{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T10:16:53Z","timestamp":1770286613940,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,5]],"date-time":"2023-12-05T00:00:00Z","timestamp":1701734400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2120400"],"award-info":[{"award-number":["CNS-2120400"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSF","award":["CNS-1823192"],"award-info":[{"award-number":["CNS-1823192"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,5]]},"DOI":"10.1145\/3624354.3630583","type":"proceedings-article","created":{"date-parts":[[2023,11,28]],"date-time":"2023-11-28T19:34:33Z","timestamp":1701200073000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Aggressive Internet-Wide Scanners: Network Impact and Longitudinal Characterization"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-8968-5363","authenticated-orcid":false,"given":"Aniket","family":"Anand","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8086-499X","authenticated-orcid":false,"given":"Michalis","family":"Kallitsis","sequence":"additional","affiliation":[{"name":"Merit Network, Inc., Ann Arbor, MI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0236-7479","authenticated-orcid":false,"given":"Jackson","family":"Sippe","sequence":"additional","affiliation":[{"name":"University of Colorado Boulder, Boulder, CO, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6444-5656","authenticated-orcid":false,"given":"Alberto","family":"Dainotti","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Anonymous. https:\/\/bit.ly\/3GU2a0q. (2022)."},{"key":"e_1_3_2_1_3_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1093--1110. isbn: 978-1-931971-40-9. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis."},{"key":"e_1_3_2_1_4_1","volume-title":"Neural Information Processing. Derong Liu, Shengli Xie, Yuanqing Li, Dongbin Zhao, and El-Sayed M","author":"Ban Tao","unstructured":"Tao Ban, Lei Zhu, Jumpei Shimamura, Shaoning Pang, Daisuke Inoue, and Koji Nakao. 2017. Detection of botnet activities through the lens of a large-scale darknet. In Neural Information Processing. Derong Liu, Shengli Xie, Yuanqing Li, Dongbin Zhao, and El-Sayed M. El-Alfy, (Eds.) Springer International Publishing, Cham, 442--451. isbn: 978-3-319-70139-4."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815702"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3473500"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851196"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_5"},{"key":"e_1_3_2_1_9_1","volume-title":"Acknowledged scanners. https:\/\/gitlab.com\/mcollins_at _isi\/acknowledged_scanners (Last accessed: June 7th","author":"Collins Michael","year":"2022","unstructured":"Michael Collins. 2022. Acknowledged scanners. https:\/\/gitlab.com\/mcollins_at _isi\/acknowledged_scanners (Last accessed: June 7th, 2022). (2022)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663717"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504732"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2567561.2567568"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2398776.2398778"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068818"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815695"},{"key":"e_1_3_2_1_17_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2014. An Internet-Wide view of Internet-Wide scanning. In 23rd USENIX Security Symposium (USENIX Security 14), 65--78."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_20_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. Zmap: fast internet-wide scanning and its security applications. In 22nd USENIX Security Symposium (USENIX Security 13), 605--620."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3452296.3472928"},{"key":"e_1_3_2_1_22_1","unstructured":"Robert Graham. [n. d.] MASSCAN: mass ip port scanner. https:\/\/github.com\/robertdavidgraham\/masscan. ()."},{"key":"e_1_3_2_1_23_1","unstructured":"2022. GreyNoise. https:\/\/www.greynoise.io\/. (2022)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2019.8784607"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3145966"},{"key":"e_1_3_2_1_26_1","unstructured":"John S. Heidemann Lin Quan and Yuri Pradkin. 2012. A preliminary analysis of network outages during hurricane sandy. In."},{"key":"e_1_3_2_1_27_1","volume-title":"Mining your ps and qs: detection of widespread weak keys in network devices. In (Security '12)","author":"Heninger Nadia","unstructured":"Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining your ps and qs: detection of widespread weak keys in network devices. In (Security '12). USENIX Association, Bellevue, WA, 35."},{"key":"e_1_3_2_1_28_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Hiesgen Raphael","year":"2022","unstructured":"Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C Schmidt, and Matthias W\u00e4hlisch. 2022. Spoki: unveiling a new wave of scanners through a reactive network telescope. In 31st USENIX Security Symposium (USENIX Security 22), 431--448."