{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T00:58:39Z","timestamp":1780966719770,"version":"3.54.1"},"publisher-location":"Cham","reference-count":55,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030783747","type":"print"},{"value":"9783030783754","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-78375-4_14","type":"book-chapter","created":{"date-parts":[[2021,6,9]],"date-time":"2021-06-09T04:12:10Z","timestamp":1623211930000},"page":"338-361","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Defending Web Servers Against Flash Crowd Attacks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4941-1834","authenticated-orcid":false,"given":"Rajat","family":"Tandon","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4988-1008","authenticated-orcid":false,"given":"Abhinav","family":"Palia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2620-8489","authenticated-orcid":false,"given":"Jaydeep","family":"Ramani","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7790-6570","authenticated-orcid":false,"given":"Brandon","family":"Paulsen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8393-9472","authenticated-orcid":false,"given":"Genevieve","family":"Bartlett","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7462-8747","authenticated-orcid":false,"given":"Jelena","family":"Mirkovic","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,6,10]]},"reference":[{"key":"14_CR1","unstructured":"Hulk DDoS tool, May 2018. https:\/\/tinyurl.com\/y49tze6w. Accessed 31 Mar 2021"},{"key":"14_CR2","unstructured":"Classification tools, May 2019. https:\/\/tinyurl.com\/y6cdav26. Accessed 31 Mar 2021"},{"key":"14_CR3","unstructured":"Combined desktop and mobile visits to amazon.com from February 2018 to April 2019 (in millions), May 2019. https:\/\/tinyurl.com\/y25d8ln8. Accessed 31 Mar 2021"},{"key":"14_CR4","unstructured":"Most popular retail websites in the United States as of December 2019, ranked by visitors (in millions), September 2020. https:\/\/www.statista.com\/statistics\/271450\/monthly-unique-visitors-to-us-retail-websites\/. Accessed 31 Mar 2021"},{"key":"14_CR5","unstructured":"Akrout, I., Feriani, A., Akrout, M.: Hacking google reCAPTCHA v3 using Reinforcement Learning (2019)"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Arapakis, I., Bai, X., Cambazoglu, B.B.: Impact of response latency on user behavior in web search. In: Proceedings of the 37th International ACM SIGIR Conference on Research & Development in Information Retrieval, pp. 103\u2013112. Association for Computing Machinery, New York (2014)","DOI":"10.1145\/2600428.2609627"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Barna, C., Shtern, M., Smit, M., Tzerpos, V., Litoiu, M.: Model-based adaptive DoS attack mitigation. In: Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2012, pp. 119\u2013128. IEEE Press, Piscataway (2012)","DOI":"10.1109\/SEAMS.2012.6224398"},{"key":"14_CR8","unstructured":"Barnett, R.: HOIC, January 2012. https:\/\/tinyurl.com\/y6en34r3. Accessed 31 Mar 2021"},{"key":"14_CR9","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1016\/j.procs.2012.06.056","volume":"10","author":"H Beitollahi","year":"2012","unstructured":"Beitollahi, H., Deconinck, G.: Tackling application-layer DDoS attacks. Procedia Comput. Sci. 10, 432\u2013441 (2012)","journal-title":"Procedia Comput. Sci."},{"issue":"12","key":"14_CR10","first-page":"389","volume":"9","author":"R Bharathi","year":"2012","unstructured":"Bharathi, R., Sukanesh, R., Xiang, Y., Hu, J.: A PCA based framework for detection of application layer DDoS attacks. WSEAS Trans. Inf. Sci. Appl. 9(12), 389\u2013398 (2012)","journal-title":"WSEAS Trans. Inf. Sci. Appl."},{"key":"14_CR11","unstructured":"Bock, K., Patel, D., Hughey, G., Levin, D.: unCAPTCHA: a low-resource defeat of reCAPTCHA\u2019s audio challenge. In: 11th $$\\{$$USENIX$$\\}$$ Workshop on Offensive Technologies ($$\\{$$WOOT$$\\}$$ 2017) (2017)"},{"key":"14_CR12","doi-asserted-by":"crossref","unstructured":"Brewer, D., Li, K., Ramaswamy, L., Pu, C.: A link obfuscation service to detect webbots. In: 2010 IEEE International Conference on Services Computing, pp. 433\u2013440, July 2010","DOI":"10.1109\/SCC.2010.89"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Cao, Y., Yang, J.: Towards making systems forget with machine unlearning. In: 2015 IEEE Symposium on Security and Privacy, pp. 463\u2013480. IEEE (2015)","DOI":"10.1109\/SP.2015.35"},{"key":"14_CR14","unstructured":"Chim, S.: Http proxy middleware, July 2016. https:\/\/tinyurl.com\/y6td93p4"},{"issue":"3","key":"14_CR15","doi-asserted-by":"publisher","first-page":"634","DOI":"10.1016\/j.comnet.2012.10.005","volume":"57","author":"Z Chu","year":"2013","unstructured":"Chu, Z., Gianvecchio, S., Koehl, A., Wang, H., Jajodia, S.: Blog or block: detecting blog bots through behavioral biometrics. Comput. Netw. 57(3), 634\u2013646 (2013)","journal-title":"Comput. Netw."