{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T04:38:01Z","timestamp":1772771881098,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T00:00:00Z","timestamp":1527552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT)","award":["No. 2015-0-00189 Development of Core Technologies for SDN-based Moving Target Defense and No. 2016-0-00078 Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning"],"award-info":[{"award-number":["No. 2015-0-00189 Development of Core Technologies for SDN-based Moving Target Defense and No. 2016-0-00078 Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,29]]},"DOI":"10.1145\/3196494.3196537","type":"proceedings-article","created":{"date-parts":[[2018,5,31]],"date-time":"2018-05-31T13:18:28Z","timestamp":1527772708000},"page":"625-636","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Who is knocking on the Telnet Port"],"prefix":"10.1145","author":[{"given":"Hwanjo","family":"Heo","sequence":"first","affiliation":[{"name":"Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}]},{"given":"Seungwon","family":"Shin","sequence":"additional","affiliation":[{"name":"Korea Advanced Institute of Science and Technology, Daejeon, South Korea"}]}],"member":"320","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"abuseat.org . 2016. The CBL. (2016). http:\/\/www.abuseat.org  abuseat.org . 2016. The CBL. (2016). http:\/\/www.abuseat.org"},{"key":"e_1_3_2_1_2_1","unstructured":"University of Oregon Advanced Network Technology Center . 2005. University of Oregon Route View Project. (2005). http:\/\/www.routeviews.org  University of Oregon Advanced Network Technology Center . 2005. University of Oregon Route View Project. (2005). http:\/\/www.routeviews.org"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298316"},{"key":"e_1_3_2_1_4_1","unstructured":"Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis and others . 2017. Understanding the Mirai Botnet. (2017).  Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis and others . 2017. Understanding the Mirai Botnet. (2017)."},{"key":"e_1_3_2_1_5_1","volume-title":"n.d","author":"SANS Internet Storm Center .","unstructured":"SANS Internet Storm Center . n.d .. Internet Storm Center . (. n.d.). https:\/\/secure.dshield.org SANS Internet Storm Center . n.d.. Internet Storm Center. (. n.d.). https:\/\/secure.dshield.org"},{"key":"e_1_3_2_1_6_1","unstructured":"Catalin Cimpanu . 2016. There's a 120 000-Strong IoT DDoS Botnet Lurking Around. (2016). http:\/\/news.softpedia.com\/news\/there-s-a-120-000-strong-iot-ddos-botnet-lurking-around-507773.shtml  Catalin Cimpanu . 2016. There's a 120 000-Strong IoT DDoS Botnet Lurking Around. (2016). http:\/\/news.softpedia.com\/news\/there-s-a-120-000-strong-iot-ddos-botnet-lurking-around-507773.shtml"},{"key":"e_1_3_2_1_7_1","unstructured":"Codenomicon . 2014. The Heartbleed Bug. (2014). http:\/\/heartbleed.com  Codenomicon . 2014. The Heartbleed Bug. (2014). http:\/\/heartbleed.com"},{"key":"e_1_3_2_1_8_1","unstructured":"Zakir Durumeric Michael Bailey and J Alex Halderman . 2014. An Internet-Wide View of Internet-Wide Scanning.. USENIX Security. 65--78.   Zakir Durumeric Michael Bailey and J Alex Halderman . 2014. An Internet-Wide View of Internet-Wide Scanning.. USENIX Security. 65--78."},{"key":"e_1_3_2_1_9_1","volume-title":"Hajime: Analysis of a decentralized internet worm for IoT devices. https:\/\/security.rapiditynetworks.com\/publications\/2016--10--16\/hajime.pdf","author":"Sam Edwards","year":"2016","unstructured":"Sam Edwards . 2016 . Hajime: Analysis of a decentralized internet worm for IoT devices. https:\/\/security.rapiditynetworks.com\/publications\/2016--10--16\/hajime.pdf , (2016). Sam Edwards . 2016. Hajime: Analysis of a decentralized internet worm for IoT devices. https:\/\/security.rapiditynetworks.com\/publications\/2016--10--16\/hajime.pdf, (2016)."},{"key":"e_1_3_2_1_10_1","unstructured":"elvanderb . 2015. TCP-32764: some codes and notes about the backdoor listening on TCP-32764 in linksys WAG200G. (2015). https:\/\/github.com\/elvanderb\/TCP-32764  elvanderb . 2015. TCP-32764: some codes and notes about the backdoor listening on TCP-32764 in linksys WAG200G. (2015). https:\/\/github.com\/elvanderb\/TCP-32764"},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/www.shadowserver.org\/wiki\/","author":"Shadowserver Shadowserver Foundation","year":"2017","unstructured":"Shadowserver Foundation . 