{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:25:18Z","timestamp":1769923518973,"version":"3.49.0"},"reference-count":93,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,6,20]],"date-time":"2024-06-20T00:00:00Z","timestamp":1718841600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2024,6,30]]},"abstract":"<jats:p>Network services are processes running on a system with network exposure. A key activity for any network defender, penetration tester, or red team is network attack surface mapping, the act of detecting and categorizing those services through which a threat actor could attempt malicious activity. Many tools have arisen over the years to probe, identify, and classify these services for information and vulnerabilities. In this article, we survey network attack surface mapping by reviewing several prominent tools and their features and then discussing recent works reflecting unique research using those tools. We conclude by covering several promising directions for future research.<\/jats:p>","DOI":"10.1145\/3640019","type":"journal-article","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T12:13:17Z","timestamp":1704888797000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["A Survey on Network Attack Surface Mapping"],"prefix":"10.1145","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4593-1354","authenticated-orcid":false,"given":"Douglas","family":"Everson","sequence":"first","affiliation":[{"name":"Clemson University School of Computing, Clemson, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1736-0873","authenticated-orcid":false,"given":"Long","family":"Cheng","sequence":"additional","affiliation":[{"name":"Clemson University School of Computing, Clemson, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,6,20]]},"reference":[{"issue":"4","key":"e_1_3_2_2_2","doi-asserted-by":"crossref","first-page":"1098","DOI":"10.1109\/TNSM.2017.2724239","article-title":"Deceiving network reconnaissance using SDN-based virtual topologies","volume":"14","author":"Achleitner Stefan","year":"2017","unstructured":"Stefan Achleitner, Thomas F. La Porta, Patrick McDaniel, Shridatt Sugrim, Srikanth V. Krishnamurthy, and Ritu Chadha. 2017. Deceiving network reconnaissance using SDN-based virtual topologies. IEEE Transactions on Network and Service Management 14, 4 (2017), 1098\u20131112.","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"e_1_3_2_3_2","article-title":"ZGrab2 GitHub repository","author":"Adrian David","year":"2020","unstructured":"David Adrian. 2020. ZGrab2 GitHub repository. GitHub. httpps:\/\/github.com\/zmap\/zgrab2","journal-title":"GitHub"},{"key":"e_1_3_2_4_2","doi-asserted-by":"crossref","first-page":"102031","DOI":"10.1016\/j.simpat.2019.102031","article-title":"Deep recurrent neural network for IoT intrusion detection system","volume":"101","author":"Almiani Muder","year":"2020","unstructured":"Muder Almiani, Alia AbuGhazleh, Amer Al-Rahayfeh, Saleh Atiewi, and Abdul Razaque. 2020. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101 (2020), 102031.","journal-title":"Simulation Modelling Practice and Theory"},{"key":"e_1_3_2_5_2","first-page":"Springer, 128\u20131","volume-title":"International Conference on Cyber Security and Computer Science","author":"Asaduzzaman Md","year":"2020","unstructured":"Md Asaduzzaman, Proteeti Prova Rawshan, Nurun Nahar Liya, Muhmmad Nazrul Islam, and Nishith Kumar Dutta. 2020. A vulnerability detection framework for CMS using port scanning technique. In International Conference on Cyber Security and Computer Science. Springer, 128\u2013139."},{"key":"e_1_3_2_6_2","unstructured":"MITRE ATT&CK. 2023. Mitre att&ck. https:\/\/attack.mitre.org"},{"key":"e_1_3_2_7_2","first-page":"IEEE, 1\u20138","volume-title":"2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS\u201920)","author":"Bada Maria","year":"2020","unstructured":"Maria Bada and Ildiko Pete. 2020. An exploration of the cybercrime ecosystem around Shodan. In 2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS\u201920). IEEE, 1\u20138."},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2872775"},{"issue":"2","key":"e_1_3_2_9_2","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1145\/3213232.3213234","article-title":"Scanning the internet for liveness","volume":"48","author":"Bano Shehar","year":"2018","unstructured":"Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven J. Murdoch, Richard Mortier, and Vern Paxson. 