{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T08:10:02Z","timestamp":1751098202323,"version":"3.41.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319723884"},{"type":"electronic","value":"9783319723891"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-72389-1_37","type":"book-chapter","created":{"date-parts":[[2017,12,6]],"date-time":"2017-12-06T14:53:21Z","timestamp":1512572001000},"page":"461-473","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Detection System for Distributed DoS Attacks Based on Automatic Extraction of Normal Mode and Its Performance Evaluation"],"prefix":"10.1007","author":[{"given":"Yaokai","family":"Feng","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yoshiaki","family":"Hori","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kouichi","family":"Sakurai","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,12,7]]},"reference":[{"key":"37_CR1","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-642-03354-4_17","volume-title":"Collaborative Computing: Networking, Applications and Worksharing","author":"S Xu","year":"2009","unstructured":"Xu, S.: Collaborative attack vs. collaborative defense. In: Bertino, E., Joshi, J.B.D. (eds.) CollaborateCom 2008. LNICSSITE, vol. 10, pp. 217\u2013228. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03354-4_17"},{"key":"37_CR2","unstructured":"Wiki: DMZ (computing). https:\/\/en.wikipedia.org\/wiki\/DMZ_(computing) . Accessed 6 Mar 2017"},{"key":"37_CR3","unstructured":"Wiki: WAF. https:\/\/en.wikipedia.org\/wiki\/WAF . Accessed 6 Mar 2017"},{"key":"37_CR4","unstructured":"ComputerWeekly News: http:\/\/www.computerweekly.com\/news\/4500243431\/DDoS-losses-potentially-100k-an-hour-survey-shows . Accessed 11 June 2016"},{"key":"37_CR5","unstructured":"BBC News: Internet lost for thousands using temporary FBI servers. http:\/\/www.bbc.com\/news\/technology-18769088 . Accessed 6 Mar 2017"},{"key":"37_CR6","unstructured":"Trendmicro: Operation Ghost Click. http:\/\/www.trendmicro.co.uk\/security-intelligence\/research\/operation-ghost-click\/ . Accessed 6 Mar 2017"},{"key":"37_CR7","unstructured":"Cloudflare: The DDoS That Knocked Spamhaus Offline. https:\/\/blog.cloudflare.com\/the-ddos-that-knocked-spamhaus-offline-and-ho\/ . Accessed 6 Mar 2017"},{"key":"37_CR8","unstructured":"Spamhaus Project. https:\/\/www.spamhaus.org\/ . Accessed 6 Mar 2017"},{"key":"37_CR9","unstructured":"Internet Watch News, 26 April 2013 (in Japanese). http:\/\/internet.watch.impress.co.jp\/docs\/interview\/597628.html . Accessed 6 Mar 2017"},{"key":"37_CR10","unstructured":"Technical Details Behind a 400 Gbps NTP Amplification DDoS Attack, 13 Februrary 2014. https:\/\/blog.cloudflare.com\/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack\/ . Accessed 6 Mar 2017"},{"key":"37_CR11","unstructured":"Wiki: NTP server misuse and abuse. https:\/\/en.wikipedia.org\/wiki\/NTP_server_misuse_and_abuse . Accessed 6 Mar 2017"},{"issue":"3","key":"37_CR12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","volume":"41","author":"V Chandola","year":"2009","unstructured":"Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1\u201372 (2009)","journal-title":"ACM Comput. Surv."