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561434"},{"key":"e_1_3_2_1_30_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Izhikevich Liz","year":"2021","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2021. LZR: identifying unexpected internet services. In 30th USENIX Security Symposium (USENIX Security 21), 3111--3128."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131383"},{"key":"e_1_3_2_1_32_1","unstructured":"Andreas Klopsch Chris Dietrich and Raphael Springer. 2020. A detailed look into the Mozi P2P IoT botnet. https:\/\/www.botconf.eu\/botconf-2020\/schedule\/. (2020)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656893"},{"key":"e_1_3_2_1_34_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Li Vector Guo","year":"2019","unstructured":"Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. 2019. Reading the tea leaves: a comparative analysis of threat intelligence. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, (Aug. 2019), 851--867. isbn: 978--1--939133- 06--9. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2018.8538636"},{"key":"e_1_3_2_1_36_1","volume-title":"ORION: Observatory for Cyber-Risk Insights and Outages of Networks. https:\/\/github.com\/Merit-Research\/darknet-events\/wiki\/ORION-Network-Telescope.","author":"Network Merit","year":"2022","unstructured":"Merit Network, Inc. 2022. ORION: Observatory for Cyber-Risk Insights and Outages of Networks. https:\/\/github.com\/Merit-Research\/darknet-events\/wiki\/ORION-Network-Telescope. (2022)."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7906943"},{"key":"e_1_3_2_1_38_1","volume-title":"Network Telescopes: Technical Report. Tech. rep","author":"Moore D.","year":"2004","unstructured":"D. Moore, C. Shannon, G. Voelker, and S. Savage. 2004. Network Telescopes: Technical Report. Tech. rep. Cooperative Association for Internet Data Analysis (CAIDA), (July 2004)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1132026.1132027"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/IFIPNetworking.2015.7145335"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3473604.3474562"},{"key":"e_1_3_2_1_42_1","volume-title":"Springer","author":"Padmanabhan Ramakrishna","unstructured":"Ramakrishna Padmanabhan, Aaron Schulman, Alberto Dainotti, Dave Levin, and Neil Spring. 2019. How to find correlated internet failures. In Passive and Active Measurement. David Choffnes and Marinho Barcellos, (Eds.) Springer International Publishing, Cham, 210--227. isbn: 978-3-030-15986-3."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.55"},{"key":"e_1_3_2_1_44_1","unstructured":"Lin Quan John Heidemann and Yuri Pradkin. 2012. Detecting internet outages with precise active probing (extended). USC\/Information Sciences Institute Tech. Rep."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561452"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.01.014"},{"key":"e_1_3_2_1_48_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Sullivan George Arnold","year":"2022","unstructured":"George Arnold Sullivan, Jackson Sippe, Nadia Heninger, and Eric Wustrow. 2022. Open to a fault: on the passive compromise of TLS keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, (Aug. 2022), 233--250. isbn: 978-1-939133-31-1. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/sullivan."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417883"},{"key":"e_1_3_2_1_50_1","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Thomas Kurt","unstructured":"Kurt Thomas, Rony Amira, Adi Ben-Yoash, Ori Folger, Amir Hardon, Ari Berger, Elie Bursztein, and Michael Bailey. 2016. The abuse sharing economy: understanding the limits of threat exchanges. In Research in Attacks, Intrusions, and Defenses. Fabian Monrose, Marc Dacier, Gregory Blanc, and Joaquin Garcia-Alfaro, (Eds.) Springer International Publishing, Cham, 143--164. isbn: 978-3-319-45719-2."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879149"}],"event":{"name":"CoNEXT 2023: The 19th International Conference on emerging Networking EXperiments and Technologies","location":"Paris France","acronym":"CoNEXT 2023","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Companion of the 19th International Conference on emerging Networking EXperiments and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3624354.3630583","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3624354.3630583","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T18:13:40Z","timestamp":1755972820000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3624354.3630583"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,5]]},"references-count":51,"alternative-id":["10.1145\/3624354.3630583","10.1145\/3624354"],"URL":"https:\/\/doi.org\/10.1145\/3624354.3630583","relation":{},"subject":[],"published":{"date-parts":[[2023,12,5]]},"assertion":[{"value":"2023-12-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}