2018. Scanning the internet for liveness. ACM SIGCOMM Computer Communication Review 48, 2 (2018), 2\u20139.","journal-title":"ACM SIGCOMM Computer Communication Review"},{"key":"e_1_3_2_10_2","volume-title":"20th European Conference on Cyber Warfare and Security (ECCWS\u201921)","author":"Barbour Graham","year":"2021","unstructured":"Graham Barbour, Andr\u00e9 McDonald, and Nenekazi Mkuzangwe. 2021. Evasion of port scan detection in Zeek and Snort and its mitigation. In 20th European Conference on Cyber Warfare and Security (ECCWS\u201921). Academic Conferences Inter Ltd., 25."},{"key":"e_1_3_2_11_2","first-page":"1","volume-title":"Proceedings of the 2008 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries: Riding the Wave of Technology","author":"Barnett Richard J.","year":"2008","unstructured":"Richard J. Barnett and Barry Irwin. 2008. Towards a taxonomy of network scanning techniques. In Proceedings of the 2008 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries: Riding the Wave of Technology. 1\u20137."},{"key":"e_1_3_2_12_2","volume-title":"Computation + Journalism Symposium","author":"Bhandari Esha","year":"2017","unstructured":"Esha Bhandari and Rachel Goodman. 2017. Data journalism and the computer fraud and abuse act: Tips for moving forward in an uncertain landscape. In Computation + Journalism Symposium."},{"issue":"10","key":"e_1_3_2_13_2","doi-asserted-by":"crossref","first-page":"1565","DOI":"10.1093\/comjnl\/bxr035","article-title":"Surveying port scans and their detection methodologies","volume":"54","author":"Bhuyan Monowar H.","year":"2011","unstructured":"Monowar H. Bhuyan, Dhruba Kr Bhattacharyya, and Jugal K. Kalita. 2011. Surveying port scans and their detection methodologies. Computer Journal 54, 10 (2011), 1565\u20131581.","journal-title":"Computer Journal"},{"issue":"3","key":"e_1_3_2_14_2","doi-asserted-by":"crossref","first-page":"1496","DOI":"10.1109\/SURV.2013.102913.00020","article-title":"Cyber scanning: A comprehensive survey","volume":"16","author":"Bou-Harb Elias","year":"2013","unstructured":"Elias Bou-Harb, Mourad Debbabi, and Chadi Assi. 2013. Cyber scanning: A comprehensive survey. IEEE Communications Surveys & Tutorials 16, 3 (2013), 1496\u20131519.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"e_1_3_2_15_2","first-page":"1","volume-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security","author":"Cabaj Krzysztof","year":"2018","unstructured":"Krzysztof Cabaj, Marcin Gregorczyk, Wojciech Mazurczyk, Piotr Nowakowski, and Piotr \u017b\u00f3rawski. 2018. SDN-based mitigation of scanning attacks for the 5G Internet of radio light system. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1\u201310."},{"key":"e_1_3_2_16_2","first-page":"Springer, 165\u20131","volume-title":"IFIP International Conference on Autonomous Infrastructure, Management and Security","author":"Cejka Tomas","year":"2016","unstructured":"Tomas Cejka and Marek Svepes. 2016. Analysis of vertical scans discovered by naive detection. In IFIP International Conference on Autonomous Infrastructure, Management and Security. Springer, 165\u2013169."},{"key":"e_1_3_2_17_2","article-title":"Online discoverability and vulnerabilities of ICS\/SCADA devices in the Netherlands","author":"Ceron Joao M.","year":"2020","unstructured":"Joao M. Ceron, Justyna J. Chromik, Jair Santanna, and Aiko Pras. 2020. Online discoverability and vulnerabilities of ICS\/SCADA devices in the Netherlands. arXiv preprint arXiv:2011.02019.","journal-title":"arXiv preprint arXiv:2011.02019"},{"key":"e_1_3_2_18_2","first-page":"52","volume-title":"Proceedings of 2019 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA\u201919)","author":"Chalvatzis Ilias","year":"2019","unstructured":"Ilias Chalvatzis, Dimitrios A. Karras, and Rallis C. Papademetriou. 2019. Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment. In Proceedings of 2019 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA\u201919). 52\u201358. 10.1109\/ICAICA.2019.8873438"},{"key":"e_1_3_2_19_2","first-page":"IEEE, 1\u20135","volume-title":"2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS\u201918)","author":"Santis Giulia De","year":"2018","unstructured":"Giulia De Santis, Abdelkader Lahmadi, J\u00e9r\u00f4me Fran\u00e7ois, and Olivier Festor. 2018. Internet-wide scanners classification using Gaussian mixture and hidden Markov models. In 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS\u201918). IEEE, 1\u20135."},{"key":"e_1_3_2_20_2","first-page":"IEEE, 632\u2013636","volume-title":"International Conference on Computing, Communication & Automation","author":"Deshpande Prachi","year":"2015","unstructured":"Prachi Deshpande, S. C. Sharma, and P. Sateesh Kumar. 2015. Security threats in cloud computing. In International Conference on Computing, Communication & Automation. IEEE, 632\u2013636."