{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T00:40:06Z","timestamp":1750984806816,"version":"3.41.0"},"publisher-location":"Cham","reference-count":61,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319646527"},{"type":"electronic","value":"9783319646534"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-64653-4_7","type":"book-chapter","created":{"date-parts":[[2017,11,11]],"date-time":"2017-11-11T10:33:39Z","timestamp":1510396419000},"page":"171-196","source":"Crossref","is-referenced-by-count":6,"title":["SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures"],"prefix":"10.1007","author":[{"given":"Abeer","family":"Ali","sequence":"first","affiliation":[]},{"given":"Richard","family":"Cziva","sequence":"additional","affiliation":[]},{"given":"Simon","family":"Jou\u00ebt","sequence":"additional","affiliation":[]},{"given":"Dimitrios P.","family":"Pezaros","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,11,12]]},"reference":[{"key":"7_CR1","unstructured":"AbuHmed T, Mohaisen A, Nyang D (2008) A survey on deep packet inspection for intrusion detection systems. arXiv preprint arXiv:0803.0037"},{"key":"7_CR2","unstructured":"Akamai, Akamai state of the internet security report (2016). https:\/\/content.akamai.com\/pg7425-uk-soti-report.html . Accessed on 18 Nov 2016"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Alosaimi W, Alshamrani M, Al-Begain K (2015) Simulation-based study of distributed denial of service attacks prevention in the cloud. In: 2015 9th international conference on next generation mobile applications, services and technologies. IEEE, pp 0\u201365","DOI":"10.1109\/NGMAST.2015.50"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Anwer B, Benson T, Feamster N, Levin D (2015) Programming Slick network functions. In: Proceedings of the 1st ACM SIGCOMM symposium on software defined networking research. ACM, p 14","DOI":"10.1145\/2774993.2774998"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Basile C, Pitscheider C, Risso F, Valenza F, Vallini M (2015) Towards the dynamic provision of virtualized security services. In: Cyber security and privacy forum. Springer, Cham, pp 65\u201376","DOI":"10.1007\/978-3-319-25360-2_6"},{"key":"7_CR6","unstructured":"Baumgartner K, Elasticsearch Vuln abuse on Amazon cloud and more for DDoS and profit \u2013 Kasperskylab Blog. https:\/\/securelist.com\/blog\/virus-watch\/65192\/elasticsearch-vuln-abuse-on-amazon-cloud-and-more-for-ddos-and-profit\/"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Berezi\u0144ski P, Jasiul B, Szpyrka M (2015) An entropy-based network anomaly detection method. Entropy 17(4):2367\u20132408","DOI":"10.3390\/e17042367"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutorials 16(1):303\u2013336","DOI":"10.1109\/SURV.2013.052213.00046"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Bosshart P, Daly D, Gibb G, Izzard M, McKeown N, Rexford J, Schlesinger C, Talayco D, Vahdat A, Varghese G et al (2014) P4: programming protocol-independent packet processors. ACM SIGCOMM Comput Commun Rev 44(3):87\u201395","DOI":"10.1145\/2656877.2656890"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Bremler-Barr A, Harchol Y, Hay D (2016) Openbox: a software-defined framework for developing, deploying, and managing network functions. In: Proceedings of the 2016 conference on ACM SIGCOMM, SIGCOMM\u201916. ACM, New York, pp 511\u2013524. