{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T04:45:53Z","timestamp":1766378753668,"version":"3.48.0"},"publisher-location":"Singapore","reference-count":47,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819665907"},{"type":"electronic","value":"9789819665914"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-6591-4_5","type":"book-chapter","created":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T08:38:31Z","timestamp":1750667911000},"page":"61-75","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["TDAT: A Real-Time Two-Stage DDoS Attacks Detector Based on\u00a0Anomaly Transformer"],"prefix":"10.1007","author":[{"given":"Zhen","family":"Huang","sequence":"first","affiliation":[]},{"given":"Shang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Ke","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Xiang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,24]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","first-page":"165130","DOI":"10.1109\/ACCESS.2020.3022862","volume":"8","author":"A Alsaedi","year":"2020","unstructured":"Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., Anwar, A.: ToN_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8, 165130\u2013165150 (2020)","journal-title":"IEEE Access"},{"key":"5_CR2","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-981-16-8059-5_22","volume-title":"Advances in Cyber Security","author":"R Alshamy","year":"2021","unstructured":"Alshamy, R., Ghurab, M., Othman, S., Alshami, F.: Intrusion detection model for imbalanced dataset using SMOTE and random forest algorithm. In: Abdullah, N., Manickam, S., Anbar, M. (eds.) ACeS 2021. CCIS, vol. 1487, pp. 361\u2013378. Springer, Singapore (2021). https:\/\/doi.org\/10.1007\/978-981-16-8059-5_22"},{"issue":"23","key":"5_CR3","doi-asserted-by":"publisher","first-page":"2919","DOI":"10.3390\/electronics10232919","volume":"10","author":"RJ Alzahrani","year":"2021","unstructured":"Alzahrani, R.J., Alzahrani, A.: Security analysis of DDoS attacks using machine learning algorithms in networks traffic. Electronics 10(23), 2919 (2021)","journal-title":"Electronics"},{"key":"5_CR4","first-page":"103041","volume":"72","author":"J Ashraf","year":"2021","unstructured":"Ashraf, J., et al.: Iotbot-ids: a novel statistical learning-enabled botnet detection framework for protecting networks of smart cities. Sustain. Urban Areas 72, 103041 (2021)","journal-title":"Sustain. Urban Areas"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Barradas, D., Santos, N., Rodrigues, L., Signorello, S., Ramos, F.M., Madeira, A.: Flowlens: enabling efficient flow classification for ml-based network security applications. In: NDSS (2021)","DOI":"10.14722\/ndss.2021.24067"},{"issue":"1","key":"5_CR6","doi-asserted-by":"publisher","first-page":"485","DOI":"10.1109\/JIOT.2021.3085194","volume":"9","author":"TM Booij","year":"2021","unstructured":"Booij, T.M., Chiscop, I., Meeuwissen, E., Moustafa, N., Den Hartog, F.T.: ToN_IoT: the role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion data sets. IEEE Internet Things J. 9(1), 485\u2013496 (2021)","journal-title":"IEEE Internet Things J."},{"issue":"3","key":"5_CR7","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1145\/956993.957007","volume":"33","author":"M Carson","year":"2003","unstructured":"Carson, M., Santay, D.: Nist net: a linux-based network emulation tool. ACM SIGCOMM Comput. Commun. Rev. 33(3), 111\u2013126 (2003)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"5_CR8","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321\u2013357 (2002)","journal-title":"J. Artif. Intell. Res."},{"issue":"2","key":"5_CR9","doi-asserted-by":"publisher","first-page":"876","DOI":"10.1109\/TNSM.2020.2971776","volume":"17","author":"R Doriguzzi-Corin","year":"2020","unstructured":"Doriguzzi-Corin, R., Millar, S., Scott-Hayward, S., Martinez-del Rincon, J., Siracusa, D.: Lucid: a practical, lightweight deep learning solution for DDoS attack detection. IEEE Trans. Netw. Serv. Manage. 17(2), 876\u2013889 (2020)","journal-title":"IEEE Trans. Netw. Serv. Manage."},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Du, M., Li, F., Zheng, G., Srikumar, V.: Deeplog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285\u20131298 (2017)","DOI":"10.1145\/3133956.3134015"},{"key":"5_CR11","unstructured":"Dugan, J., Elliott, S., Mah, B.A., Poskanzer, J., Prabhu, K.: iPerf-the ultimate speed test tool for TCP, UDP and SCTP. iperf. fr. (2021)"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Shu, L., Djallel, H., Choo, K.K.R.: Deep learning-based intrusion detection for distributed denial of service attack in agriculture 4.0. Electronics 10(11), 1257 (2021)","DOI":"10.3390\/electronics10111257"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Fu, C., Li, Q., Shen, M., Xu, K.: Realtime robust malicious traffic detection via frequency domain analysis. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 3431\u20133446 (2021)","DOI":"10.1145\/3460120.3484585"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Fu, C., Li, Q., Xu, K.: Detecting unknown encrypted malicious traffic in real time via flow interaction graph analysis. arXiv preprint (2023). arXiv:2301.13686","DOI":"10.14722\/ndss.2023.23080"},{"key":"5_CR15","unstructured":"Han, K., Xiao, A., Wu, E., Guo, J., Xu, C., Wang, Y.: Transformer in transformer. In: Advances in Neural Information Processing Systems, vol. 34, pp. 15908\u201315919 (2021)"},{"key":"5_CR16","unstructured":"Kiner, E., April, T.: Google mitigated the largest DDoS attack to date, peaking above 398 million RPS (2023). https:\/\/cloud.google.com\/blog\/products\/identity-security\/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps"},{"key":"5_CR17","unstructured":"Li, Q., et al.: Dollm: how large language models understanding network flow data to detect carpet bombing DDoS. arXiv preprint (2024). arXiv:2405.07638"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Li, Y., Zhou, Z., Li, R., Shi, F., Guo, J., Liu, Q.: Gogddos: a multi-classifier for DDoS attacks using graph neural networks. In: 2023 IEEE Symposium on Computers and Communications (ISCC), pp. 1462\u20131467. IEEE (2023)","DOI":"10.1109\/ISCC58397.2023.10218316"},{"key":"5_CR19","unstructured":"Liu, Y., et al.: A survey of visual transformers. IEEE Trans. Neural Netw. Learn. Syst. (2023)"},{"key":"5_CR20","unstructured":"Liu, Z., et al.: Jaqen: a high-performance switch-native approach for detecting and mitigating volumetric DDoS attacks with programmable switches. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3829\u20133846 (2021)"},{"key":"5_CR21","unstructured":"Luo, X., Chang, R.K., et\u00a0al.: On a new class of pulsing denial-of-service attacks and the defense. In: NDSS (2005)"},{"key":"5_CR22","unstructured":"Manvi, R., Khanna, S., Mai, G., Burke, M., Lobell, D., Ermon, S.: Geollm: extracting geospatial knowledge from large language models. arXiv preprint (2023). arXiv:2310.06213"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint (2018). arXiv:1802.09089","DOI":"10.14722\/ndss.2018.23204"},{"key":"5_CR24","unstructured":"Moustafa, N.: New generations of internet of things datasets for cybersecurity applications based machine learning: ToN_IoT datasets. In: Proceedings of the eResearch Australasia Conference, pp. 21\u201325. Brisbane (2019)"},{"key":"5_CR25","first-page":"102994","volume":"72","author":"N Moustafa","year":"2021","unstructured":"Moustafa, N.: A new distributed architecture for evaluating AI-based security systems at the edge: network ToN_IoT datasets. Sustain. Urban Areas 72, 102994 (2021)","journal-title":"Sustain. Urban Areas"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Moustafa, N.: A systemic IoT\u2013fog\u2013cloud architecture for big-data analytics and cyber security systems: a review of fog computing. Secure Edge Comput. 41\u201350 (2021)","DOI":"10.1201\/9781003028635-4"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Ahmed, M., Ahmed, S.: Data analytics-enabled intrusion detection: evaluations of ToN_IoT linux datasets. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 727\u2013735. IEEE (2020)","DOI":"10.1109\/TrustCom50675.2020.00100"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. Data Analytics Decis. Support Cybersecurity Trends Methodologies Appl. 127\u2013156 (2017)","DOI":"10.1007\/978-3-319-59439-2_5"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Keshky, M., Debiez, E., Janicke, H.: Federated ToN_IoT windows datasets for evaluating AI-based security applications. In: 2020 IEEE 19th international conference on trust, security and privacy in computing and communications (TrustCom), pp. 848\u2013855. IEEE (2020)","DOI":"10.1109\/TrustCom50675.2020.00114"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp.\u00a01\u20136. IEEE (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"issue":"1\u20133","key":"5_CR31","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1080\/19393555.2015.1125974","volume":"25","author":"N Moustafa","year":"2016","unstructured":"Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1\u20133), 18\u201331 (2016)","journal-title":"Inf. Secur. J. Global Perspect."