},{"key":"e_1_3_2_21_2","first-page":"IEEE, 145\u2013150","volume-title":"2017 9th Computer Science and Electronic Engineering (CEEC\u201917)","author":"Dias L. P.","year":"2017","unstructured":"L. P. Dias, J\u00e9s de Jesus Fiais Cerqueira, Karcius D. R. Assis, and Raul C. Almeida. 2017. Using artificial neural network in intrusion detection systems to computer networks. In 2017 9th Computer Science and Electronic Engineering (CEEC\u201917). IEEE, 145\u2013150."},{"key":"e_1_3_2_22_2","first-page":"542","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security","volume":"2015","author":"Durumeric Zakir","year":"2015","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A search engine backed by Internet-wide scanning. In Proceedings of the ACM Conference on Computer and Communications Security, Vol. 2015-Octob. 542\u2013553. 10.1145\/2810103.2813703. ISSN: 15437221."},{"key":"e_1_3_2_23_2","first-page":"65","volume-title":"23rd USENIX Security Symposium (USENIX Security\u201914)","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Michael Bailey, and J. Alex Halderman. 2014. An internet-wide view of internet-wide scanning. In 23rd USENIX Security Symposium (USENIX Security\u201914). 65\u201378."},{"key":"e_1_3_2_24_2","first-page":"605","volume-title":"Proceedings of the 22nd USENIX Security Symposium","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast internet-wide scanning and its security applications. In Proceedings of the 22nd USENIX Security Symposium. 605\u2013619."},{"key":"e_1_3_2_25_2","first-page":"563","article-title":"Internet law: Port scanning and ping flooding: A legal perspective","volume":"66","author":"Ebersohn G. J.","year":"2003","unstructured":"G. J. Ebersohn. 2003. Internet law: Port scanning and ping flooding: A legal perspective. Tydskrif vir Hedendaagse Romeins-Hollandse 66 (2003), 563.","journal-title":"Tydskrif vir Hedendaagse Romeins-Hollandse"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.13052\/jsn2445-9739.2017.007"},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1109\/SecDev45635.2020.00027","volume-title":"Proceedings of the 2020 IEEE Secure Development (SecDev\u201920)","author":"Everson Douglas","year":"2020","unstructured":"Douglas Everson and Long Cheng. 2020. Network attack surface simplification for red and blue teams. In Proceedings of the 2020 IEEE Secure Development (SecDev\u201920). 74\u201380. 10.1109\/SecDev45635.2020.00027"},{"issue":"11","key":"e_1_3_2_28_2","first-page":"14","article-title":"Alternative engine to detect and block port scan attacks using virtual network environments","volume":"11","author":"Fuertes Walter","year":"2011","unstructured":"Walter Fuertes and Patricio Zambrano. 2011. Alternative engine to detect and block port scan attacks using virtual network environments. International Journal of Computer Science and Network Security 11, 11 (2011), 14\u201323.","journal-title":"International Journal of Computer Science and Network Security"},{"key":"e_1_3_2_29_2","article-title":"MASSCAN: Mass IP port scanner","author":"Graham Robert","year":"2019","unstructured":"Robert Graham. 2019. MASSCAN: Mass IP port scanner. GitHub. github.com.","journal-title":"GitHub"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1080\/1206212X.2018.1442136"},{"key":"e_1_3_2_31_2","first-page":"IEEE, 1\u20136","volume-title":"2020 IEEE International Conference on Communications Workshops (ICC Workshops\u201920)","author":"Hashida Hiroaki","year":"2020","unstructured":"Hiroaki Hashida, Yuichi Kawamoto, and Nei Kato. 2020. Impact of internet-wide scanning on IoT data communication in wireless LANs. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops\u201920). IEEE, 1\u20136."},{"key":"e_1_3_2_32_2","volume-title":"Proceedings of IEEE\/ACS International Conference on Computer Systems and Applications (AICCSA\u201919)","volume":"2019","author":"Hosani Haifa Al","year":"2019","unstructured":"Haifa Al Hosani, Maryam Yousef, Shaima Al Shouq, Farkhund Iqbal, and Djedjiga Mouheb. 2019. A comparative analysis of cyberbullying and cyberstalking laws in the UAE, US, UK and Canada. In Proceedings of IEEE\/ACS International Conference on Computer Systems and Applications (AICCSA\u201919), Vol. 2019-November. 10.1109\/AICCSA47632.2019.9035368. ISSN: 21615330."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.3390\/app6110358"},{"key":"e_1_3_2_34_2","volume-title":"30th USENIX Security Symposium","author":"Izhikevich Liz","year":"2021","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2021. LZR: Identifying unexpected internet services. In 30th USENIX Security Symposium."