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2934872.2934875","DOI":"10.1145\/2934872.2934875"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Cabaj K, Wytrebowicz J, Kuklinski S, Radziszewski P, Dinh KT (2014) SDN architecture impact on network security. In: FedCSIS position papers, pp 143\u2013148","DOI":"10.15439\/2014F473"},{"key":"7_CR12","unstructured":"Cisco, Installing the IDS Appliance \u2013 Cisco. http:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/ips\/4-0\/installation\/guide\/"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Cziva R, Pezaros D (2017, in press) Container network functions: bringing NFV to the network edge. IEEE Commun Mag Adv Netw Softw. http:\/\/eprints.gla.ac.uk\/138001\/","DOI":"10.1109\/MCOM.2017.1601039"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Cziva R, Jouet S, White KJS, Pezaros DP (2015) Container-based network function virtualization for software-defined networks. In: 2015 IEEE symposium on computers and communication (ISCC), pp 415\u2013420. http:\/\/dx.doi.org\/#1","DOI":"10.1109\/ISCC.2015.7405550"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Cziva R, Jouet S, Pezaros DP (2015) GNFC: towards network function cloudification. In: 2015 IEEE conference on network function virtualization and software defined network (NFV-SDN), pp 142\u2013148. http:\/\/dx.doi.org\/#1","DOI":"10.1109\/NFV-SDN.2015.7387419"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Cziva R, Jouet S, Pezaros DP (2016) Roaming edge vNFs using glasgow network functions. In: Proceedings of the 2016 ACM SIGCOMM conference, SIGCOMM\u201916. ACM, New York, pp 601\u2013602. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2934872.2959067","DOI":"10.1145\/2934872.2959067"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Cziva R, Jout S, Stapleton D, Tso FP, Pezaros DP (2016) SDN-based virtual machine management for cloud data centers. IEEE Trans Netw Serv Manag 13(2):212\u2013225. http:\/\/dx.doi.org\/#1","DOI":"10.1109\/TNSM.2016.2528220"},{"key":"7_CR18","unstructured":"Deep inside a DNS amplification DDoS attack. https:\/\/blog.cloudflare.com\/deep-inside-a-dns-amplification-ddos-attack\/"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Douligeris C, Mitrokotsa A (2004) DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643\u2013666","DOI":"10.1016\/j.comnet.2003.10.003"},{"key":"7_CR20","unstructured":"Enguehard M (2016) Thyper-NF: synthesizing chains of virtualized network functions. Master\u2019s thesis, School of Information and Communication Technology, KTH Royal Institute of Technology"},{"key":"7_CR21","unstructured":"Foundation L (2017) Linux foundation open vswitch. https:\/\/LinuxFoundationOpenvSwitch. Accessed on 28 Mar 2017"},{"key":"7_CR22","volume-title":"Stratos: a network-aware orchestration layer for middleboxes in the cloud","author":"A Gember","year":"2013","unstructured":"Gember A, Krishnamurthy A, John SS, Grandl R, Gao X, Anand A, Benson T, Akella A, Sekar V (2013) Stratos: a network-aware orchestration layer for middleboxes in the cloud. Technical report"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Giotis K, Kryftis Y, Maglaris V (2015) Policy-based orchestration of NFV services in software-defined networks. In: 2015 1st IEEE conference on network softwarization (NetSoft). IEEE, pp 1\u20135","DOI":"10.1109\/NETSOFT.2015.7116145"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Gupta BB, Badve OP (2016) Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput Appl 1\u201328. http:\/\/dx.doi.org\/#1 , http:\/\/dx.doi.org\/10.1007\/s00521-016-2317-5","DOI":"10.1007\/s00521-016-2317-5"},{"key":"7_CR25","unstructured":"Hilton S, Dyn Analysis Summary Of Friday October 21 Attack \u2014 Dyn Blog. http:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Idziorek J, Tannian M, Jacobson D (2011) Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM workshop on cloud computing security workshop. ACM, pp 61\u201372","DOI":"10.1145\/2046660.2046676"},{"key":"7_CR27","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1016\/j.comnet.2014.07.004","volume":"72","author":"M Jammal","year":"2014","unstructured":"Jammal M, Singh T, Shami A, Asal R, Li Y (2014) Software defined networking: state of the art and research challenges. Comput Netw 72:74\u201398","journal-title":"Comput Netw"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Joseph DA, Tavakoli A, Stoica I (2008) A policy-aware switching layer for data centers. In: Proceedings of the ACM SIGCOMM 2008 conference on data communication, SIGCOMM\u201908. ACM, New York, pp 51\u201362. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/1402958.1402966","DOI":"10.1145\/1402958.1402966"},{"key":"7_CR29","unstructured":"Krebs B, Krebs on Security website. http:\/\/krebsonsecurity.com\/"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Kumar MN, Sujatha P, Kalva V, Nagori R, Katukojwala AK, Kumar M (2012) Mitigating economic denial of sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: 2012 fourth international conference on computational intelligence and communication networks (CICN). IEEE, pp 535\u2013539","DOI":"10.1109\/CICN.2012.149"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. SIGCOMM Comput Commun Rev 35(4):217\u2013228. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/1090191.1080118","DOI":"10.1145\/1080091.1080118"},{"key":"7_CR32","first-page":"25","volume-title":"A comparative study of anomaly detection schemes in network intrusion detection","author":"A Lazarevic","year":"2003","unstructured":"Lazarevic A, Ert\u00f6z L, Kumar V, Ozgur A, Srivastava J (2003) A comparative study of anomaly detection schemes in network intrusion detection. In: SDM. SIAM, pp 25\u201336"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Liu AX (2005) A model of stateful firewalls and its properties. In: Proceedings of the 2005 international conference on dependable systems and networks, DSN\u201905. IEEE Computer Society, Washington, DC, pp 128\u2013137. http:\/\/dx.doi.org\/#1 , http:\/\/dx.doi.org\/10.1109\/DSN.2005.9","DOI":"10.1109\/DSN.2005.9"},{"key":"7_CR34","first-page":"459","volume-title":"Proceedings of the 11th USENIX conference on networked systems design and implementation, NSDI\u201914","author":"J Martins","year":"2014","unstructured":"Martins J, Ahmed M, Raiciu C, Olteanu V, Honda M, Bifulco R, Huici, F (2014) Clickos and the art of network function virtualization. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, NSDI\u201914. USENIX Association, Berkeley, pp 459\u2013473. http:\/\/dl.acm.org\/citation.cfm?id=2616448.2616491"},{"issue":"1","key":"7_CR35","doi-asserted-by":"crossref","first-page":"236","DOI":"10.1109\/COMST.2015.2477041","volume":"18","author":"R Mijumbi","year":"2015","unstructured":"Mijumbi R, Serrat J, Gorricho JL, Bouten N, De Turck F, Boutaba R (2015) Network function virtualization: state-of-the-art and research challenges. IEEE Commun Surv Tutorials 18(1):236\u2013262","journal-title":"IEEE Commun Surv Tutorials"},{"key":"7_CR36","unstructured":"Mininet, Mininet (2017). http:\/\/mininet.org\/ . Accessed on 24 Mar 2017"},{"key":"7_CR37","doi-asserted-by":"crossref","unstructured":"Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36(1):42\u201357. http:\/\/dx.doi.org\/#1 , http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1084804512001178","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"7_CR38","volume-title":"Motive Malware Report 2014 H2","author":"Motive Security Labs","year":"2014","unstructured":"Motive Security Labs (2014) Motive Malware Report 2014 H2. Technical report, Motive Security Labs. https:\/\/resources.alcatel-lucent.com\/asset\/184652"},{"key":"7_CR39","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.jnca.2016.01.001","volume":"67","author":"O Osanaiye","year":"2016","unstructured":"Osanaiye O, Choo KKR, Dlodlo M (2016) Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud ddos mitigation framework. J Netw Comput Appl 67:147\u2013165","journal-title":"J Netw Comput Appl"},{"key":"7_CR40","doi-asserted-by":"crossref","unstructured":"Qazi ZA, Tu CC, Chiang L, Miao R, Sekar V, Yu M (2013) Simple-fying middlebox policy enforcement using SDN. SIGCOMM Comput Commun Rev 43(4):27\u201338. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2534169.2486022","DOI":"10.1145\/2486001.2486022"},{"issue":"2","key":"7_CR41","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1109\/JSYST.2012.2221998","volume":"7","author":"R Shea","year":"2013","unstructured":"Shea R, Liu J (2013) Performance of virtual machines under networked denial of service attacks: experiments and analysis. IEEE Syst J 7(2):335\u2013345. http:\/\/dx.doi.org\/#1","journal-title":"IEEE Syst J"},{"key":"7_CR42","doi-asserted-by":"crossref","unstructured":"Sherry J, Hasan S, Scott C, Krishnamurthy A, Ratnasamy S, Sekar V (2012) Making middleboxes someone else\u2019s problem: network processing as a cloud service. In: Proceedings of the ACM SIGCOMM 2012 conference on applications, technologies, architectures, and protocols for computer communication, SIGCOMM\u201912, ACM, New York, pp 13\u201324. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2342356.2342359","DOI":"10.1145\/2342356.2342359"},{"issue":"10","key":"7_CR43","doi-asserted-by":"crossref","first-page":"2236","DOI":"10.1109\/TIFS.2015.2453936","volume":"10","author":"S Shin","year":"2015","unstructured":"Shin S, Wang H, Gu G (2015) A first step toward network security virtualization: from concept to prototype. IEEE Trans Inf Forensics Secur 10(10):2236\u20132249","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"7_CR44","unstructured":"Snort intrusion detection system. https:\/\/www.snort.org\/"},{"key":"7_CR45","doi-asserted-by":"crossref","unstructured":"Somani G, Gaur MS, Sanghi D (2015) DDoS\/EDoS attack in cloud: affecting everyone out there! In: Proceedings of the 8th international conference on security of information and networks, SIN\u201915. ACM, New York, pp 169\u2013176. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2799979.2800005","DOI":"10.1145\/2799979.2800005"},{"key":"7_CR46","unstructured":"Somani G, Gaur MS, Sanghi D, Conti M, Buyya R (2015) DDoS attacks in cloud computing: issues, taxonomy, and future directions. arXiv preprint arXiv:1512.08187"},{"key":"7_CR47","first-page":"543","volume-title":"Distributed denial of service: taxonomies of attacks, tools, and countermeasures","author":"SM Specht","year":"2004","unstructured":"Specht SM, Lee RB (2004) Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: ISCA PDCS, pp 543\u2013550"},{"issue":"9","key":"7_CR48","doi-asserted-by":"crossref","first-page":"3372","DOI":"10.1109\/TSP.2006.879308","volume":"54","author":"AG Tartakovsky","year":"2006","unstructured":"Tartakovsky AG, Rozovskii BL, Blazek RB, Kim H (2006) A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans Signal Process 54(9):3372\u20133382","journal-title":"IEEE Trans Signal Process"},{"key":"7_CR49","unstructured":"The Bro Network Security Monitor. https:\/\/www.bro.org\/"},{"key":"7_CR50","unstructured":"The Suricata open source IDS, IPS, and NSM. https:\/\/suricata-ids.org\/"},{"issue":"20","key":"7_CR51","first-page":"11","volume":"41","author":"S VivinSandar","year":"2012","unstructured":"VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDoS) in cloud services using http and xml based DDoS attacks. Int J Comput Appl 41(20):11\u201316","journal-title":"Int J Comput Appl"},{"key":"7_CR52","doi-asserted-by":"crossref","unstructured":"Wang B, Zheng Y, Lou W, Hou YT (2015) {DDoS} attack protection in the era of cloud computing and software-defined networking. Comput Netw 