":[66],"often":[68],"only":[69],"probe":[70],"few":[72],"key":[73],"places":[74],"website,":[77],"so":[78],"finding":[79],"them":[80],"needle-in-the-haystack":[83],"problem.":[84],"At":[85],"same":[87,330],"time,":[88],"pose":[90],"serious":[91],"risk":[92,345],"because":[93],"perform":[95],"first,":[97],"exploratory":[98],"step":[99],"to":[100,109,128,155,176,222,254],"provide":[101,212,332,339],"seed":[103],"information":[104],"may":[106,260],"allow":[107],"hackers":[108],"compromise":[110],"website.":[112],"Our":[113,314],"makes":[115,168],"two":[116],"main":[117],"contributions.":[118],"First,":[119],"we":[120,206,211],"propose":[121],"Scanner":[122,183],"Hunter,":[123],"arguably":[124],"first":[126],"method":[127,139],"detect":[129],"efficiently.":[132],"The":[133,161],"novelty":[134],"success":[136],"lies":[140],"in":[141,147,153,219,272,307],"use":[143,207,263],"community":[145,323],"structure,":[146],"an":[148,186,213,220],"appropriately":[149],"constructed":[150],"bipartite":[151],"graph,":[152],"order":[154],"expose":[156],"groups":[157,170],"scanners.":[160,349],"rationale":[162],"aggregated":[166],"behavior":[167],"identifying":[169],"easier":[173],"than":[174],"attempting":[175],"profile":[177],"label":[179],"IP":[180],"addresses":[181],"individually.":[182],"Hunter":[184],"achieves":[185],"impressive":[187],"96.5%":[188],"precision,":[190],"roughly":[193,303],"twice":[194],"high":[196],"precision":[199],"Machine":[202],"Learning-based":[203],"methods":[204],"reference.":[209],"Second,":[210],"extensive":[214],"study":[215],"effort":[221],"understand:":[223],"(a)":[224],"their":[225],"spatial":[226],"temporal":[228],"properties,":[229],"(b)":[230],"techniques":[232],"tools":[234],"by":[236,281,347],"(c)":[240],"types":[242],"resources":[244],"looking":[247],"for,":[248],"provides":[251],"hints":[252],"what":[255],"penetration":[258],"attempt":[259],"target.":[261],"We":[262,292],"six":[264],"months":[265],"worth":[266],"traffic":[269],"logs":[270],"collected":[271],"2012":[273],"University":[276],"campus,":[277],"websites":[279],"hosted":[280],"received":[283],"over":[284],"1.9":[285],"billion":[286],"requests":[287],"12.8":[289],"million":[290],"IPs.":[291],"found":[293],"number":[296],"non-trivial":[301],"with":[302],"4,000":[304],"IPs":[305],"engaging":[306],"this":[308,325],"type":[309],"activity":[311],"per":[312],"week.":[313],"will":[316],"hopefully":[317],"raise":[318],"awareness":[320],"regarding":[324],"problem":[326],"while":[327],"at":[328],"time":[331],"promising":[334],"technique":[336],"basis":[341],"mitigating":[343],"posed":[346]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}