},{"key":"e_1_3_2_35_2","doi-asserted-by":"crossref","first-page":"503","DOI":"10.1145\/3544216.3544249","volume-title":"Proceedings of the ACM SIGCOMM 2022 Conference","author":"Izhikevich Liz","year":"2022","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2022. Predicting IPv4 services across all ports. In Proceedings of the ACM SIGCOMM 2022 Conference. 503\u2013515."},{"key":"e_1_3_2_36_2","first-page":"643","volume-title":"2019 6th International Conference on Signal Processing and Integrated Networks (SPIN\u201919)","author":"Jain Trapti","year":"2019","unstructured":"Trapti Jain and Nakul Jain. 2019. Framework for web application vulnerability discovery and mitigation by customizing rules through ModSecurity. In 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN\u201919). 643\u2013648. 10.1109\/SPIN.2019.8711673"},{"key":"e_1_3_2_37_2","first-page":"199","volume-title":"2016 IEEE Conference on Intelligence and Security Informatics (ISI\u201916)","author":"Jicha R.","year":"2016","unstructured":"R. Jicha, M. W. Patton, and H. Chen. 2016. Identifying devices across the IPv4 address space. In 2016 IEEE Conference on Intelligence and Security Informatics (ISI\u201916). 199\u2013201. 10.1109\/ISI.2016.7745469"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2017.06.006"},{"key":"e_1_3_2_39_2","first-page":"Springer, 157\u20131","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Kang Min Gyung","year":"2007","unstructured":"Min Gyung Kang, Juan Caballero, and Dawn Song. 2007. Distributed evasive scan techniques and countermeasures. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 157\u2013174."},{"key":"e_1_3_2_40_2","first-page":"49","volume-title":"2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM\u201919)","author":"Kelly Jonathan","year":"2019","unstructured":"Jonathan Kelly, Michael Delaus, Erik Hemberg, and Una May Orreilly. 2019. Adversarially adapting deceptive views and reconnaissance scans on a software defined network. In 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM\u201919). 49\u201354."},{"key":"e_1_3_2_41_2","article-title":"The Menlo Report: Ethical principles guiding information and communication technology research","author":"Kenneally Erin","year":"2012","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo Report: Ethical principles guiding information and communication technology research. Available at SSRN 2445102.","journal-title":"Available at SSRN 2445102"},{"issue":"5","key":"e_1_3_2_42_2","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3390\/sym10050151","article-title":"An intelligent improvement of internet-wide scan engine for fast discovery of vulnerable IoT devices","volume":"10","author":"Kim Hwankuk","year":"2018","unstructured":"Hwankuk Kim, Taeun Kim, and Daeil Jang. 2018. An intelligent improvement of internet-wide scan engine for fast discovery of vulnerable IoT devices. Symmetry 10, 5 (2018), 151.","journal-title":"Symmetry"},{"key":"e_1_3_2_43_2","first-page":"IEEE, 313\u2013316","volume-title":"2017 IEEE International Conference on Big Data and Smart Computing (BigComp\u201917)","author":"Kim Jin","year":"2017","unstructured":"Jin Kim, Nara Shin, Seung Yeon Jo, and Sang Hyun Kim. 2017. Method of intrusion detection using deep neural network. In 2017 IEEE International Conference on Big Data and Smart Computing (BigComp\u201917). IEEE, 313\u2013316."},{"key":"e_1_3_2_44_2","first-page":"66","volume-title":"Proceedings of the 4th IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb\u201916)","author":"Koch William","year":"2016","unstructured":"William Koch and Azer Bestavros. 2016. PROVIDE: Hiding from automated network scans with proofs of identity. In Proceedings of the 4th IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb\u201916). 66\u201371. 10.1109\/HotWeb.2016.20"},{"key":"e_1_3_2_45_2","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-iot dataset","volume":"100","author":"Koroniotis Nickolaos","year":"2019","unstructured":"Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. 2019. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems 100 (2019), 779\u2013796.","journal-title":"Future Generation Computer Systems"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.7763\/ijfcc.2014.v3.332"},{"key":"e_1_3_2_47_2","first-page":"1048","volume-title":"International Conference on Ubiquitous and Future Networks (ICUFN\u201917)","author":"Lee Seungwoon","year":"2017","unstructured":"Seungwoon Lee, Seung Hun Shin, and Byeong Hee Roh. 2017. Abnormal behavior-based detection of Shodan and Censys-like scanning. In International Conference on Ubiquitous and Future Networks (ICUFN\u201917). 