2017. Shadowserver . ( 2017 ). https:\/\/www.shadowserver.org\/wiki\/ Shadowserver Foundation . 2017. Shadowserver. (2017). https:\/\/www.shadowserver.org\/wiki\/"},{"key":"e_1_3_2_1_12_1","unstructured":"Fernando Gont Guillermo Gont and Carlos Pignataro . 2013. Recommendations for filtering ICMP messages. Internet-Draft. IETF Secretariat. http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-opsec-icmp-filtering-04.txt  Fernando Gont Guillermo Gont and Carlos Pignataro . 2013. Recommendations for filtering ICMP messages. Internet-Draft. IETF Secretariat. http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-opsec-icmp-filtering-04.txt"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.5"},{"key":"e_1_3_2_1_14_1","unstructured":"Kaoru Hayashi . 2014. IoT Worm Used to Mine Cryptocurrency. (2014). https:\/\/www.symantec.com\/connect\/blogs\/iot-worm-used-mine-cryptocurrency  Kaoru Hayashi . 2014. IoT Worm Used to Mine Cryptocurrency. (2014). https:\/\/www.symantec.com\/connect\/blogs\/iot-worm-used-mine-cryptocurrency"},{"key":"e_1_3_2_1_15_1","volume-title":"A simple general approach to inference about the tail of a distribution. The annals of statistics","author":"Hill Bruce M","year":"1975","unstructured":"Bruce M Hill and others . 1975. A simple general approach to inference about the tail of a distribution. The annals of statistics Vol. 3 , 5 ( 1975 ), 1163--1174. Bruce M Hill and others . 1975. A simple general approach to inference about the tail of a distribution. The annals of statistics Vol. 3, 5 (1975), 1163--1174."},{"key":"e_1_3_2_1_16_1","unstructured":"Scott Hilton . 2016. Dyn Analysis Summary Of Friday October 21 Attack. (2016). http:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/  Scott Hilton . 2016. Dyn Analysis Summary Of Friday October 21 Attack. (2016). http:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/"},{"key":"e_1_3_2_1_17_1","unstructured":"Incapsula . 2016. Breaking Down Mirai: An IoT DDoS Botnet Analysis. (2016). https:\/\/www.incapsula.com\/blog\/malware-analysis-mirai-ddos-botnet.html  Incapsula . 2016. Breaking Down Mirai: An IoT DDoS Botnet Analysis. (2016). https:\/\/www.incapsula.com\/blog\/malware-analysis-mirai-ddos-botnet.html"},{"key":"e_1_3_2_1_18_1","unstructured":"jgamblin . 2016. Mirai Source Code. (2016). https:\/\/github.com\/jgamblin\/Mirai-Source-Code  jgamblin . 2016. Mirai Source Code. (2016). https:\/\/github.com\/jgamblin\/Mirai-Source-Code"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings. 2004 IEEE Symposium on. IEEE, 211--225","author":"Jung Jaeyeon","year":"2004","unstructured":"Jaeyeon Jung , Vern Paxson , Arthur W Berger , and Hari Balakrishnan . 2004 . Fast portscan detection using sequential hypothesis testing Security and Privacy, 2004 . Proceedings. 2004 IEEE Symposium on. IEEE, 211--225 . Jaeyeon Jung, Vern Paxson, Arthur W Berger, and Hari Balakrishnan . 2004. Fast portscan detection using sequential hypothesis testing Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on. IEEE, 211--225."},{"key":"e_1_3_2_1_20_1","unstructured":"Brian Krebs . 2016. KrebsOnSecurity Hit With Record DDoS. (2016). https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/  Brian Krebs . 2016. KrebsOnSecurity Hit With Record DDoS. (2016). https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/"},{"key":"e_1_3_2_1_21_1","volume-title":"Exploiting underlying structure for detailed reconstruction of an internet-scale event Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement","author":"Kumar Abhishek","unstructured":"Abhishek Kumar , Vern Paxson , and Nicholas Weaver . 2005. Exploiting underlying structure for detailed reconstruction of an internet-scale event Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement . USENIX Association , 33--33. Abhishek Kumar, Vern Paxson, and Nicholas Weaver . 2005. Exploiting underlying structure for detailed reconstruction of an internet-scale event Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. USENIX Association, 33--33."},{"key":"e_1_3_2_1_22_1","unstructured":"The Smaphaus Project Ltd. . 