{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T15:39:44Z","timestamp":1772206784739,"version":"3.50.1"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2019,4,11]],"date-time":"2019-04-11T00:00:00Z","timestamp":1554940800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s10207-019-00434-1","type":"journal-article","created":{"date-parts":[[2019,4,11]],"date-time":"2019-04-11T09:16:13Z","timestamp":1554974173000},"page":"761-785","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":83,"title":["DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation"],"prefix":"10.1007","volume":"18","author":[{"given":"Muhammad","family":"Aamir","sequence":"first","affiliation":[]},{"given":"Syed Mustafa Ali","family":"Zaidi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,4,11]]},"reference":[{"key":"434_CR1","first-page":"117","volume-title":"Denial of Service Attacks, Network Security: Current Status and Future Directions","author":"A Mitrokotsa","year":"2006","unstructured":"Mitrokotsa, A., Douligeris, C.: Denial of Service Attacks, Network Security: Current Status and Future Directions, pp. 117\u2013134. Wiley, Hoboken (2006)"},{"key":"434_CR2","doi-asserted-by":"crossref","unstructured":"Zhang, L., Yu, S., Wu, D., Watters, P.: A survey on latest botnet attack and defense. In: 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE, pp. 53\u201360 (2011)","DOI":"10.1109\/TrustCom.2011.11"},{"key":"434_CR3","unstructured":"State of the Internet Security\u2014Q4 2017, Report from Akamai, 4(4), (2018)"},{"key":"434_CR4","doi-asserted-by":"crossref","unstructured":"Nagesh, K., Sumathy, R., Devakumar, P., Sathiyamurthy, K.: A survey on denial of service attacks and preclusions. In: International conference on informatics and analytics, p. 118 (2016)","DOI":"10.1145\/2980258.2982110"},{"key":"434_CR5","unstructured":"KDD Cup 1999 Dataset. \n                    http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"},{"key":"434_CR6","unstructured":"CAIDA DDoS Attack 2007 Dataset. \n                    http:\/\/www.caida.org\/data\/passive\/ddos-20070804_dataset.xml"},{"key":"434_CR7","unstructured":"CAIDA Anonymized Internet Traces 2008 Dataset. \n                    http:\/\/www.caida.org\/data\/passive\/passive_2008_dataset.xml"},{"key":"434_CR8","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Symposium on Computational Intelligence for Security and Defense Applications (CISDA), IEEE, pp. 1\u20136 (2009)","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"434_CR9","unstructured":"ISOT Botnet Dataset. \n                    https:\/\/www.uvic.ca\/engineering\/ece\/isot\/datasets\/index.php"},{"key":"434_CR10","unstructured":"The Honeynet Project. \n                    http:\/\/www.honeynet.org\/chapters\/france"},{"issue":"3","key":"434_CR11","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","journal-title":"Comput. Secur."},{"key":"434_CR12","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), pp. 1\u20136 (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"434_CR13","doi-asserted-by":"crossref","unstructured":"Gao, Y., Feng, Y., Kawamoto, J., Sakurai, K.: A machine learning based approach for detecting DRDoS attacks and its performance evaluation. In: 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 80\u201386 (2016)","DOI":"10.1109\/AsiaJCIS.2016.24"},{"key":"434_CR14","doi-asserted-by":"crossref","unstructured":"Singh, N.A., Singh, K.J., De, T.: Distributed denial of service attack detection using Naive Bayes classifier through info gain feature selection. In: International Conference on Informatics and Analytics, p. 54 (2016)","DOI":"10.1145\/2980258.2980379"},{"key":"434_CR15","doi-asserted-by":"crossref","unstructured":"Azab, A., Alazab, M., Aiash, M.: Machine learning based botnet identification traffic. In: Trustcom\/BigDataSE\/I SPA, IEEE, pp. 1788\u20131794 (2016)","DOI":"10.1109\/TrustCom.2016.0275"},{"key":"434_CR16","doi-asserted-by":"crossref","unstructured":"Yusof, A.R., Udzir, N.I., Selamat, A., Hamdan, H., Abdullah, M.T.: Adaptive feature selection for denial of services (DoS) attack. In: IEEE Conference on Application, Information and Network Security (AINS), IEEE, pp. 81\u201384 (2017)","DOI":"10.1109\/AINS.2017.8270429"},{"key":"434_CR17","doi-asserted-by":"crossref","unstructured":"Singh, K.J., De, T.: Efficient classification of DDoS attacks using an ensemble feature selection algorithm. J. Intell. Syst (2017). \n                    https:\/\/doi.org\/10.1515\/jisys-2017-0472","DOI":"10.1515\/jisys-2017-0472"},{"issue":"2","key":"434_CR18","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/s13369-017-2634-8","volume":"43","author":"S Khan","year":"2018","unstructured":"Khan, S., Gani, A., Wahab, A.W.A., Singh, P.K.: Feature selection of Denial-of-Service attacks using entropy and granular computing. Arab. J. Sci. Eng. 43(2), 499\u2013508 (2018)","journal-title":"Arab. J. Sci. Eng."},{"key":"434_CR19","doi-asserted-by":"crossref","unstructured":"Alejandre, F.V., Corts, N.C., Anaya, E.A.: Feature selection to detect botnets using machine learning algorithms. In: International Conference on Electronics, Communications and Computers (CONIELECOMP), pp. 1\u20137 (2017)","DOI":"10.1109\/CONIELECOMP.2017.7891834"},{"key":"434_CR20","doi-asserted-by":"crossref","unstructured":"Al-Hawawreh, M.S.: SYN flood attack detection in cloud environment based on TCP\/IP header statistical features. In: 8th International Conference on Information Technology (ICIT), pp. 236\u2013243 (2017)","DOI":"10.1109\/ICITECH.2017.8080006"},{"key":"434_CR21","doi-asserted-by":"crossref","unstructured":"Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2nd International Symposium on Aware Computing (ISAC), pp. 196\u2013199 (2010)","DOI":"10.1109\/ISAC.2010.5670479"},{"key":"434_CR22","first-page":"301","volume-title":"Estimating Strength of a DDoS Attack in Real Time Using ANN Based Scheme, Computer Networks and Intelligent Computing","author":"PK Agrawal","year":"2011","unstructured":"Agrawal, P.K., Gupta, B.B., Jain, S., Pattanshetti, M.K.: Estimating Strength of a DDoS Attack in Real Time Using ANN Based Scheme, Computer Networks and Intelligent Computing, pp. 301\u2013310. Springer, Berlin (2011)"},{"key":"434_CR23","first-page":"117","volume-title":"Predicting Number of Zombies in a DDoS Attack Using ANN Based Scheme, Information Technology and Mobile Communication","author":"BB Gupta","year":"2011","unstructured":"Gupta, B.B., Joshi, R.C., Misra, M., Jain, A., Juyal, S., Prabhakar, R., Singh, A.K.: Predicting Number of Zombies in a DDoS Attack Using ANN Based Scheme, Information Technology and Mobile Communication, pp. 117\u2013122. Springer, Berlin (2011)"},{"key":"434_CR24","doi-asserted-by":"crossref","unstructured":"Bansal, A., Mahapatra, S.: A comparative analysis of machine learning techniques for botnet detection. In: 10th International Conference on Security of Information and Networks, pp. 91\u201398 (2017)","DOI":"10.1145\/3136825.3136874"},{"key":"434_CR25","doi-asserted-by":"crossref","unstructured":"Lu, L., Feng, Y., Sakurai, K.: C&C session detection using random forest. In: 11th International Conference on Ubiquitous Information Management and Communication, p. 34 (2017)","DOI":"10.1145\/3022227.3022260"},{"key":"434_CR26","doi-asserted-by":"crossref","unstructured":"Zekri, M., El Kafhali, S., Aboutabit, N., Saadi, Y.: DDoS attack detection using machine learning techniques in cloud computing environments. In: 