1048\u20131052. 10.1109\/ICUFN.2017.7993960. ISSN: 21658536."},{"key":"e_1_3_2_48_2","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/CyberC49757.2020.00020","volume-title":"2020 International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery (CyberC\u201920)","author":"Liao Si","year":"2020","unstructured":"Si Liao, Chenming Zhou, Yonghui Zhao, Zhiyu Zhang, Chengwei Zhang, Yayu Gao, and Guohui Zhong. 2020. A comprehensive detection approach of Nmap: Principles, rules and experiments. In 2020 International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery (CyberC\u201920). IEEE, 64\u201371."},{"key":"e_1_3_2_49_2","article-title":"Nmap: Scanning the internet","author":"Lyon Gordon","year":"2008","unstructured":"Gordon Lyon. 2008. Nmap: Scanning the internet. Defcon 16 (2008).","journal-title":"Defcon 16"},{"key":"e_1_3_2_50_2","article-title":"Nmap: The network mapper\u2013Free security scanner","author":"Lyon Gordon","year":"2020","unstructured":"Gordon Lyon. 2020. Nmap: The network mapper\u2013Free security scanner. Nmap.org.","journal-title":"Nmap.org"},{"key":"e_1_3_2_51_2","first-page":"1","volume-title":"The 16th International Conference on Availability, Reliability and Security","author":"Maa\u00df Max","year":"2021","unstructured":"Max Maa\u00df, Henning Prid\u00f6hl, Dominik Herrmann, and Matthias Hollick. 2021. Best practices for notification studies for security and privacy issues on the Internet. In The 16th International Conference on Availability, Reliability and Security. 1\u201310."},{"key":"e_1_3_2_52_2","first-page":"1337","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Man Keyu","year":"2020","unstructured":"Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, and Haixin Duan. 2020. DNS cache poisoning attack reloaded: Revolutions with side channels. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1337\u20131350."},{"key":"e_1_3_2_53_2","first-page":"IEEE, 1\u20136","volume-title":"2016 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC\u201916)","author":"Mandal Nabanita","year":"2016","unstructured":"Nabanita Mandal and Sonali Jadhav. 2016. A survey on network security tools for open source. In 2016 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC\u201916). IEEE, 1\u20136."},{"issue":"10","key":"e_1_3_2_54_2","doi-asserted-by":"crossref","first-page":"e3961","DOI":"10.1002\/dac.3961","article-title":"A virtualized infrastructure to offer network mapping functionality in SDN networks","volume":"32","author":"Manzanares-Lopez Pilar","year":"2019","unstructured":"Pilar Manzanares-Lopez, Juan Pedro Mu\u00f1oz Gea, Josemaria Malgosa-Sanahuja, and Adrian Flores-de la Cruz. 2019. A virtualized infrastructure to offer network mapping functionality in SDN networks. International Journal of Communication Systems 32, 10 (2019), e3961.","journal-title":"International Journal of Communication Systems"},{"key":"e_1_3_2_55_2","first-page":"463","volume-title":"Proceedings of the 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS\u201915)","volume":"1","author":"Markowsky Linda","year":"2015","unstructured":"Linda Markowsky and George Markowsky. 2015. Scanning for vulnerable devices in the Internet of Things. In Proceedings of the 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS\u201915), Vol. 1. 463\u2013467. 10.1109\/IDAACS.2015.7340779"},{"key":"e_1_3_2_56_2","first-page":"IEEE, 1\u20137","volume-title":"2016 International Conference on Computing, Networking and Communications (ICNC\u201916)","author":"Marnerides Angelos K.","year":"2016","unstructured":"Angelos K. Marnerides and Andreas U. Mauthe. 2016. Analysis and characterisation of botnet scan traffic. In 2016 International Conference on Computing, Networking and Communications (ICNC\u201916). IEEE, 1\u20137."},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1016\/b978-1-59749-074-0.x5000-4"},{"key":"e_1_3_2_58_2","first-page":"IEEE, 1\u20139","volume-title":"2017 Network Traffic Measurement and Analysis Conference (TMA\u201917)","author":"Mazel Johan","year":"2017","unstructured":"Johan Mazel, Romain Fontugne, and Kensuke Fukuda. 2017. Profiling internet scanners: Spatiotemporal structures and measurement ethics. In 2017 Network Traffic Measurement and Analysis Conference (TMA\u201917). IEEE, 1\u20139."},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04091-7_1"},{"key":"e_1_3_2_60_2","first-page":"772","volume-title":"IEEE International Conference on Emerging Technologies and Factory Automation (ETFA\u201907)","author":"Medeiros Jo\u00e3o Paulo S.","year":"2007","unstructured":"Jo\u00e3o Paulo S. Medeiros, Allison C. Da Cunha, Agostinho M. Brito, and Paulo S. Motta Pires. 