“…However, passive monitoring cannot identify services that do not run on well-known ports or are misdirected without protocolspecific decoders [22]. -Active probing attacks [5,20,45,93,121,122]: Through sending probing packets to a potential target, the attacker can obtain the machine's information, includes OS, opened ports, and installed application version. Although active probing can allow the attackers to collect more system configurations, it is relatively easy to be detected by traditional defensive technologies, such as IDS [22].…”