{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T12:37:52Z","timestamp":1764333472630,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031709029"},{"type":"electronic","value":"9783031709036"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70903-6_10","type":"book-chapter","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:04:30Z","timestamp":1725487470000},"page":"187-207","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Patronum: In-network Volumetric DDoS Detection and\u00a0Mitigation with\u00a0Programmable Switches"],"prefix":"10.1007","author":[{"given":"Jiahao","family":"Wu","sequence":"first","affiliation":[]},{"given":"Heng","family":"Pan","sequence":"additional","affiliation":[]},{"given":"Penglai","family":"Cui","sequence":"additional","affiliation":[]},{"given":"Yiwen","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Jianer","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Peng","family":"He","sequence":"additional","affiliation":[]},{"given":"Yanbiao","family":"Li","sequence":"additional","affiliation":[]},{"given":"Zhenyu","family":"Li","sequence":"additional","affiliation":[]},{"given":"Gaogang","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,5]]},"reference":[{"key":"10_CR1","doi-asserted-by":"publisher","unstructured":"Akem, A.T.J., Gucciardo, M., Fiore, M.: Flowrest: practical flow-level inference in programmable switches with random forests. In: IEEE INFOCOM 2023 - IEEE Conference on Computer Communications, pp. 1\u201310 (2023). https:\/\/doi.org\/10.1109\/INFOCOM53939.2023.10229100","DOI":"10.1109\/INFOCOM53939.2023.10229100"},{"key":"10_CR2","doi-asserted-by":"publisher","unstructured":"Alcoz, A.G., Strohmeier, M., Lenders, V., Vanbever, L.: Aggregate-based congestion control for pulse-wave DDoS defense. In: Proceedings of the ACM SIGCOMM 2022 Conference, SIGCOMM 2022, pp. 693\u2013706. Association for Computing Machinery, New York, NY, USA (2022).https:\/\/doi.org\/10.1145\/3544216.3544263","DOI":"10.1145\/3544216.3544263"},{"key":"10_CR3","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1093\u20131110. USENIX Association, Vancouver, BC (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"10_CR4","doi-asserted-by":"publisher","unstructured":"Barbette, T., Soldani, C., Mathy, L.: Fast userspace packet processing. In: 2015 ACM\/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 5\u201316 (2015).https:\/\/doi.org\/10.1109\/ANCS.2015.7110116","DOI":"10.1109\/ANCS.2015.7110116"},{"key":"10_CR5","doi-asserted-by":"publisher","unstructured":"Barradas, D., Santos, N., Rodrigues, L., Signorello, S., Ramos, F.M.V., Madeira, A.: FlowLens: enabling efficient flow classification for ml-based network security applications. In: Proceedings of the 28th Network and Distributed System Security Symposium. San Diego, CA, USA (2021).https:\/\/doi.org\/10.14722\/ndss.2021.24067","DOI":"10.14722\/ndss.2021.24067"},{"issue":"3","key":"10_CR6","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/2656877.2656890","volume":"44","author":"P Bosshart","year":"2014","unstructured":"Bosshart, P., et al.: P4: programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87\u201395 (2014). https:\/\/doi.org\/10.1145\/2656877.2656890","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"10_CR7","unstructured":"CAIDA: The CAIDA UCSD anonymized internet traces 2018. (2018). http:\/\/www.caida.org\/data\/passive\/passive_2018_dataset.xml"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Cloudflare: DDoS attack trends for 2022 q4 (2023). https:\/\/radar.cloudflare.com\/reports\/ddos-2022-q4","DOI":"10.1016\/j.fopow.2022.02.017"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Cloudflare: DDoS attack trends for 2023 q1 (2023). https:\/\/radar.cloudflare.com\/reports\/ddos-2023-q1","DOI":"10.1155\/2023\/9810961"},{"issue":"1","key":"10_CR10","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1016\/j.jalgor.2003.12.001","volume":"55","author":"G Cormode","year":"2005","unstructured":"Cormode, G., Muthukrishnan, S.: An improved data stream summary: the count-min sketch and its applications. J. Algorithms 55(1), 58\u201375 (2005). https:\/\/doi.org\/10.1016\/j.jalgor.2003.12.001","journal-title":"J. Algorithms"},{"key":"10_CR11","unstructured":"Corporation, C.: How much will a DDoS attack cost your business? (2021). https:\/\/www.cloudbric.com\/how-much-will-a-ddos-attack-cost-your-business\/"},{"key":"10_CR12","doi-asserted-by":"publisher","unstructured":"Cui, P., et al.: NetFC: enabling accurate floating-point arithmetic on programmable switches. In: 2021 IEEE 29th International Conference on Network Protocols (ICNP), pp. 1\u201311 (2021).https:\/\/doi.org\/10.1109\/ICNP52444.2021.9651946","DOI":"10.1109\/ICNP52444.2021.9651946"},{"issue":"2","key":"10_CR13","doi-asserted-by":"publisher","first-page":"1191","DOI":"10.1109\/TNSM.2021.3073597","volume":"18","author":"D Ding","year":"2021","unstructured":"Ding, D., Savi, M., Pederzolli, F., Campanella, M., Siracusa, D.: In-network volumetric DDoS victim identification using programmable commodity switches. IEEE Trans. Netw. Serv. Manage. 18(2), 1191\u20131202 (2021). https:\/\/doi.org\/10.1109\/TNSM.2021.3073597","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"10_CR14","doi-asserted-by":"publisher","unstructured":"Ding, D., Savi, M., Siracusa, D.: Estimating logarithmic and exponential functions to track network traffic entropy in p4. In: NOMS 2020 - 2020 IEEE\/IFIP Network Operations and Management Symposium, pp.\u00a01\u20139 (2020).https:\/\/doi.org\/10.1109\/NOMS47738.2020.9110257","DOI":"10.1109\/NOMS47738.2020.9110257"},{"issue":"6","key":"10_CR15","doi-asserted-by":"publisher","first-page":"4019","DOI":"10.1109\/TDSC.2021.3116345","volume":"19","author":"D Ding","year":"2022","unstructured":"Ding, D., Savi, M., Siracusa, D.: Tracking normalized network traffic entropy to detect DDoS attacks in p4. IEEE Trans. Dependable Secure Comput. 19(6), 4019\u20134031 (2022). https:\/\/doi.org\/10.1109\/TDSC.2021.3116345","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR16","unstructured":"Fayaz, S.K., Tobioka, Y., Sekar, V., Bailey, M.: Bohatei: flexible and elastic DDoS defense. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 817\u2013832. USENIX Association, Washington, D.C. (2015). https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/fayaz"},{"key":"10_CR17","doi-asserted-by":"publisher","unstructured":"Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: Mawilab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In: Proceedings of the 6th International Conference. Co-NEXT 2010, Association for Computing Machinery, New York, NY, USA (2010).https:\/\/doi.org\/10.1145\/1921168.1921179","DOI":"10.1145\/1921168.1921179"},{"key":"10_CR18","unstructured":"Foundation, L.: Data plane development kit (DPDK) (2015). http:\/\/www.dpdk.org"},{"key":"10_CR19","doi-asserted-by":"publisher","unstructured":"Friday, K., Kfoury, E., Bou-Harb, E., Crichigno, J.: Inc: In-network classification of botnet propagation at line rate. In: Atluri, V., Di\u00a0Pietro, R., Jensen, C.D., Meng, W. (eds.) Computer Security \u2013 ESORICS 2022, pp. 551\u2013569. Springer International Publishing, Cham (2022).https:\/\/doi.org\/10.1007\/978-3-031-17140-6_27","DOI":"10.1007\/978-3-031-17140-6_27"},{"key":"10_CR20","doi-asserted-by":"publisher","unstructured":"Harrison, R., Cai, Q., Gupta, A., Rexford, J.: Network-wide heavy hitter detection with commodity switches. In: Proceedings of the Symposium on SDN Research, SOSR 2018. Association for Computing Machinery, New York, NY, USA (2018).https:\/\/doi.org\/10.1145\/3185467.3185476","DOI":"10.1145\/3185467.3185476"},{"key":"10_CR21","doi-asserted-by":"publisher","unstructured":"Ilha, A.d.S., Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Euclid: A fully in-network, p4-based approach for real-time DDoS attack detection and mitigation. IEEE Trans. Network Serv. Manage. 