2007. Automating security tests for industrial automation devices using neural networks. In IEEE International Conference on Emerging Technologies and Factory Automation (ETFA\u201907). 772\u2013775. 10.1109\/EFTA.2007.4416854"},{"key":"e_1_3_2_61_2","first-page":"IEEE, 1\u20135","volume-title":"2013 Africon","author":"Mohamed Hassani","year":"2013","unstructured":"Hassani Mohamed, Lebbat Adil, Tallal Saida, and Medromi Hicham. 2013. A collaborative intrusion detection and prevention system in cloud computing. In 2013 Africon. IEEE, 1\u20135."},{"key":"e_1_3_2_62_2","first-page":"134","volume-title":"2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM\u201919)","author":"Morishita Shun","year":"2019","unstructured":"Shun Morishita, Takuya Hoizumi, Wataru Ueno, Rui Tanabe, Carlos Ganan, Michel J. G. Van Eeten, Katsunari Yoshioka, and Tsutomu Matsumoto. 2019. Detect me if you... Oh wait. An internet-wide view of self-revealing honeypots. In 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM\u201919). 134\u2013143."},{"key":"e_1_3_2_63_2","first-page":"1","volume-title":"Proceedings of the 7th Annual Workshop on Cyber Security and Information Intelligence Research","author":"Morris Thomas","year":"2011","unstructured":"Thomas Morris, Shengyi Pan, Jeremy Lewis, Jonathan Moorhead, Nicholas Younan, Roger King, Mark Freund, and Vahid Madani. 2011. Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators. In Proceedings of the 7th Annual Workshop on Cyber Security and Information Intelligence Research. 1\u20131."},{"key":"e_1_3_2_64_2","first-page":"61","volume-title":"Conferences in Research and Practice in Information Technology Series","volume":"161","author":"Myers David","year":"2015","unstructured":"David Myers, Ernest Foo, and Kenneth Radke. 2015. Internet-wide scanning taxonomy and framework. In Conferences in Research and Practice in Information Technology Series, Vol. 161. 61\u201365. ISSN: 14451336."},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406313"},{"key":"e_1_3_2_66_2","first-page":"95","volume-title":"Mastering the Nmap Scripting Engine","author":"Pale Paulino Calderon","year":"2015","unstructured":"Paulino Calderon Pale. 2015. Mastering the Nmap scripting engine. In Mastering the Nmap Scripting Engine. Packt Publishing Ltd., 95."},{"key":"e_1_3_2_67_2","first-page":"Springer, 175\u20131","volume-title":"International Conference on Engineering Applications of Neural Networks","author":"Panchev Christo","year":"2014","unstructured":"Christo Panchev, Petar Dobrev, and James Nicholson. 2014. Detecting port scans against mobile devices with neural networks and decision trees. In International Conference on Engineering Applications of Neural Networks. Springer, 175\u2013182."},{"issue":"7","key":"e_1_3_2_68_2","doi-asserted-by":"crossref","first-page":"539","DOI":"10.13052\/jwe1540-9589.1871","article-title":"Towards improving productivity in nmap security audits","volume":"18","author":"Redondo Jose Manuel","year":"2019","unstructured":"Jose Manuel Redondo and Daniel Cuesta. 2019. Towards improving productivity in nmap security audits. Journal of Web Engineering 18, 7 (2019), 539\u2013578.","journal-title":"Journal of Web Engineering"},{"key":"e_1_3_2_69_2","doi-asserted-by":"crossref","first-page":"42156","DOI":"10.1109\/ACCESS.2019.2906926","article-title":"A comprehensive security analysis of a scada protocol: From OSINT to Mitigation","volume":"7","author":"Rosa Luis","year":"2019","unstructured":"Luis Rosa, Miguel Freitas, Sergey Mazo, Edmundo Monteiro, Tiago Cruz, and Paulo Sim\u00f5es. 2019. A comprehensive security analysis of a scada protocol: From OSINT to Mitigation. IEEE Access 7 (2019), 42156\u201342168.","journal-title":"IEEE Access"},{"key":"e_1_3_2_70_2","article-title":"Survey and taxonomy of adversarial reconnaissance techniques","author":"Roy Shanto","year":"2022","unstructured":"Shanto Roy, Nazia Sharmin, Jaime C. Acosta, Christopher Kiekintveld, and Aron Laszka. 2022. Survey and taxonomy of adversarial reconnaissance techniques. ACM Computing Surveys (CSUR) 55, 6 (2022), 1\u201338.","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"e_1_3_2_71_2","article-title":"Using neural networks to improve classical operating system fingerprinting techniques","author":"Sarraute Carlos","year":"2010","unstructured":"Carlos Sarraute and Javier Burroni. 2010. Using neural networks to improve classical operating system fingerprinting techniques. arXiv preprint arXiv:1006.1918. http:\/\/arxiv.org\/abs\/1006.1918. tex.arxivid: 1006.1918.","journal-title":"arXiv preprint arXiv:1006.1918"},{"key":"e_1_3_2_72_2","article-title":"Payloads - Metasploit unleashed","author":"Security Offensive","year":"2021","unstructured":"Offensive Security. 