},{"issue":"4","key":"5_CR32","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1109\/TBDATA.2017.2715166","volume":"5","author":"N Moustafa","year":"2017","unstructured":"Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data 5(4), 481\u2013494 (2017)","journal-title":"IEEE Trans. Big Data"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Qing, Y., et al.: Low-quality training data only? a robust framework for detecting encrypted malicious network traffic. arXiv preprint (2023). arXiv:2309.04798","DOI":"10.14722\/ndss.2024.23081"},{"issue":"20","key":"5_CR34","doi-asserted-by":"publisher","first-page":"8642","DOI":"10.3390\/s23208642","volume":"23","author":"M Ramzan","year":"2023","unstructured":"Ramzan, M., et al.: Distributed denial of service attack detection in network traffic using deep learning algorithm. Sensors 23(20), 8642 (2023)","journal-title":"Sensors"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: Netflow datasets for machine learning-based network intrusion detection systems. In: Big Data Technologies and Applications: 10th EAI International Conference, BDTA 2020, and 13th EAI International Conference on Wireless Internet, WiCON 2020, Virtual Event, 11 Dec 2020, Proceedings 10, pp. 117\u2013135. Springer (2021)","DOI":"10.1007\/978-3-030-72802-1_9"},{"key":"5_CR36","first-page":"108","volume":"1","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A., et al.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108\u2013116 (2018)","journal-title":"ICISSp"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp.\u00a01\u20138. IEEE (2019)","DOI":"10.1109\/CCST.2019.8888419"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. pp.\u00a01\u20136. IEEE (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"issue":"1","key":"5_CR40","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1016\/j.dcan.2023.03.008","volume":"10","author":"F Ullah","year":"2024","unstructured":"Ullah, F., Ullah, S., Srivastava, G., Lin, J.: IDS-INT: intrusion detection system using transformer-based transfer learning for imbalanced network traffic. Digit. Commun. Netw. 10(1), 190\u2013204 (2024)","journal-title":"Digit. Commun. Netw."},{"key":"5_CR41","unstructured":"Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"5_CR42","doi-asserted-by":"publisher","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","volume":"7","author":"R Vinayakumar","year":"2019","unstructured":"Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525\u201341550 (2019)","journal-title":"IEEE Access"},{"key":"5_CR43","unstructured":"Wei, Y., Jang-Jaccard, J., Sabrina, F., Xu, W., Camtepe, S., Dunmore, A.: Reconstruction-based LSTM-autoencoder for anomaly-based DDoS attack detection over multivariate time-series data. arXiv preprint (2023). arXiv:2305.09475"},{"key":"5_CR44","doi-asserted-by":"publisher","first-page":"64375","DOI":"10.1109\/ACCESS.2022.3182333","volume":"10","author":"Z Wu","year":"2022","unstructured":"Wu, Z., Zhang, H., Wang, P., Sun, Z.: RTIDS: a robust transformer-based approach for intrusion detection system. IEEE Access 10, 64375\u201364387 (2022)","journal-title":"IEEE Access"},{"key":"5_CR45","unstructured":"Xu, J., Wu, H., Wang, J., Long, M.: Anomaly transformer: time series anomaly detection with association discrepancy. arXiv preprint (2021). arXiv:2110.02642"},{"key":"5_CR46","unstructured":"Yoachimik, O., Pacheco, J.: DDoS threat report for 2024 q1 (2024). https:\/\/blog.cloudflare.com\/ddos-threat-report-for-2024-q1"},{"key":"5_CR47","doi-asserted-by":"crossref","unstructured":"Zhou, P., et al.: Attention-based bidirectional long short-term memory networks for relation classification. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (volume 2: Short papers), pp. 207\u2013212 (2016)","DOI":"10.18653\/v1\/P16-2034"}],"container-title":["Lecture Notes in Computer Science","Neural Information Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-6591-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T04:43:59Z","timestamp":1766378639000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-6591-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819665907","9789819665914"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-6591-4_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"24 June 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICONIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Neural Information Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Auckland","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Zealand","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iconip2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/iconip2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}