18(3), 3121\u20133139 (2021).https:\/\/doi.org\/10.1109\/TNSM.2020.3048265","DOI":"10.1109\/TNSM.2020.3048265"},{"key":"10_CR22","unstructured":"Intel: Intel tofino (2023). https:\/\/www.intel.com\/content\/www\/us\/en\/products\/details\/network-io\/intelligent-fabric-processors\/tofino.html"},{"key":"10_CR23","unstructured":"Kim, C., et al.: In-band network telemetry via programmable dataplanes. In: ACM SIGCOMM, vol. 15, pp. 1\u20132 (2015)"},{"key":"10_CR24","doi-asserted-by":"publisher","unstructured":"Kim, S., Jung, C., Jang, R., Mohaisen, D., Nyang, D.: A robust counting sketch for data plane intrusion detection. In: 30th Annual Network and Distributed System Security Symposium, NDSS 2023, San Diego, California, USA, February 27 - March 3, 2023. The Internet Society (2023).https:\/\/doi.org\/10.14722\/ndss.2023.23102","DOI":"10.14722\/ndss.2023.23102"},{"key":"10_CR25","unstructured":"Kottler, S.: February 28th DDoS incident report (2018). https:\/\/github.blog\/2018-03-01-ddos-incident-report\/"},{"key":"10_CR26","unstructured":"Lapolli, A.C., Adilson\u00a0Marques, J., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: 2019 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), pp. 19\u201327 (2019)"},{"key":"10_CR27","doi-asserted-by":"publisher","unstructured":"Liu, Z., Manousis, A., Vorsanger, G., Sekar, V., Braverman, V.: One sketch to rule them all: rethinking network flow monitoring with univmon. In: Proceedings of the 2016 ACM SIGCOMM Conference, SIGCOMM 2016, pp. 101\u2013114. Association for Computing Machinery, New York, NY, USA (2016).https:\/\/doi.org\/10.1145\/2934872.2934906","DOI":"10.1145\/2934872.2934906"},{"key":"10_CR28","unstructured":"Liu, Z., et al.: Jaqen: a high-performance switch-native approach for detecting and mitigating volumetric DDoS attacks with programmable switches. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3829\u20133846. USENIX Association (2021). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/liu-zaoxing"},{"key":"10_CR29","unstructured":"Mahimkar, A., Dange, J., Shmatikov, V., Vin, H., Zhang, Y.: dFence: transparent network-based denial of service mitigation. In: 4th USENIX Symposium on Networked Systems Design & Implementation (NSDI 07). USENIX Association, Cambridge, MA (2007). https:\/\/www.usenix.org\/conference\/nsdi-07\/dfence-transparent-network-based-denial-service-mitigation"},{"key":"10_CR30","unstructured":"Microsoft: 2022 in review: DDoS attack trends and insights (2022). https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/02\/21\/2022-in-review-ddos-attack-trends-and-insights\/"},{"key":"10_CR31","unstructured":"P4lang: P4 behavioral model (bmv2) (2023). https:\/\/github.com\/p4lang\/behavioral-model"},{"issue":"1","key":"10_CR32","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1080\/00401706.2000.10485986","volume":"42","author":"SW Roberts","year":"2000","unstructured":"Roberts, S.W.: Control chart tests based on geometric moving averages. Technometrics 42(1), 97\u2013101 (2000). https:\/\/doi.org\/10.1080\/00401706.2000.10485986","journal-title":"Technometrics"},{"key":"10_CR33","doi-asserted-by":"publisher","unstructured":"Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society (2014).https:\/\/doi.org\/10.14722\/ndss.2014.23233","DOI":"10.14722\/ndss.2014.23233"},{"issue":"3","key":"10_CR34","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","volume":"27","author":"CE Shannon","year":"1948","unstructured":"Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379\u2013423 (1948). https:\/\/doi.org\/10.1002\/j.1538-7305.1948.tb01338.x","journal-title":"Bell Syst. Tech. J."