2021. Payloads - Metasploit unleashed. Offensive-security.com. https:\/\/www.offensive-security.com\/metasploit-unleashed\/payloads\/","journal-title":"Offensive-security.com"},{"key":"e_1_3_2_73_2","first-page":"IEEE, 172\u2013177","volume-title":"2018 20th International Conference on Advanced Communication Technology (ICACT\u201918)","author":"Seralathan Yogeesh","year":"2018","unstructured":"Yogeesh Seralathan, Tae Tom Oh, Suyash Jadhav, Jonathan Myers, Jaehoon Paul Jeong, Young Ho Kim, and Jeong Neyo Kim. 2018. IoT security vulnerability: A case study of a Web camera. In 2018 20th International Conference on Advanced Communication Technology (ICACT\u201918). IEEE, 172\u2013177."},{"issue":"1","key":"e_1_3_2_74_2","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1145\/2637364.2591972","article-title":"Hershel: Single-packet os fingerprinting","volume":"42","author":"Shamsi Zain","year":"2014","unstructured":"Zain Shamsi, Ankur Nandwani, Derek Leonard, and Dmitri Loguinov. 2014. Hershel: Single-packet os fingerprinting. ACM SIGMETRICS Performance Evaluation Review 42, 1 (2014), 195\u2013206.","journal-title":"ACM SIGMETRICS Performance Evaluation Review"},{"key":"e_1_3_2_75_2","volume-title":"Nmap Essentials","author":"Shaw David","year":"2015","unstructured":"David Shaw. 2015. Nmap Essentials. Packt Publishing Ltd."},{"key":"e_1_3_2_76_2","unstructured":"Alban Siffer. 2019. Machine learning in Nmap. https:\/\/blog.amossys.fr\/nmap-ml.html"},{"key":"e_1_3_2_77_2","first-page":"IEEE, 1\u20134","volume-title":"2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS\u201918)","author":"Sivanathan Arunan","year":"2018","unstructured":"Arunan Sivanathan, Hassan Habibi Gharakheili, and Vijay Sivaraman. 2018. Can we classify an iot device using TCP port scan? In 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS\u201918). IEEE, 1\u20134."},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1109\/istas.2002.1013840"},{"key":"e_1_3_2_79_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-5041-1_38"},{"key":"e_1_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.13052\/JCSM2245-1439.915"},{"issue":"2","key":"e_1_3_2_81_2","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1109\/MNET.001.1900264","article-title":"Probe delay based adaptive port scanning for IoT devices with private IP address behind NAT","volume":"34","author":"Tang Fengxiao","year":"2019","unstructured":"Fengxiao Tang, Yuichi Kawamoto, Nei Kato, Kazuto Yano, and Yoshinori Suzuki. 2019. Probe delay based adaptive port scanning for IoT devices with private IP address behind NAT. IEEE Network 34, 2 (2019), 195\u2013201.","journal-title":"IEEE Network"},{"key":"e_1_3_2_82_2","first-page":"156","volume-title":"ACM International Conference Proceeding Series","volume":"01","author":"Tilemachos Valkaniotis","year":"2015","unstructured":"Valkaniotis Tilemachos and Charalampos Manifavas. 2015. An automated network intrusion process and countermeasures. In ACM International Conference Proceeding Series, Vol. 01-03-Octo. 156\u2013160. 10.1145\/2801948.2802001"},{"key":"e_1_3_2_83_2","article-title":"Inferring and investigating IoT-generated scanning campaigns targeting a large network telescope","author":"Torabi Sadegh","year":"2020","unstructured":"Sadegh Torabi, Elias Bou-Harb, Chadi Assi, ElMouatez Billah Karbab, Amine Boukhtouta, and Mourad Debbabi. 2020. Inferring and investigating IoT-generated scanning campaigns targeting a large network telescope. IEEE Transactions on Dependable and Secure Computing (2020).","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_84_2","first-page":"81","volume-title":"Proceedings of the Seminars Future Internet and Innovative Internet Technologies and Mobile Communications","volume":"81","author":"Trapickin Roman","year":"2015","unstructured":"Roman Trapickin, Oliver Gasser, and Johannes Naab. 2015. Who is scanning the internet? In Proceedings of the Seminars Future Internet and Innovative Internet Technologies and Mobile Communications, Vol. 81. 81\u201388.https:\/\/www.net.in.tum.de\/fileadmin\/TUM\/NET\/NET-2015-09-1\/NET-2015-09-1_11.pdf"},{"key":"e_1_3_2_85_2","first-page":"75","volume-title":"Proceedings of the 5th International Conference on Security of Information and Networks","author":"Tumoyan Eugene","year":"2012","unstructured":"Eugene Tumoyan and Daria Kavchuk. 2012. The method of optimizing the automatic vulnerability validation. In Proceedings of the 5th International Conference on Security of Information and Networks. 