{"id":"https://openalex.org/W4286571641","doi":"https://doi.org/10.23919/ifipnetworking55013.2022.9829757","title":"Clustering Payloads: Grouping Randomized Scan Probes Into Campaign Templates","display_name":"Clustering Payloads: Grouping Randomized Scan Probes Into Campaign Templates","publication_year":2022,"publication_date":"2022-06-13","ids":{"openalex":"https://openalex.org/W4286571641","doi":"https://doi.org/10.23919/ifipnetworking55013.2022.9829757"},"language":"en","primary_location":{"id":"doi:10.23919/ifipnetworking55013.2022.9829757","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking55013.2022.9829757","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IFIP Networking Conference (IFIP Networking)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071674047","display_name":"Vincent Ghi\u00ebtte","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Vincent Ghiette","raw_affiliation_strings":["Delft University of Technology,Delft,The Netherlands","Delft University of Technology, Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology,Delft,The Netherlands","institution_ids":["https://openalex.org/I98358874"]},{"raw_affiliation_string":"Delft University of Technology, Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000335949","display_name":"Christian Doerr","orcid":null},"institutions":[{"id":"https://openalex.org/I143288331","display_name":"Hasso Plattner Institute","ror":"https://ror.org/058rn5r42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I143288331","https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Doerr","raw_affiliation_strings":["Hasso Plattner Institute for Digital Engineering,Potsdam,Germany","Hasso Plattner Institute for Digital Engineering, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"Hasso Plattner Institute for Digital Engineering,Potsdam,Germany","institution_ids":["https://openalex.org/I143288331"]},{"raw_affiliation_string":"Hasso Plattner Institute for Digital Engineering, Potsdam, Germany","institution_ids":["https://openalex.org/I143288331"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5071674047"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":0.1424,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.47829479,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7428576946258545},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.733663022518158},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5680966377258301},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5633446574211121},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5128982067108154},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4369514286518097},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.418495237827301},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3628375828266144},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23161578178405762}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7428576946258545},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.733663022518158},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5680966377258301},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5633446574211121},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5128982067108154},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4369514286518097},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.418495237827301},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3628375828266144},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23161578178405762}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/ifipnetworking55013.2022.9829757","is_oa":false,"landing_page_url":"https://doi.org/10.23919/ifipnetworking55013.2022.9829757","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IFIP Networking Conference (IFIP Networking)","raw_type":"proceedings-article"},{"id":"pmh:oai:tudelft.nl:uuid:3418244b-2493-446b-b523-0d0d421faf3c","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:3418244b-2493-446b-b523-0d0d421faf3c","pdf_url":null,"source":{"id":"https://openalex.org/S4306400906","display_name":"Research Repository (Delft University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"conference paper"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6299999952316284,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":36,"referenced_works":["https://openalex.org/W180886567","https://openalex.org/W284347760","https://openalex.org/W1576185228","https://openalex.org/W1649901946","https://openalex.org/W1973297725","https://openalex.org/W2049534694","https://openalex.org/W2062383334","https://openalex.org/W2073148641","https://openalex.org/W2118325404","https://openalex.org/W2140094598","https://openalex.org/W2531850825","https://openalex.org/W2573701107","https://openalex.org/W2610896886","https://openalex.org/W2613843087","https://openalex.org/W2748868501","https://openalex.org/W2805154196","https://openalex.org/W2884826434","https://openalex.org/W2885419983","https://openalex.org/W2910287288","https://openalex.org/W3012425390","https://openalex.org/W3021838326","https://openalex.org/W3030552871","https://openalex.org/W3034247401","https://openalex.org/W3034722371","https://openalex.org/W3045552208","https://openalex.org/W3092173963","https://openalex.org/W3212591162","https://openalex.org/W4213362721","https://openalex.org/W6607437439","https://openalex.org/W6610362903","https://openalex.org/W6634619446","https://openalex.org/W6635624157","https://openalex.org/W6737879726","https://openalex.org/W6743493502","https://openalex.org/W6775452742","https://openalex.org/W6779084241"],"related_works":["https://openalex.org/W4388150944","https://openalex.org/W4242235492","https://openalex.org/W4237162029","https://openalex.org/W2367268135","https://openalex.org/W2385701518","https://openalex.org/W4237464767","https://openalex.org/W2068562251","https://openalex.org/W4252295672","https://openalex.org/W1480190076","https://openalex.org/W2395750098"],"abstract_inverted_index":{"Over":[0],"the":[1,4,21,32,39,58,109],"past":[2],"decade,":[3],"scanning":[5,55],"landscape":[6],"has":[7],"significantly":[8],"changed.":[9],"Powerful":[10],"tools":[11],"such":[12],"as":[13],"Masscan":[14],"or":[15,141],"Zmap":[16],"allow":[17],"anyone":[18],"to":[19,51,66,120],"scan":[20,74,103,127,131,169],"entire":[22],"Internet":[23,40],"in":[24,102],"a":[25,47,117,153],"matter":[26],"of":[27,34,43,134,156,165,179,186],"hours.":[28],"Simultaneously,":[29],"we":[30,115],"witnessed":[31],"emergence":[33],"stealthy":[35],"scanners,":[36],"which":[37,88],"map":[38],"from":[41,72,78,125],"thousands":[42],"vantage":[44],"points":[45],"at":[46],"low":[48],"rate":[49],"attempting":[50],"forego":[52],"detection.":[53],"As":[54],"is":[56],"typically":[57],"first":[59],"step":[60],"towards":[61],"later":[62],"intrusion,":[63],"organizations":[64],"need":[65],"track,":[67],"understand":[68],"and":[69,123,147,167,183],"draw":[70],"intelligence":[71],"these":[73,190],"campaigns.":[75],"Organizations":[76],"benefit":[77],"obtaining":[79],"insights":[80,107],"into":[81,108],"what":[82],"adversaries":[83],"are":[84,137],"currently":[85],"looking":[86],"for,":[87],"might":[89],"reveal":[90],"some":[91],"new":[92],"vulnerabilities.":[93],"Furthermore,":[94],"relating":[95],"IP":[96],"addresses":[97],"with":[98,152,189],"each":[99],"other":[100],"participating":[101],"campaigns":[104],"provides":[105,176],"valuable":[106],"adversary's":[110],"capabilities.":[111],"In":[112],"this":[113],"paper,":[114],"describe":[116],"protocol-agnostic":[118],"approach":[119],"extract":[121],"commonalities":[122],"patterns":[124],"UDP":[126],"traffic,":[128],"relate":[129],"individual":[130],"packets":[132],"regardless":[133],"whether":[135],"they":[136],"sending":[138],"static":[139],"data":[140,154],"randomizing":[142],"their":[143],"payloads":[144],"across":[145],"destinations,":[146],"obtain":[148],"97%":[149],"pattern":[150],"accuracy":[151],"coverage":[155],"96%.":[157],"We":[158],"apply":[159],"our":[160,173],"methodology":[161],"on":[162],"seven":[163],"years":[164],"NTP":[166],"DNS":[168],"traffic":[170],"demonstrating":[171],"that":[172],"automatic":[174],"clustering":[175],"stable":[177],"tracking":[178],"strategies":[180],"over":[181],"time":[182],"identifies":[184],"groups":[185],"source":[187],"IPs":[188],"behavioral":[191],"characteristics":[192],"effectively.":[193]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}