},{"issue":"4","key":"10_CR35","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1109\/TDSC.2004.34","volume":"1","author":"H Wang","year":"2004","unstructured":"Wang, H., Zhang, D., Shin, K.: Change-point monitoring for the detection of dos attacks. IEEE Trans. Dependable Secure Comput. 1(4), 193\u2013208 (2004). https:\/\/doi.org\/10.1109\/TDSC.2004.34","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10_CR36","unstructured":"Wikipedia: Netflow (2023). https:\/\/en.wikipedia.org\/wiki\/NetFlow"},{"key":"10_CR37","unstructured":"Wikipedia: sflow (2023). https:\/\/en.wikipedia.org\/wiki\/SFlow"},{"key":"10_CR38","doi-asserted-by":"publisher","unstructured":"Xie, G., Li, Q., Dong, Y., Duan, G., Jiang, Y., Duan, J.: Mousika: enable general in-network intelligence in programmable switches by knowledge distillation. In: IEEE INFOCOM 2022 - IEEE Conference on Computer Communications, pp. 1938\u20131947 (2022).https:\/\/doi.org\/10.1109\/INFOCOM48880.2022.9796936","DOI":"10.1109\/INFOCOM48880.2022.9796936"},{"key":"10_CR39","unstructured":"Xing, J., Kang, Q., Chen, A.: NetWarden: mitigating network covert channels while preserving performance. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 2039\u20132056. USENIX Association (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/xing"},{"key":"10_CR40","doi-asserted-by":"publisher","unstructured":"Yang, T., et al.: Elastic sketch: adaptive and fast network-wide measurements. In: Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2018, pp. 561\u2013575. Association for Computing Machinery, New York, NY, USA (2018).https:\/\/doi.org\/10.1145\/3230543.3230544","DOI":"10.1145\/3230543.3230544"},{"key":"10_CR41","doi-asserted-by":"publisher","unstructured":"Zhang, M., et al.: Poseidon: mitigating volumetric DDoS attacks with programmable switches. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society (2020).https:\/\/doi.org\/10.14722\/ndss.2020.24007","DOI":"10.14722\/ndss.2020.24007"},{"key":"10_CR42","doi-asserted-by":"publisher","unstructured":"Zhang, Y., et al.: Cocosketch: high-performance sketch-based measurement over arbitrary partial key query. In: Proceedings of the 2021 ACM SIGCOMM 2021 Conference, SIGCOMM 2021, pp. 207\u2013222. Association for Computing Machinery, New York, NY, USA (2021).https:\/\/doi.org\/10.1145\/3452296.3472892","DOI":"10.1145\/3452296.3472892"},{"key":"10_CR43","doi-asserted-by":"publisher","unstructured":"Zheng, C., Zilberman, N.: Planter: seeding trees within switches. In: Proceedings of the SIGCOMM 2021 Poster and Demo Sessions, pp. 12\u201314. Association for Computing Machinery, New York, NY, USA (2021).https:\/\/doi.org\/10.1145\/3472716.3472846","DOI":"10.1145\/3472716.3472846"},{"key":"10_CR44","unstructured":"Zhou, G., Liu, Z., Fu, C., Li, Q., Xu, K.: An efficient design of intelligent network data plane. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 6203\u20136220. USENIX Association, Anaheim, CA (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/zhou-guangmeng"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70903-6_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T22:07:12Z","timestamp":1725487632000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70903-6_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031709029","9783031709036"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70903-6_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"5 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}