{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T23:14:44Z","timestamp":1775258084912,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030019495","type":"print"},{"value":"9783030019501","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01950-1_6","type":"book-chapter","created":{"date-parts":[[2018,10,25]],"date-time":"2018-10-25T19:16:51Z","timestamp":1540495011000},"page":"92-104","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Low-Rate DoS Attack Detection Based on Two-Step Cluster Analysis"],"prefix":"10.1007","author":[{"given":"Dan","family":"Tang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rui","family":"Dai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liu","family":"Tang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sijia","family":"Zhan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianping","family":"Man","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,10,26]]},"reference":[{"issue":"1","key":"6_CR1","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/3-540-28349-8_2","volume":"43","author":"P Berkhin","year":"2006","unstructured":"Berkhin, P.: A survey of clustering data mining techniques. Group. Multidimension. Data 43(1), 25\u201371 (2006)","journal-title":"Group. Multidimension. Data"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Bijuraj, L.V.: Clustering and its applications. In: Proceedings of National Conference on New Horizons in IT-NCNHIT, pp. 169\u2013172 (2013)","DOI":"10.1136\/vr.f235"},{"key":"6_CR3","unstructured":"Center, I.K.: Two-step cluster analysis. https:\/\/www.ibm.com\/support\/knowledgecenter\/SSLVMB_25.0.0\/statistics_mainhelp_ddita\/spss\/base\/idh_twostep_main.html. Accessed 10 Aug 2018"},{"issue":"1","key":"6_CR4","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.compmedimag.2005.10.001","volume":"30","author":"KS Chuang","year":"2006","unstructured":"Chuang, K.S., Tzeng, H.L., Chen, S., Wu, J., Chen, T.J.: Fuzzy c-means clustering with spatial information for image segmentation. Comput. Med. Imaging Graph. 30(1), 9\u201315 (2006)","journal-title":"Comput. Med. Imaging Graph."},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Gligor, V.D.: A note on the denial-of-service problem. In: IEEE Symposium on Security and Privacy, p. 139 (1983)","DOI":"10.1109\/SP.1983.10004"},{"issue":"4","key":"6_CR6","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1023\/A:1016308404627","volume":"6","author":"J Grabmeier","year":"2002","unstructured":"Grabmeier, J., Rudolph, A.: Techniques of cluster algorithms in data mining. Data Min. Knowl. Disc. 6(4), 303\u2013360 (2002)","journal-title":"Data Min. Knowl. Disc."},{"key":"6_CR7","unstructured":"Group, M.W.: Packet traces from wide backbone. http:\/\/mawi.wide.ad.jp\/mawi\/. Accessed 10 Aug 2018"},{"key":"6_CR8","doi-asserted-by":"crossref","unstructured":"Guo, Y., Yan, J., Qiu, H., Zhang, L.: A CRF-theory-based method for BGP-LDOS attack detection. In: IEEE International Conference on Computer and Communications, pp. 1071\u20131075 (2017)","DOI":"10.1109\/CompComm.2016.7924869"},{"issue":"3","key":"6_CR9","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1145\/331499.331504","volume":"31","author":"AK Jain","year":"1999","unstructured":"Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: a review. ACM Comput. Surv. 31(3), 264\u2013323 (1999)","journal-title":"ACM Comput. Surv."},{"issue":"4","key":"6_CR10","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1007\/s00778-006-0002-5","volume":"16","author":"L Khan","year":"2007","unstructured":"Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16(4), 507\u2013521 (2007)","journal-title":"VLDB J."},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM 2003), pp. 75\u201386 (2003)","DOI":"10.1145\/863955.863966"},{"issue":"4","key":"6_CR12","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1109\/TNET.2006.880180","volume":"14","author":"A Kuzmanovic","year":"2006","unstructured":"Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE\/ACM Trans. Netw. 14(4), 683\u2013696 (2006)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"6_CR13","unstructured":"LBNL: ICSI enterprise tracing project. http:\/\/www.icir.org\/enterprise-tracing. Accessed 10 Aug 2018"},{"issue":"7","key":"6_CR14","doi-asserted-by":"publisher","first-page":"1020","DOI":"10.1093\/comjnl\/bxp078","volume":"53","author":"G. Loukas","year":"2009","unstructured":"Loukas, G.: ke, G.: Protection against denial of service attacks: a survey. Comput. J. 53(7), 1020\u20131037 (2010)","journal-title":"The Computer Journal"},{"key":"6_CR15","unstructured":"Luo, X., Chang, R.K.C.: On a new class of pulsing denial-of-service attacks and the defense. In: Network and Distributed System Security Symposium, NDSS 2005, San Diego, pp. 61\u201379 (2005)"},{"key":"6_CR16","unstructured":"Ray, S., Turi, R.H.: Determination of number of clusters in k-means clustering and application in colour image segmentation. In: Proceeding 4th ICAPRDT, pp. 137\u2013143 (1999)"},{"key":"6_CR17","unstructured":"Ray, S., Turi, R.H.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA), pp. 1\u201314 (2001)"},{"key":"6_CR18","unstructured":"Sarat, S., Terzis, A.: On the effect of router buffer sizes on low-rate denial of service attacks. In: Proceedings International Conference on Computer Communications and Networks, 2005 ICCCN 2005, pp. 281\u2013286 (2005)"},{"issue":"13","key":"6_CR19","doi-asserted-by":"publisher","first-page":"2312","DOI":"10.1016\/j.comnet.2005.09.016","volume":"50","author":"H Sun","year":"2006","unstructured":"Sun, H., Lui, J., Yau, D.: Distributed mechanism in detecting and defending against the low-rate TCP attack. Comput. Netw. 50(13), 2312\u20132330 (2006)","journal-title":"Comput. Netw."},{"key":"6_CR20","unstructured":"Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending against low-rate TCP attacks: Dynamic detection and protection. In: IEEE International Conference on Network Protocols, pp. 196\u2013205 (2004)"},{"issue":"3","key":"6_CR21","first-page":"166","volume":"2014","author":"D Tang","year":"2014","unstructured":"Tang, D., Chen, K., Chen, X.S., Liu, H.Y., Li, X.: Adaptive EWMA method based on abnormal network traffic for ldos attacks. Math. Probl. Eng. 2014(3), 166\u2013183 (2014)","journal-title":"Math. Probl. Eng."},{"issue":"5","key":"6_CR22","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1109\/TDSC.2015.2443807","volume":"13","author":"Z Wu","year":"2016","unstructured":"Wu, Z., Zhang, L., Yue, M.: Low-rate Dos attacks detection based on network multifractal. IEEE Trans. Dependable Secure Comput. 13(5), 559\u2013567 (2016)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Yu, C., Kai, H.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis . J. Parallel Distrib. Comput. 66(9), 1137\u20131151 (2006)","DOI":"10.1016\/j.jpdc.2006.04.007"},{"issue":"2","key":"6_CR24","doi-asserted-by":"publisher","first-page":"e3449","DOI":"10.1002\/dac.3449","volume":"31","author":"M Yue","year":"2018","unstructured":"Yue, M., Liu, L., Wu, Z., Wang, M.: Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network. Int. J. Commun. Syst. 31(2), e3449 (2018)","journal-title":"Int. J. Commun. Syst."}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01950-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T21:51:44Z","timestamp":1775253104000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-01950-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030019495","9783030019501"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01950-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"26 October 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lille","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conference.imt-lille-douai.fr\/icics2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}