},{"key":"37_CR13","unstructured":"Kim, M.S., Kang, H.J., Hong, S.C.: A flow-based method for abnormal network traffic detection. In: Proceedings of the IEEE\/IPIP Network Operations and Management Symposium, pp. 599\u2013612 (2004)"},{"issue":"10","key":"37_CR14","doi-asserted-by":"crossref","first-page":"2632","DOI":"10.1109\/TKDE.2015.2426693","volume":"27","author":"K Kensuke","year":"2015","unstructured":"Kensuke, K., Hideitsu, H., Murata, N.: Change-point detection in a sequence of bags-of-data. IEEE Trans. Knowl. Data Eng. 27(10), 2632\u20132644 (2015)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"37_CR15","doi-asserted-by":"crossref","unstructured":"Kensuke, K., Hideitsu, H., Murata, N.: Change-point detection in a sequence of bags-of-data. In: The IEEE International Conference on Data Engineering (ICDE), pp. 1560\u20131561 (2016)","DOI":"10.1109\/ICDE.2016.7498425"},{"issue":"5","key":"37_CR16","doi-asserted-by":"crossref","first-page":"1396","DOI":"10.1109\/TNET.2011.2109009","volume":"19","author":"J Treurniet","year":"2011","unstructured":"Treurniet, J.: A network activity classification schema and its application to scan detection. IEEE\/ACM Trans. Netw. 19(5), 1396\u20131404 (2011)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"37_CR17","unstructured":"Snort User\u2019s Manual. http:\/\/www.snort.org\/docs . Accessed 11 June 2016"},{"key":"37_CR18","unstructured":"The Bro Internet Security Monitor. https:\/\/www.bro.org\/ . Accessed 11 June 2016"},{"key":"37_CR19","unstructured":"Network and Security Manager (NSM). https:\/\/www.juniper.net\/documentation\/en_US\/release-independent\/nsm\/information-products\/pathway-pages\/nsm\/product\/index.html . Accessed 11 June 2016"},{"key":"37_CR20","unstructured":"Gates, C.: The modeling and detection of distributed port scans: a thesis proposal, Technical report CS-2003-01, Dalhousie University (2003)"},{"key":"37_CR21","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: global characteristics and prevalence. In: Proceedings of the 2003 ACM Joint International Conference on Measurement and Modeling of Computer Systems, pp. 138\u2013147 (2003)","DOI":"10.1145\/781027.781045"},{"issue":"3","key":"37_CR22","first-page":"527","volume":"21","author":"Y Feng","year":"2013","unstructured":"Feng, Y., Hori, Y., Sakurai, K., Takeuchi, J.: A behavior-based method for detecting distributed scan attacks in darknets. J. Inf. Process. (JIP) 21(3), 527\u2013538 (2013)","journal-title":"J. Inf. Process. (JIP)"},{"key":"37_CR23","doi-asserted-by":"crossref","unstructured":"Feng, Y., Hori, Y., Sakurai, K., Takeuchi, J.: A behavior-based method for detecting outbreaks of low-rate attacks. In: Proceedings of the 3rd Workshop on Network Technologies for Security, Administration and Protection (NETSAP), pp. 267\u2013272 (SAINT 2012) (2012)","DOI":"10.1109\/SAINT.2012.50"},{"key":"37_CR24","doi-asserted-by":"crossref","unstructured":"Feng, Y., Hori, Y., Sakurai K.: A proposal for detecting distributed cyber-attacks using automatic thresholding. In: Proceedings of the 10th Asia Conference on Information Security (AsiaJCIS 2015), pp. 152\u2013159 (2015)","DOI":"10.1109\/AsiaJCIS.2015.22"},{"key":"37_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/978-3-319-56549-1_7","volume-title":"Information Security Applications","author":"Y Feng","year":"2017","unstructured":"Feng, Y., Hori, Y., Sakurai, K.: A behavior-based online engine for detecting distributed cyber-attacks. In: Choi, D., Guilley, S. (eds.) WISA 2016. LNCS, vol. 10144, pp. 79\u201389. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56549-1_7"},{"key":"37_CR26","unstructured":"SANS Internet Storm Center. https:\/\/isc.sans.edu\/"}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Anonymity in Computation, Communication, and Storage"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72389-1_37","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T07:33:29Z","timestamp":1751096009000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72389-1_37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319723884","9783319723891"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72389-1_37","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}