{"id":"https://openalex.org/W2114696652","doi":"https://doi.org/10.1186/s13388-015-0019-7","title":"Evasion-resistant network scan detection","display_name":"Evasion-resistant network scan detection","publication_year":2015,"publication_date":"2015-05-08","ids":{"openalex":"https://openalex.org/W2114696652","doi":"https://doi.org/10.1186/s13388-015-0019-7","mag":"2114696652"},"language":"en","primary_location":{"id":"doi:10.1186/s13388-015-0019-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13388-015-0019-7","pdf_url":"https://security-informatics.springeropen.com/counter/pdf/10.1186/s13388-015-0019-7","source":{"id":"https://openalex.org/S2492493267","display_name":"Security Informatics","issn_l":"2190-8532","issn":["2190-8532"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://security-informatics.springeropen.com/counter/pdf/10.1186/s13388-015-0019-7","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033809782","display_name":"Richard Harang","orcid":null},"institutions":[{"id":"https://openalex.org/I166416128","display_name":"DEVCOM Army Research Laboratory","ror":"https://ror.org/011hc8f90","country_code":"US","type":"government","lineage":["https://openalex.org/I1304082316","https://openalex.org/I1330347796","https://openalex.org/I166416128","https://openalex.org/I2802705668","https://openalex.org/I4210154437"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Richard E Harang","raw_affiliation_strings":["U.S. Army Research Laboratory, Adelphi, MD, USA","U.S. Army Research Laboratory, Adelphi, USA"],"affiliations":[{"raw_affiliation_string":"U.S. Army Research Laboratory, Adelphi, MD, USA","institution_ids":["https://openalex.org/I166416128"]},{"raw_affiliation_string":"U.S. Army Research Laboratory, Adelphi, USA","institution_ids":["https://openalex.org/I166416128"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038083931","display_name":"Peter Mell","orcid":"https://orcid.org/0000-0003-2938-897X"},"institutions":[{"id":"https://openalex.org/I1321296531","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416","country_code":"US","type":"funder","lineage":["https://openalex.org/I1321296531","https://openalex.org/I1343035065"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peter Mell","raw_affiliation_strings":["National Institute of Standards and Technology, Gaithersburg, Maryland, USA","National Institute of Standards and Technology, Maryland, USA"],"affiliations":[{"raw_affiliation_string":"National Institute of Standards and Technology, Gaithersburg, Maryland, USA","institution_ids":["https://openalex.org/I1321296531"]},{"raw_affiliation_string":"National Institute of Standards and Technology, Maryland, USA","institution_ids":["https://openalex.org/I1321296531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5033809782"],"corresponding_institution_ids":["https://openalex.org/I166416128"],"apc_list":null,"apc_paid":null,"fwci":1.3313,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.83442768,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"4","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8645062446594238},{"id":"https://openalex.org/keywords/connectionless-communication","display_name":"Connectionless communication","score":0.6305643320083618},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5077970623970032},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.5058038234710693},{"id":"https://openalex.org/keywords/a-priori-and-a-posteriori","display_name":"A priori and a posteriori","score":0.4961925148963928},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.47489872574806213},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4335033893585205},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3822587728500366},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.31860169768333435},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.12721100449562073}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8645062446594238},{"id":"https://openalex.org/C153043593","wikidata":"https://www.wikidata.org/wiki/Q727896","display_name":"Connectionless communication","level":3,"score":0.6305643320083618},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5077970623970032},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.5058038234710693},{"id":"https://openalex.org/C75553542","wikidata":"https://www.wikidata.org/wiki/Q178161","display_name":"A priori and a posteriori","level":2,"score":0.4961925148963928},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.47489872574806213},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4335033893585205},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3822587728500366},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.31860169768333435},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.12721100449562073},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1186/s13388-015-0019-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13388-015-0019-7","pdf_url":"https://security-informatics.springeropen.com/counter/pdf/10.1186/s13388-015-0019-7","source":{"id":"https://openalex.org/S2492493267","display_name":"Security