{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T12:23:07Z","timestamp":1768393387299,"version":"3.49.0"},"reference-count":57,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T00:00:00Z","timestamp":1762214400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,4]]},"DOI":"10.1109\/ecrime66972.2025.11327971","type":"proceedings-article","created":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T20:56:22Z","timestamp":1768337782000},"page":"1-18","source":"Crossref","is-referenced-by-count":0,"title":["ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity"],"prefix":"10.1109","author":[{"given":"Beliz","family":"Kaleli","sequence":"first","affiliation":[{"name":"Palo Alto Networks,Santa Clara,CA,US"}]},{"given":"Tony","family":"Li","sequence":"additional","affiliation":[{"name":"Palo Alto Networks,Santa Clara,CA,US"}]},{"given":"Fang","family":"Liu","sequence":"additional","affiliation":[{"name":"Palo Alto Networks,Santa Clara,CA,US"}]},{"given":"Oleksii","family":"Starov","sequence":"additional","affiliation":[{"name":"Palo Alto Networks,Santa Clara,CA,US"}]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[{"name":"Boston University,Boston,MA,US"}]},{"given":"Gianluca","family":"Stringhini","sequence":"additional","affiliation":[{"name":"Boston University,Boston,MA,US"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Increased Truebot Activity Infects U.S. and Canada Based Networks","year":"2023"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-24643-3_13"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103629"},{"key":"ref5","article-title":"Snort","year":"2024"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-90019-9_1"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363217"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24107"},{"key":"ref10","article-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph AI","volume-title":"Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","author":"Bowman"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948144"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"ref13","article-title":"G data threat report: Significant increase in linux ransomware","year":"2022"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/CBD.2014.41"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813724"},{"key":"ref19","article-title":"WebWitness: Investigating, categorizing, and mitigating malware download paths","volume-title":"Proceedings of USENIX Security Symposium","author":"Nelms"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.54"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref22","article-title":"Comprehensive, Multi-Source Cyber-Security Events","year":"2022"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028794"},{"key":"ref24","article-title":"An Internet-Wide view of Internet-Wide scanning","volume-title":"Proceedings of USENIX Security Symposium","author":"Durumeric"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2297678"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23488"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2018.2874896"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663717"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688409"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"ref31","article-title":"Urlnet: Learning a URL representation with deep learning for malicious URL detection","author":"Le","year":"2018","journal-title":"CoRR"},{"key":"ref32","article-title":"CVSS v2.0 User Guide","year":"2021"},{"key":"ref33","article-title":"CyCognito State of External Exposure Management Report","year":"2021"},{"key":"ref34","article-title":"CVE-2023-34362","year":"2023"},{"key":"ref35","article-title":"Maxmind GeoIP Databases","year":"2024"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3444690"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64553-6_3"},{"key":"ref38","article-title":"Regular expressions","year":"2021"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00016"},{"key":"ref40","article-title":"Russian Hackers Hijack Ubiquiti Routers","year":"2022"},{"key":"ref41","article-title":"FBI Disrupts Chinese Botnet","year":"2022"},{"key":"ref42","article-title":"ZYXEL Security Advisory","year":"2023"},{"key":"ref43","article-title":"Netgear DGN100 setup.cgi remote code execution","year":"2017"},{"key":"ref44","article-title":"India needs 1 million engineers as economy expands","year":"2024"},{"key":"ref45","article-title":"CVE-2024-21893","year":"2024"},{"key":"ref46","article-title":"StopRansomware: ALPHV Blackcat","year":"2023"},{"key":"ref47","article-title":"Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure","year":"2022"},{"key":"ref48","article-title":"IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits","year":"2023"},{"key":"ref49","article-title":"Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices","year":"2023"},{"key":"ref50","article-title":"Mirai Variant V3G4 Targets IoT Devices","year":"2023"},{"key":"ref51","article-title":"Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways","year":"2024"},{"key":"ref52","article-title":"CVE-2023-46805","year":"2023"},{"key":"ref53","article-title":"CVE-2024-21887","year":"2024"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359840"},{"key":"ref55","article-title":"6thSense: A context-aware sensor-based attack detector for smart devices","volume-title":"Proceedings of USENIX Security Symposium","author":"Sikder"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399421"},{"key":"ref57","volume-title":"Statistical power analysis for the behavioral sciences","author":"Cohen","year":"1988"}],"event":{"name":"2025 APWG Symposium on Electronic Crime Research (eCrime)","location":"San Diego, CA, USA","start":{"date-parts":[[2025,11,4]]},"end":{"date-parts":[[2025,11,7]]}},"container-title":["2025 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11326688\/11327697\/11327971.pdf?arnumber=11327971","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T07:13:05Z","timestamp":1768374785000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11327971\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,4]]},"references-count":57,"URL":"https:\/\/doi.org\/10.1109\/ecrime66972.2025.11327971","relation":{},"subject":[],"published":{"date-parts":[[2025,11,4]]}}}