{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:08:01Z","timestamp":1776398881791,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,4]],"date-time":"2024-11-04T00:00:00Z","timestamp":1730678400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Commission: Horizon Europe Programme","award":["101168562"],"award-info":[{"award-number":["101168562"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,4]]},"DOI":"10.1145\/3646547.3688409","type":"proceedings-article","created":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T09:40:26Z","timestamp":1730454026000},"page":"149-164","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Have you SYN me? Characterizing Ten Years of Internet Scanning"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-7990-7802","authenticated-orcid":false,"given":"Harm","family":"Griffioen","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3470-5773","authenticated-orcid":false,"given":"Georgios","family":"Koursiounis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7913-2692","authenticated-orcid":false,"given":"Christian","family":"Doerr","sequence":"additional","affiliation":[{"name":"Hasso Plattner Institute, Potsdam, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,11,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"8th USENIX Workshop on Offensive Technologies (WOOT 14)","author":"Adrian David","year":"2014","unstructured":"David Adrian, Zakir Durumeric, Gulshan Singh, and J Alex Halderman. 2014. Zippier Zmap: Internet-wide Scanning at 10 Gbps. In 8th USENIX Workshop on Offensive Technologies (WOOT 14)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298316"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3624354.3630583"},{"key":"e_1_3_2_1_4_1","volume-title":"Port scanning detection based on anomalies. In 2017 Dynamics of Systems, Mechanisms and Machines (Dynamics)","author":"Ananin Evgeny V","unstructured":"Evgeny V Ananin, Arina V Nikishova, and Irina S Kozhevnikova. 2017. Port scanning detection based on anomalies. In 2017 Dynamics of Systems, Mechanisms and Machines (Dynamics). IEEE, 1--5."},{"key":"e_1_3_2_1_5_1","unstructured":"Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17). 1093--1110."},{"key":"e_1_3_2_1_6_1","volume-title":"2008 IEEE International Conference on Signal Image Technology and Internet Based Systems. IEEE, 646--649","author":"Balram Soniya","unstructured":"Soniya Balram and M Wiscy. [n.,d.]. Detection of TCP SYN scanning using packet counts and neural network. In 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems. IEEE, 646--649."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213232.3213234"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3098985"},{"key":"e_1_3_2_1_9_1","unstructured":"Leon B\u00f6ck Dave Levin Ramakrishna Padmanabhan Christian Doerr and Max M\u00fchlh\u00e4user. [n. d.]. How to Count Bots in Longitudinal Datasets of IP Addresses."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_11"},{"key":"e_1_3_2_1_11_1","volume-title":"Cyber scanning: a comprehensive survey. Ieee communications surveys & tutorials","author":"Bou-Harb Elias","year":"2013","unstructured":"Elias Bou-Harb, Mourad Debbabi, and Chadi Assi. 2013. Cyber scanning: a comprehensive survey. Ieee communications surveys & tutorials, Vol. 16, 3 (2013), 1496--1519."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW59978.2023.00069"},{"key":"e_1_3_2_1_13_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Costin Andrei","year":"2014","unstructured":"Andrei Costin, Jonas Zaddach, Aur\u00e9lien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). 95--110."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISIAS.2011.6122824"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2297678"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the ACM Internet Measurement Conference.","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, David Adrian, Phillip Stephens, Eric Wustrow, and J. Alex Halderman. 2024. Ten Years of ZMap. In Proceedings of the ACM Internet Measurement Conference."},{"key":"e_1_3_2_1_18_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2014. An Internet-wide view of Internet-wide Scanning. In 23rd USENIX Security Symposium (USENIX Security 14). 65--78."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_1_21_1","volume-title":"22nd USENIX Security Symposium (USENIX Security 13)","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In 22nd USENIX Security Symposium (USENIX Security 13). 605--620."},{"key":"e_1_3_2_1_22_1","volume-title":"2008 International Wireless Communications and Mobile Computing Conference. IEEE, 105--110","author":"El-Hajj Wassim","unstructured":"Wassim El-Hajj, Fadi Aloul, Zouheir Trabelsi, and Nazar Zaki. [n.,d.]. On detecting port scanning using fuzzy based intrusion detection system. In 2008 International Wireless Communications and Mobile Computing Conference. IEEE, 105--110."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.186"},{"key":"e_1_3_2_1_24_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Felt Adrienne Porter","year":"2017","unstructured":"Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS adoption on the web. In 26th USENIX Security Symposium (USENIX Security 17). 1323--1338."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792471"},{"key":"e_1_3_2_1_26_1","volume-title":"MASSCAN: Mass IP port scanner. URL: https:\/\/github. com\/robertdavidgraham\/masscan","author":"Graham Robert David","year":"2014","unstructured":"Robert David Graham. 