Informatics","issn_l":"2190-8532","issn":["2190-8532"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security Informatics","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1186/s13388-015-0019-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s13388-015-0019-7","pdf_url":"https://security-informatics.springeropen.com/counter/pdf/10.1186/s13388-015-0019-7","source":{"id":"https://openalex.org/S2492493267","display_name":"Security Informatics","issn_l":"2190-8532","issn":["2190-8532"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security Informatics","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"},{"id":"https://openalex.org/F4320338295","display_name":"Army Research Laboratory","ror":"https://ror.org/011hc8f90"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2114696652.pdf","grobid_xml":"https://content.openalex.org/works/W2114696652.grobid-xml"},"referenced_works_count":31,"referenced_works":["https://openalex.org/W71760767","https://openalex.org/W180886567","https://openalex.org/W1516506771","https://openalex.org/W1521150922","https://openalex.org/W1567032921","https://openalex.org/W1594330953","https://openalex.org/W1649901946","https://openalex.org/W1674877186","https://openalex.org/W1744212210","https://openalex.org/W2029234818","https://openalex.org/W2055291031","https://openalex.org/W2060542891","https://openalex.org/W2079316669","https://openalex.org/W2101357108","https://openalex.org/W2108898793","https://openalex.org/W2112452856","https://openalex.org/W2117002131","https://openalex.org/W2118325404","https://openalex.org/W2140094598","https://openalex.org/W2167003214","https://openalex.org/W2169662797","https://openalex.org/W2170196582","https://openalex.org/W2477351702","https://openalex.org/W2494504357","https://openalex.org/W2913414826","https://openalex.org/W3004286518","https://openalex.org/W4234740364","https://openalex.org/W4250331344","https://openalex.org/W4353004773","https://openalex.org/W6607437439","https://openalex.org/W6635308841"],"related_works":["https://openalex.org/W1601419341","https://openalex.org/W3082361098","https://openalex.org/W1950579235","https://openalex.org/W2112920880","https://openalex.org/W2003521295","https://openalex.org/W2240817760","https://openalex.org/W2151332408","https://openalex.org/W1550849049","https://openalex.org/W4250542231","https://openalex.org/W2051238750"],"abstract_inverted_index":{"Popular":[0],"network":[1,50,59,90,111,140],"scan":[2,51,69,120,144],"detection":[3,52,177],"algorithms":[4],"operate":[5],"through":[6],"evaluating":[7],"external":[8,102],"sources":[9],"for":[10],"unusual":[11],"connection":[12],"patterns":[13],"and":[14,61,98,106,141,169],"traffic":[15],"rates.":[16],"Research":[17],"has":[18],"revealed":[19],"evasive":[20],"tactics":[21],"that":[22,53,82],"enable":[23],"full":[24],"circumvention":[25,42],"of":[26,40,57,68,88,109,115,118,130,151,159,179],"existing":[27],"approaches":[28],"(specifically":[29],"the":[30,55,89,104,116,119,128,157],"widely":[31],"cited":[32],"Threshold":[33,166],"Random":[34,167],"Walk":[35,168],"algorithm).":[36],"To":[37],"prevent":[38],"use":[39],"these":[41],"techniques,":[43],"we":[44,173],"propose":[45],"a":[46,85,147],"novel":[47],"approach":[48],"to":[49,103,156],"evaluates":[54],"behavior":[56],"internal":[58,97],"nodes,":[60],"combine":[62],"it":[63],"with":[64,123,154,164],"other":[65],"established":[66],"techniques":[67],"detection.":[70],"By":[71],"itself,":[72],"our":[73,131],"algorithm":[74],"is":[75,107],"an":[76,138,175],"efficient,":[77],"protocol-agnostic,":[78],"completely":[79],"unsupervised":[80],"method":[81,132],"requires":[83],"no":[84],"priori":[86],"knowledge":[87],"being":[91],"defended":[92],"beyond":[93],"which":[94,99],"hosts":[95,100],"are":[96,101],"network,":[105],"capable":[108],"detecting":[110],"scanning":[112],"attempts":[113],"regardless":[114],"rate":[117,150,178],"(working":[121],"even":[122],"connectionless":[124],"protocols).":[125],"We":[126],"demonstrate":[127],"effectiveness":[129],"on":[133,142],"both":[134,165],"live":[135],"data":[136],"from":[137],"enterprise-scale":[139],"simulated":[143],"data,":[145],"finding":[146],"false":[148],"positive":[149],"just":[152],"0.000034%":[153],"respect":[155],"number":[158],"inbound":[160],"flows.":[161],"When":[162],"combined":[163],"simple":[170],"rate-limiting":[171],"detection,":[172],"achieve":[174],"overall":[176],"94.44%.":[180]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}