2017. The Spamhaus Project - ZEN. (2017). https:\/\/www.spamhaus.org\/zen\/  The Smaphaus Project Ltd. . 2017. The Spamhaus Project - ZEN. (2017). https:\/\/www.spamhaus.org\/zen\/"},{"key":"e_1_3_2_1_23_1","unstructured":"MalwareMustDie . 2016. MMD-0056--2016-Linux\/Mirai how an old ELD malcode is recycled. (2016). http:\/\/blog.malwaremustdie.org\/2016\/08\/mmd-0056--2016-linuxmirai-just.html  MalwareMustDie . 2016. MMD-0056--2016-Linux\/Mirai how an old ELD malcode is recycled. (2016). http:\/\/blog.malwaremustdie.org\/2016\/08\/mmd-0056--2016-linuxmirai-just.html"},{"key":"e_1_3_2_1_24_1","unstructured":"Inc. MaxMind . 2017. GeoLite2 Free Downloadable Databases. (2017). http:\/\/dev.maxmind.com\/geoip\/geoip2\/geolite2\/  Inc. MaxMind . 2017. GeoLite2 Free Downloadable Databases. (2017). http:\/\/dev.maxmind.com\/geoip\/geoip2\/geolite2\/"},{"key":"e_1_3_2_1_25_1","volume-title":"Network telescopes: Technical report. Department of Computer Science and Engineering","author":"Moore David","unstructured":"David Moore , Colleen Shannon , Geoffrey M Voelker , and Stefan Savage . 2004. Network telescopes: Technical report. Department of Computer Science and Engineering , University of California , San Diego . David Moore, Colleen Shannon, Geoffrey M Voelker, and Stefan Savage . 2004. Network telescopes: Technical report. Department of Computer Science and Engineering, University of California, San Diego."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028794"},{"key":"e_1_3_2_1_27_1","unstructured":"Phillip A Porras Hassen Sa\"\u0131di and Vinod Yegneswaran . 2009. A Foray into Conficker's Logic and Rendezvous Points. LEET.   Phillip A Porras Hassen Sa\"\u0131di and Vinod Yegneswaran . 2009. A Foray into Conficker's Logic and Rendezvous Points. LEET."},{"key":"e_1_3_2_1_28_1","volume-title":"USENIX Security Symposium","volume":"173","author":"Niels","unstructured":"Niels Provos and others . 2004. A Virtual Honeypot Framework .. In USENIX Security Symposium , Vol. Vol. 173 . 1--14. Niels Provos and others . 2004. A Virtual Honeypot Framework.. In USENIX Security Symposium, Vol. Vol. 173. 1--14."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1151659.1159947"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920285"},{"key":"e_1_3_2_1_31_1","volume-title":"https:\/\/www.shodan.io","author":"Shodan Shodan","year":"2017","unstructured":"Shodan . 2017. Shodan . ( 2017 ). https:\/\/www.shodan.io Shodan . 2017. Shodan. (2017). https:\/\/www.shodan.io"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/597917.597922"},{"key":"e_1_3_2_1_33_1","unstructured":"Visgean . 2011. Zeus Trojan Horse Source Code. (2011). https:\/\/github.com\/Visgean\/Zeus  Visgean . 2011. Zeus Trojan Horse Source Code. (2011). https:\/\/github.com\/Visgean\/Zeus"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879149"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/885651.781045"},{"key":"e_1_3_2_1_36_1","unstructured":"Tim Yeh . 2014. Netis Routers Leave Wide Open Backdoor. nolinkurlhttp:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ nolinkurlnetis-routers-leave-wide-open-backdoor\/. (2014).  Tim Yeh . 2014. Netis Routers Leave Wide Open Backdoor. nolinkurlhttp:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ nolinkurlnetis-routers-leave-wide-open-backdoor\/. (2014)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2834050.2834095"}],"event":{"name":"ASIA CCS '18: ACM Asia Conference on Computer and Communications Security","location":"Incheon Republic of Korea","acronym":"ASIA CCS '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2018 on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196537","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196494.3196537","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:39Z","timestamp":1750208919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196537"}},"subtitle":["A Large-Scale Empirical Study of Network Scanning"],"short-title":[],"issued":{"date-parts":[[2018,5,29]]},"references-count":37,"alternative-id":["10.1145\/3196494.3196537","10.1145\/3196494"],"URL":"https:\/\/doi.org\/10.1145\/3196494.3196537","relation":{},"subject":[],"published":{"date-parts":[[2018,5,29]]},"assertion":[{"value":"2018-05-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}