{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T16:10:08Z","timestamp":1746375008914,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662447901"},{"type":"electronic","value":"9783662447918"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-44791-8_12","type":"book-chapter","created":{"date-parts":[[2014,9,11]],"date-time":"2014-09-11T13:40:31Z","timestamp":1410442831000},"page":"192-208","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets"],"prefix":"10.1007","author":[{"given":"Angelo","family":"Spognardi","sequence":"first","affiliation":[]},{"given":"Antonio","family":"Villani","sequence":"additional","affiliation":[]},{"given":"Domenico","family":"Vitali","sequence":"additional","affiliation":[]},{"given":"Luigi Vincenzo","family":"Mancini","sequence":"additional","affiliation":[]},{"given":"Roberto","family":"Battistoni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,9,12]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Chan, Y.-T.F., Shoniregun, C.A., Akmayeva, G.A..: A netflow based internet-worm detecting system in large network. In: Pichappan, P., Abraham, A. (eds.) Proceedings of Third IEEE International Conference on Digital Information Management (ICDIM), pp. 581\u2013586. IEEE (2008)","DOI":"10.1109\/ICDIM.2008.4746789"},{"key":"12_CR2","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1016\/j.istr.2009.09.001","volume":"15","author":"K-KR Choo","year":"2010","unstructured":"Choo, K.-K.R.: High tech criminal threats to the national information infrastructure. Inf. Secur. Tech. Rep. 15, 104\u2013111 (2010)","journal-title":"Inf. Secur. Tech. Rep."},{"key":"12_CR3","unstructured":"D\u00fcbendorfer, T., Wagner, A., Plattner, B.: A framework for real-time worm attack detection and backbone monitoring. In: Proceedings of 1st IEEE International Workshop on Critical Infrastructure Protection (IWCIP 2005) (2005)"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Feinstein, L., Schnackenberg, D.: Statistical approaches to DDOS attack detection and response. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 303\u2013314 (2003)","DOI":"10.1109\/DISCEX.2003.1194894"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Hofstede, R., Barto\u0161, V., Sperotto, A., Pras, A.: Towards real-time intrusion detection for netflow and ipfix. In: Proceedings of the 9th International Conference on Network and Service Management, pp. 1\u20136. International Federation for Information Processing (2013)","DOI":"10.1109\/CNSM.2013.6727841"},{"key":"12_CR6","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1145\/382912.382923","volume":"3","author":"JM Hugh","year":"2000","unstructured":"Hugh, J.M.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3, 262\u2013294 (2000)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for cdns and web sites. In: Proceedings of the 11th International Conference on World Wide Web, WWW \u201902, pp. 293\u2013304. ACM, New York (2002)","DOI":"10.1145\/511446.511485"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Papagiannaki, K., Faloutsos, M.: Blinc: multilevel traffic classification in the dark. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM), vol. 35, No.4, pp. 229\u2013240 (2005)","DOI":"10.1145\/1090191.1080119"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Lawniczak, A.T., Di Stefano, B.N., Wu, H.: Detection & study of DDoS attacks via entropy in data network models. In: Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications, CISDA\u201909, pp. 59\u201366. IEEE Press, Piscataway (2009)","DOI":"10.1109\/CISDA.2009.5356521"},{"issue":"12","key":"12_CR10","doi-asserted-by":"publisher","first-page":"1851","DOI":"10.1049\/iet-com.2008.0586","volume":"3","author":"K Li","year":"2009","unstructured":"Li, K., Zhou, W., Yu, S.: Effective metric for detecting distributed denial-of-service attacks based on information divergence. IET Commun. 3(12), 1851\u20131860 (2009)","journal-title":"IET Commun."},{"key":"12_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/978-3-642-03095-6_27","volume-title":"Algorithms and Architectures for Parallel Processing","author":"K Li","year":"2009","unstructured":"Li, K., Zhou, W., Yu, S., Dai, B.: Effective DDoS attacks detection using generalized entropy metric. In: Hua, A., Chang, S.