2014. MASSCAN: Mass IP port scanner. URL: https:\/\/github. com\/robertdavidgraham\/masscan (2014)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS47738.2020.9110444"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417277"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407051"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the Internet Measurement Conference. 49--63","author":"Hastings Marcella","unstructured":"Marcella Hastings, Joshua Fried, and Nadia Heninger. [n.,d.]. Weak Keys Remain Widespread in Network Devices. In Proceedings of the Internet Measurement Conference. 49--63."},{"key":"e_1_3_2_1_31_1","volume-title":"TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. arXiv preprint arXiv:1511.00341","author":"Holz Ralph","year":"2015","unstructured":"Ralph Holz, Johanna Amann, Olivier Mehani, Matthias Wachs, and Mohamed Ali Kaafar. 2015. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. arXiv preprint arXiv:1511.00341 (2015)."},{"key":"e_1_3_2_1_32_1","volume-title":"LZR: Identifying Unexpected Internet Services. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Izhikevich Liz","year":"2021","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2021. LZR: Identifying Unexpected Internet Services. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544216.3544249"},{"key":"e_1_3_2_1_34_1","volume-title":"Transmission Control Protocol. RFC 793","author":"John Postel","year":"1981","unstructured":"Postel John. 1981. Transmission Control Protocol. RFC 793 (1981)."},{"key":"e_1_3_2_1_35_1","volume-title":"Department of Computer Science and Engineering","author":"Lee Cynthia Bailey","year":"2003","unstructured":"Cynthia Bailey Lee, Chris Roedel, and Elena Silenok. 2003. Detection and characterization of port scan attacks. Univeristy of California, Department of Computer Science and Engineering (2003)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879156"},{"key":"e_1_3_2_1_37_1","first-page":"1","article-title":"High volume cyber crime and the organization of the police: The results of two empirical studies in the Netherlands","volume":"7","author":"Leukfeldt Rutger","year":"2013","unstructured":"Rutger Leukfeldt, Sander Veenstra, and Wouter Stol. 2013. High volume cyber crime and the organization of the police: The results of two empirical studies in the Netherlands. International Journal of Cyber Criminology, Vol. 7, 1 (2013), 1.","journal-title":"International Journal of Cyber Criminology"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2017.8002909"},{"key":"e_1_3_2_1_39_1","volume-title":"Identifying and characterizing ZMap scans: a cryptanalytic approach. arXiv preprint arXiv:1908.04193","author":"Mazel Johan","year":"2019","unstructured":"Johan Mazel and R\u00e9mi Strullu. 2019. Identifying and characterizing ZMap scans: a cryptanalytic approach. arXiv preprint arXiv:1908.04193 (2019)."},{"key":"e_1_3_2_1_40_1","unstructured":"David Moore Colleen Shannon Geoffrey M Voelker Stefan Savage et al. 2004. Network telescopes. Technical Report. Technical Report CS2004-0795 CSE Department UCSD."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS47738.2020.9110256"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICGS3.2019.8688018"},{"key":"e_1_3_2_1_43_1","unstructured":"P Paganini. 2018. Hackers steal 20 million from Ethereum clients exposing interface on port 8545. https:\/\/securityaffairs.co\/wordpress\/73436\/digital-id\/ethereum-scanning-port-8545.html."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028794"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2173486"},{"key":"e_1_3_2_1_47_1","unstructured":"Himanshu Singh. 2009. Distributed Port Scanning Detection. (2009)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.3390\/fi13080198"},{"key":"e_1_3_2_1_49_1","volume-title":"Amine Boukhtouta, and Mourad Debbabi.","author":"Torabi Sadegh","year":"2020","unstructured":"Sadegh Torabi, Elias Bou-Harb, Chadi Assi, ElMouatez Billah Karbab, Amine Boukhtouta, and Mourad Debbabi. 2020. Inferring and investigating IoT-generated scanning campaigns targeting a large network telescope. IEEE Transactions on Dependable and Secure Computing (2020)."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3233347.3233379"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2021.102143"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3424214"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879149"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/885651.781045"}],"event":{"name":"IMC '24: ACM Internet Measurement Conference","location":"Madrid Spain","acronym":"IMC '24","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2024 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688409","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3646547.3688409","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:51:36Z","timestamp":1755863496000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688409"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,4]]},"references-count":54,"alternative-id":["10.1145\/3646547.3688409","10.1145\/3646547"],"URL":"https:\/\/doi.org\/10.1145\/3646547.3688409","relation":{},"subject":[],"published":{"date-parts":[[2024,11,4]]},"assertion":[{"value":"2024-11-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}