},{"key":"14_CR16","unstructured":"Cid, D.: Analyzing popular layer 7 application DDoS attacks. Sucuri blog. https:\/\/tinyurl.com\/y3p7mokb. Accessed 6 Dec 2020"},{"key":"14_CR17","unstructured":"Cloudflare. How can an HTTP flood be mitigated?, March 2020. https:\/\/www.cloudflare.com\/learning\/ddos\/http-flood-ddos-attack\/. Accessed 6 Dec 2020"},{"key":"14_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-319-66332-6_20","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Elsabagh","year":"2017","unstructured":"Elsabagh, M., Fleck, D., Stavrou, A., Kaplan, M., Bowen, T.: Practical and accurate runtime application protection against DoS attacks. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 450\u2013471. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66332-6_20"},{"key":"14_CR19","doi-asserted-by":"crossref","unstructured":"Gavrilis, D., Chatzis, I., Dermatas, E.: Flash crowd detection using decoy hyperlinks. In: 2007 IEEE International Conference on Networking, Sensing and Control, pp. 466\u2013470, April 2007","DOI":"10.1109\/ICNSC.2007.372823"},{"key":"14_CR20","unstructured":"Google. reCAPTCHA v3. https:\/\/www.google.com\/recaptcha\/intro\/v3.html. Accessed 31 Mar 2021"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Han, X., Kheir, N., Balzarotti, D.: Evaluation of deception-based web attacks detection. In: Proceedings of the 2017 Workshop on Moving Target Defense, MTD 2017, pp. 65\u201373. ACM, New York (2017)","DOI":"10.1145\/3140549.3140555"},{"key":"14_CR22","unstructured":"Imperva. Low orbit ion cannon. https:\/\/tinyurl.com\/y3wy32fo. Accessed 31 Mar 2021"},{"key":"14_CR23","unstructured":"Imperva. 2020 cyberthreat defense report (2020). https:\/\/tinyurl.com\/y5jmjuzv. Accessed 31 Mar 2021"},{"key":"14_CR24","unstructured":"Imperva Incapsula\u2019s. Q1 2017 global DDoS threat landscape report, May 2017. www.incapsula.com. Accessed 6 Dec 2020"},{"key":"14_CR25","unstructured":"INDUSFACE (2019). https:\/\/tinyurl.com\/y4c3ywry. Accessed 6 Dec 2020"},{"key":"14_CR26","doi-asserted-by":"crossref","unstructured":"Jan, S.T., et al.: Throwing darts in the dark? Detecting bots with limited data using neural data augmentation. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1190\u20131206. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00079"},{"key":"14_CR27","doi-asserted-by":"crossref","unstructured":"Jonker, M., King, A., Krupp, J., Rossow, C., Sperotto, A., Dainotti, A.: Millions of targets under attack: a macroscopic characterization of the DoS ecosystem. In: Internet Measurement Conference (IMC), November 2017","DOI":"10.1145\/3131365.3131383"},{"key":"14_CR28","doi-asserted-by":"crossref","unstructured":"Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, WWW 2002, pp. 293\u2013304. ACM, New York (2002)","DOI":"10.1145\/511446.511485"},{"key":"14_CR29","unstructured":"Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, NSDI 2005, vol. 2, pp. 287\u2013300. USENIX Association, Berkeley (2005)"},{"key":"14_CR30","doi-asserted-by":"crossref","unstructured":"Kaspersky. Report finds 18% rise in DDoS attacks in Q2 2019 (2019). https:\/\/tinyurl.com\/y258rnpm. Accessed 31 Mar 2021","DOI":"10.1016\/S1353-4858(19)30025-X"},{"issue":"4","key":"14_CR31","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/347057.347412","volume":"30","author":"B Krishnamurthy","year":"2000","unstructured":"Krishnamurthy, B., Wang, J.: On network-aware clustering of web clients. ACM SIGCOMM Comput. Commun. Rev. 30(4), 97\u2013110 (2000)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"14_CR32","unstructured":"Leyden, J.: Russian serfs paid three dollars a day to break CAPTCHAs, March 2008. https:\/\/tinyurl.com\/y2czs7xd. Accessed 6 Dec 2020"},{"issue":"17","key":"14_CR33","doi-asserted-by":"publisher","first-page":"3111","DOI":"10.1002\/sec.1236","volume":"8","author":"Q Liao","year":"2015","unstructured":"Liao, Q., Li, H., Kang, S., Liu, C.: Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching. Secur. Commun. Netw. 8(17), 3111\u20133120 (2015)","journal-title":"Secur. Commun. Netw."},{"key":"14_CR34","unstructured":"Wayback Machine. Internet archive (1996). https:\/\/archive.org\/web. Accessed 31 Mar 2021"},{"key":"14_CR35","unstructured":"Meng, W., et al.: Rampart: protecting web applications from CPU-exhaustion denial-of-service attacks. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)"},{"key":"14_CR36","unstructured":"Mirza, M., Osindero, S.: Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014)"},{"issue":"3","key":"14_CR37","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1145\/306225.306235","volume":"26","author":"D Mosberger","year":"1998","unstructured":"Mosberger, D., Jin, T.: Httperf: a tool for measuring web server performance. SIGMETRICS Perform. Eval. Rev. 26(3), 31\u201337 (1998)","journal-title":"SIGMETRICS Perform. Eval. Rev."