-L. (eds.) ICA3PP 2009. LNCS, vol. 5574, pp. 266\u2013280. Springer, Heidelberg (2009)"},{"key":"12_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1007\/978-3-540-77048-0_35","volume-title":"Information and Communications Security","author":"L Li","year":"2007","unstructured":"Li, L., Zhou, J., Xiao, N.: DDoS attack detection algorithms based on entropy computing. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 452\u2013466. Springer, Heidelberg (2007)"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-45248-5_13","volume-title":"Recent Advances in Intrusion Detection","author":"MV Mahoney","year":"2003","unstructured":"Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA\/Lincoln laboratory evaluation data for network anomaly detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220\u2013237. Springer, Heidelberg (2003)"},{"key":"12_CR14","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/997150.997156","volume":"34","author":"J Mirkovic","year":"2004","unstructured":"Mirkovic, J., Reiher, P.: A taxonomy of DDOS attack and DDOS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34, 39\u201353 (2004)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"No, G., Ra, I., An efficient and reliable DDOS attack detection using a fast entropy computation method. In: Proceedings of the 9th International Conference on Communications and Information Technologies, ISCIT\u201909. pp. 1223\u20131228. IEEE Press, Piscataway (2009)","DOI":"10.1109\/ISCIT.2009.5341118"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Oshima, S., Nakashima, T., Sueyoshi, T.: DDoS detection technique using statistical analysis to generate quick response time. In: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, BWCCA \u201910, pp. 672\u2013677. IEEE Computer Society, Washington, DC (2010)","DOI":"10.1109\/BWCCA.2010.153"},{"key":"12_CR17","doi-asserted-by":"crossref","unstructured":"Oshima, S., Nakashima, T., Sueyoshi, T.: Early DoS\/DDOS detection method using short-term statistics. In: Proceedings of the 2010 International Conference on Complex, Intelligent and Software Intensive Systems, CISIS \u201910, pp. 168\u2013173. IEEE Computer Society, Washington, DC (2010)","DOI":"10.1109\/CISIS.2010.53"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Sardana, A., Joshi, R., Kim, T.: Deciding optimal entropic thresholds to calibrate the detection mechanism for variable rate DDOS attacks in ISP domain. In: Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008), pp. 270\u2013275. IEEE Computer Society, Washington, DC (2008)","DOI":"10.1109\/ISA.2008.76"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Silveira, F., Diot, C., Taft, N., Govindan, R.: ASTUTE: detecting a different class of anomalies. In: Proceedings of the ACM SIGCOMM Symposium on Network Architectures and Protocols, August 2010","DOI":"10.1145\/1851182.1851215"},{"key":"12_CR20","unstructured":"Cisco Systems. Cisco Systems NetFlow Services Export Version 9 (2004). http:\/\/tools.ietf.org\/html\/rfc3954"},{"key":"12_CR21","unstructured":"Cisco Systems. Cisco 2011 Annual Security Repor, Highlighting global security threats and trends (2011). http:\/\/www.cisco.com\/en\/US\/prod\/vpndevc\/annual_security_report.html"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Tao, Y., Yu, S.: Ddos attack detection at local area networks using information theoretical metrics. In: Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 233\u2013240, July 2013","DOI":"10.1109\/TrustCom.2013.32"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Xiang, Y., Li, K., Zhou, W.: Low-rate DDOS attacks detection and traceback by using new information metrics. In: IEEE Transactions on Information Forensics and Security, vol. 99. IEEE Press (2011)","DOI":"10.1109\/TIFS.2011.2107320"}],"container-title":["Communications in Computer and Information Science","E-Business and Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-44791-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T15:53:42Z","timestamp":1746374022000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-662-44791-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662447901","9783662447918"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-44791-8_12","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"12 September 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}