Port scanning is the process of attempting to connect to various network ports on a computing endpoint to determine which ports are open and which services are running on them. It is a common method used by hackers to identify vulnerabilities in a network or system. By determining which ports are open, an attacker can identify which services and applications are running on a device and potentially exploit any known vulnerabilities in those services. Consequently, it is important to detect port scanning because it is often the first step in a cyber attack. By identifying port scanning attempts, cybersecurity professionals can take proactive measures to protect the systems and networks before an attacker has a chance to exploit any vulnerabilities. Against this background, researchers have worked for over a decade to develop robust methods to detect port scanning. While there have been various surveys, none have focused solely on machine learning based detection schemes specific to port scans. Accordingly, we provide a systematic review of 15 papers published between February 2021 and January 2023. We extract critical information such as training dataset, algorithm used, technique, and model accuracy. We also collect unresolved challenges and ideas for future work. The outcomes are significant for researchers looking to step off from the latest work and for practitioners interested in novel mechanisms to detect the early stages of cyber attack.

翻译：端口扫描是指试图连接计算终端上的各种网络端口，以确定哪些端口开放及哪些服务在运行的过程。这是黑客常用的一种识别网络或系统漏洞的方法。通过确定开放端口，攻击者可以识别设备上运行的服务和应用程序，并可能利用这些服务中已知的漏洞。因此，检测端口扫描至关重要，因为它通常是网络攻击的第一步。通过识别端口扫描尝试，网络安全专业人员可以在攻击者有机会利用漏洞之前，主动采取措施保护系统和网络。在此背景下，研究人员已历时十余年致力于开发稳健的端口扫描检测方法。尽管已有多种综述，但尚无专门聚焦于基于机器学习的端口扫描检测方案的研究。为此，我们对2021年2月至2023年1月期间发表的15篇论文进行了系统综述。我们提取了训练数据集、所用算法、技术和模型精度等关键信息，并归纳了尚未解决的挑战和未来工作方向。这些成果对于希望从最新研究出发的学者，以及关注新型机制以检测网络攻击早期阶段的实践者都具有重要意义。