81:308\u2013319. http:\/\/dx.doi.org\/10.1016\/j.comnet.2015.02.026 , http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1389128615000742","DOI":"10.1016\/j.comnet.2015.02.026"},{"key":"7_CR53","doi-asserted-by":"crossref","unstructured":"White KJ, Pezaros D, Denney E, Knudson M, Marnerides AK (2017) A programmable SDN+NFV-based architecture for uav telemetry monitoring. http:\/\/eprints.gla.ac.uk\/130944\/","DOI":"10.1109\/CCNC.2017.7983162"},{"issue":"3","key":"7_CR54","first-page":"57","volume":"6","author":"F Wong","year":"2014","unstructured":"Wong F, Tan CX (2014) A survey of trends in massive DDoS attacks and cloud-based mitigations. Int J Netw Secur Appl 6(3):57","journal-title":"Int J Netw Secur Appl"},{"issue":"4","key":"7_CR55","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MCOM.2015.7081075","volume":"53","author":"Q Yan","year":"2015","unstructured":"Yan Q, Yu FR (2015) Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun Mag 53(4):52\u201359","journal-title":"IEEE Commun Mag"},{"issue":"1","key":"7_CR56","doi-asserted-by":"crossref","first-page":"602","DOI":"10.1109\/COMST.2015.2487361","volume":"18","author":"Q Yan","year":"2016","unstructured":"Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials 18(1):602\u2013622. http:\/\/dx.doi.org\/#1","journal-title":"IEEE Commun Surv Tutorials"},{"key":"7_CR57","doi-asserted-by":"crossref","unstructured":"Yoon C, Park T, Lee S, Kang H, Shin S, Zhang Z (2015) Enabling security functions with SDN: a feasibility study. Comput Netw 85:19\u201335. http:\/\/dx.doi.org\/10.1016\/j.comnet.2015.05.005 , http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1389128615001619","DOI":"10.1016\/j.comnet.2015.05.005"},{"key":"7_CR58","doi-asserted-by":"crossref","unstructured":"Yoshida M, Shen W, Kawabata T, Minato K, Imajuku W (2014) Morsa: a multi-objective resource scheduling algorithm for NFV infrastructure. In: 2014 16th Asia-Pacific network operations and management symposium (APNOMS). IEEE, pp 1\u20136","DOI":"10.1109\/APNOMS.2014.6996545"},{"key":"7_CR59","doi-asserted-by":"crossref","unstructured":"Zapechnikov S, Miloslavskaya N, Tolstoy A (2015) Modeling of next-generation firewalls as queueing services. In: Proceedings of the 8th international conference on security of information and networks, SIN\u201915. ACM, New York, pp 250\u2013257. http:\/\/dx.doi.org\/#1 , http:\/\/doi.acm.org\/10.1145\/2799979.2799997","DOI":"10.1145\/2799979.2799997"},{"issue":"4","key":"7_CR60","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","volume":"15","author":"ST Zargar","year":"2013","unstructured":"Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutorials 15(4):2046\u20132069","journal-title":"IEEE Commun Surv Tutorials"},{"key":"7_CR61","doi-asserted-by":"crossref","unstructured":"Zhang Y, Beheshti N, Beliveau L, Lefebvre G, Manghirmalani R, Mishra, R, Patneyt R, Shirazipour M, Subrahmaniam R, Truchan C, Tatipamula M (2013) Steering: a software-defined networking for inline service chaining. In: 2013 21st IEEE international conference on network protocols (ICNP), pp 1\u201310. http:\/\/dx.doi.org\/#1","DOI":"10.1109\/ICNP.2013.6733615"}],"container-title":["Computer Communications and Networks","Guide to Security in SDN and NFV"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-64653-4_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T00:04:53Z","timestamp":1750982693000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-64653-4_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319646527","9783319646534"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-64653-4_7","relation":{},"ISSN":["1617-7975","2197-8433"],"issn-type":[{"type":"print","value":"1617-7975"},{"type":"electronic","value":"2197-8433"}],"subject":[],"published":{"date-parts":[[2017]]}}}