},{"key":"14_CR38","doi-asserted-by":"crossref","unstructured":"Najafabadi, M., Khoshgoftaar, T., Calvert, C., Kemp, C.: User behavior anomaly detection for application layer DDoS attacks. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 154\u2013161, August 2017","DOI":"10.1109\/IRI.2017.44"},{"key":"14_CR39","doi-asserted-by":"crossref","unstructured":"Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash-crowd attacks. In: 2009 IEEE International Conference on Communications, pp. 1\u20136. IEEE (2009)","DOI":"10.1109\/ICC.2009.5199191"},{"key":"14_CR40","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proceedings of the 7th Conference on USENIX Security Symposium, SSYM 1998, vol. 7, p. 3. USENIX Association, Berkeley (1998)"},{"key":"14_CR41","unstructured":"Radware. JS cookie challenges, March 2020. https:\/\/tinyurl.com\/y2bqmtac. Accessed 6 Dec 2020"},{"key":"14_CR42","doi-asserted-by":"crossref","unstructured":"Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings IEEE INFOCOM 2006, pp. 1\u201313 (2006)","DOI":"10.1109\/INFOCOM.2006.127"},{"key":"14_CR43","unstructured":"Selenium. Selenium webdriver (2012). https:\/\/tinyurl.com\/y6a4czhe. Accessed 6 Dec 2020"},{"key":"14_CR44","unstructured":"V. S. Services. Verisign DDoS trends report q2 2016, June 2016. https:\/\/verisign.com\/. Accessed 6 Dec 2020"},{"key":"14_CR45","doi-asserted-by":"crossref","unstructured":"Sivakorn, S., Polakis, I., Keromytis, A.D.: I am robot:(deep) learning to break semantic image CAPTCHAs. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 388\u2013403. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.37"},{"key":"14_CR46","unstructured":"Spitzner, L.: Honeytokens, July 2003. https:\/\/tinyurl.com\/y4gzbjqz"},{"key":"14_CR47","unstructured":"STEEL Lab. Frade: Flash crowd attack defense (2021). https:\/\/steel.isi.edu\/Projects\/frade\/"},{"key":"14_CR48","doi-asserted-by":"crossref","unstructured":"Wang, J., Yang, X., Long, K.: Web DDoS detection schemes based on measuring user\u2019s access behavior with large deviation. In: 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011, pp. 1\u20135, December 2011","DOI":"10.1109\/GLOCOM.2011.6133798"},{"key":"14_CR49","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-319-71273-4_20","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"S Wang","year":"2017","unstructured":"Wang, S., Liu, C., Gao, X., Qu, H., Xu, W.: Session-based fraud detection in online e-commerce transactions using recurrent neural networks. In: Altun, Y., et al. (eds.) ECML PKDD 2017. LNCS (LNAI), vol. 10536, pp. 241\u2013252. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-71273-4_20"},{"key":"14_CR50","doi-asserted-by":"crossref","unstructured":"White, B., et al.: An integrated experimental environment for distributed systems and networks. In: Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, Boston, MA. USENIX Association, December 2002","DOI":"10.1145\/1060289.1060313"},{"key":"14_CR51","unstructured":"Wikipedia. Curse of dimensionality. https:\/\/en.wikipedia.org\/wiki\/Curse_of_dimensionality\/. Accessed 6 Dec 2020"},{"key":"14_CR52","unstructured":"Wikipedia. Replay attack. https:\/\/en.wikipedia.org\/wiki\/Replay_attack. Accessed 31 Mar 2021"},{"key":"14_CR53","unstructured":"Winslow, E.: Bot detection via mouse mapping, September 2009. https:\/\/tinyurl.com\/y3kbgwuw"},{"issue":"1","key":"14_CR54","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1109\/TNET.2008.925628","volume":"17","author":"Y Xie","year":"2009","unstructured":"Xie, Y., Yu, S.Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE\/ACM Trans. Netw. 17(1), 15\u201325 (2009)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"14_CR55","doi-asserted-by":"crossref","unstructured":"Yatagai, T., Isohara, T., Sasase, I.: Detection of http-get flood attack based on analysis of page access behavior. In: 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 232\u2013235, August 2007","DOI":"10.1109\/PACRIM.2007.4313218"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-78375-4_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T00:06:58Z","timestamp":1780963618000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-78375-4_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030783747","9783030783754"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-78375-4_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"10 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kamakura","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"186","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.89","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7.81","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the COVID-19 pandemic the conference took place virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}