75\u201378."},{"key":"e_1_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.1088\/1751-8113\/44\/8\/085201"},{"key":"e_1_3_2_87_2","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.ijcip.2015.04.002","article-title":"Constructing cost-effective and targetable industrial control system honeypots for production networks","volume":"10","author":"Winn Michael","year":"2015","unstructured":"Michael Winn, Mason Rice, Stephen Dunlap, Juan Lopez, and Barry Mullins. 2015. Constructing cost-effective and targetable industrial control system honeypots for production networks. International Journal of Critical Infrastructure Protection 10 (2015), 47\u201358.","journal-title":"International Journal of Critical Infrastructure Protection"},{"key":"e_1_3_2_88_2","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1016\/j.cose.2018.04.004","article-title":"Attack detection\/prevention system against cyber attack in industrial control systems","volume":"77","author":"Y\u0131lmaz Ercan Nurcan","year":"2018","unstructured":"Ercan Nurcan Y\u0131lmaz and Serkan G\u00f6nen. 2018. Attack detection\/prevention system against cyber attack in industrial control systems. Computers & Security 77 (2018), 94\u2013105.","journal-title":"Computers & Security"},{"key":"e_1_3_2_89_2","doi-asserted-by":"publisher","DOI":"10.3390\/s20164423"},{"key":"e_1_3_2_90_2","first-page":"539","volume-title":"4th International Conference on Frontier of Computer Science and Technology (FCST\u201909)","author":"Zhang Bofeng","year":"2009","unstructured":"Bofeng Zhang, Tiezheng Zou, Yongjun Wang, and Baokang Zhang. 2009. Remote operation system detection base on machine learning. In 4th International Conference on Frontier of Computer Science and Technology (FCST\u201909). 539\u2013542. 10.1109\/FCST.2009.21"},{"key":"e_1_3_2_91_2","article-title":"Network attack surface: Lifting the concept of attack surface to the network level for evaluating networks\u2019 resilience against zero-day attacks","author":"Zhang Mengyuan","year":"2018","unstructured":"Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, and Anoop Singhal. 2018. Network attack surface: Lifting the concept of attack surface to the network level for evaluating networks\u2019 resilience against zero-day attacks. IEEE Transactions on Dependable and Secure Computing 18, 1 (2018), 310\u2013324.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_92_2","first-page":"IEEE, 2069\u20132077","volume-title":"IEEE Conference on Computer Communications (IEEE INFOCOM\u201918)","author":"Zhang Xu","year":"2018","unstructured":"Xu Zhang, Jeffrey Knockel, and Jedidiah R. Crandall. 2018. Onis: Inferring TCP\/IP-based trust relationships completely off-path. In IEEE Conference on Computer Communications (IEEE INFOCOM\u201918). IEEE, 2069\u20132077."},{"key":"e_1_3_2_93_2","volume-title":"2nd International Conference on Mechatronics Engineering and Information Technology (ICMEIT\u201917)","author":"Zhou Guangkai","year":"2017","unstructured":"Guangkai Zhou, Jun Bai, Bailing Wang, and Jia Song. 2017. A method of scanning industrial control system equipment. In 2nd International Conference on Mechatronics Engineering and Information Technology (ICMEIT\u201917). 10.2991\/icmeit-17.2017.28"},{"key":"e_1_3_2_94_2","first-page":"1","volume-title":"Proceedings of the 2018 18th International Conference on Mechatronics - Mechatronika (ME\u201918)","author":"Zitta Tomas","year":"2019","unstructured":"Tomas Zitta, Marek Neruda, Lukas Vojtech, Martina Matejkova, Matej Jehlicka, Lukas Hach, and Jan Moravec. 2019. Penetration testing of intrusion detection and prevention system in low-performance embedded IoT device. In Proceedings of the 2018 18th International Conference on Mechatronics - Mechatronika (ME\u201918). 1\u20135."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3640019","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3640019","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:02Z","timestamp":1750287242000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3640019"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,20]]},"references-count":93,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,6,30]]}},"alternative-id":["10.1145\/3640019"],"URL":"https:\/\/doi.org\/10.1145\/3640019","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"value":"2692-1626","type":"print"},{"value":"2576-5337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,20]]},"assertion":[{"value":"2022-11-17","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-12-24","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}