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), pp. 1\u20137 (2017)","DOI":"10.1109\/CloudTech.2017.8284731"},{"key":"434_CR27","doi-asserted-by":"crossref","unstructured":"Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: International Conference on Smart Computing (SMARTCOMP), IEEE, pp. 1\u20138 (2017)","DOI":"10.1109\/SMARTCOMP.2017.7946998"},{"issue":"1","key":"434_CR28","first-page":"436","volume":"7","author":"M Alkasassbeh","year":"2016","unstructured":"Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436\u2013445 (2016)","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"434_CR29","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1016\/j.cose.2016.10.005","volume":"65","author":"K Singh","year":"2017","unstructured":"Singh, K., Singh, P., Kumar, K.: Application layer HTTP-GET flood DDoS attacks: research landscape and challenges. Comput. Secur. 65, 344\u2013372 (2017)","journal-title":"Comput. Secur."},{"key":"434_CR30","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1016\/j.cose.2017.09.009","volume":"72","author":"N Tripathi","year":"2018","unstructured":"Tripathi, N., Hubballi, N.: Slow rate denial of service attacks against HTTP\/2 and detection. Comput. Secur. 72, 255\u2013272 (2018)","journal-title":"Comput. Secur."},{"key":"434_CR31","doi-asserted-by":"crossref","unstructured":"Jonker, M., King, A., Krupp, J., Rossow, C., Sperotto, A., Dainotti, A.: Millions of targets under attack: a macroscopic characterization of the DoS ecosystem. In: Internet Measurement Conference, pp. 100\u2013113 (2017)","DOI":"10.1145\/3131365.3131383"},{"issue":"2","key":"434_CR32","first-page":"173","volume":"19","author":"M Aamir","year":"2013","unstructured":"Aamir, M., Zaidi, M.A.: A survey on DDoS attack and defense strategies: from traditional schemes to current techniques. Interdiscip. Inf. Sci. 19(2), 173\u2013200 (2013)","journal-title":"Interdiscip. Inf. Sci."},{"key":"434_CR33","doi-asserted-by":"crossref","unstructured":"Shakeel, F., Sabhitha, A.S., Sharma, S.: Exploratory review on class imbalance problem: an overview. In: 8th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1\u20138 (2017)","DOI":"10.1109\/ICCCNT.2017.8204150"},{"key":"434_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10489-018-1141-2","volume":"48","author":"M Idhammad","year":"2018","unstructured":"Idhammad, M., Afdel, K., Belouch, M.: Semi-supervised machine learning approach for DDoS detection. Appl. Intell. 48, 1\u201316 (2018)","journal-title":"Appl. Intell."},{"key":"434_CR35","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1016\/j.eswa.2016.12.035","volume":"73","author":"G Haixiang","year":"2017","unstructured":"Haixiang, G., Yijing, L., Shang, J., Mingyun, G., Yuanyue, H., Bing, G.: Learning from class-imbalanced data: review of methods and applications. Expert Syst. Appl. 73, 220\u2013239 (2017)","journal-title":"Expert Syst. Appl."},{"key":"434_CR36","doi-asserted-by":"crossref","unstructured":"Miller, S., Busby-Earle, C.: The role of machine learning in botnet detection. In: 11th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 359\u2013364 (2016)","DOI":"10.1109\/ICITST.2016.7856730"},{"key":"434_CR37","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.compeleceng.2016.01.012","volume":"50","author":"G Kirubavathi","year":"2016","unstructured":"Kirubavathi, G., Anitha, R.: Botnet detection via mining of traffic flow characteristics. Comput. Electr. Eng. 50, 91\u2013101 (2016)","journal-title":"Comput. Electr. Eng."},{"key":"434_CR38","unstructured":"Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Analysing feature selection and classification techniques for DDoS detection in cloud. In: Proceedings of Southern Africa Telecommunication (2016)"},{"key":"434_CR39","doi-asserted-by":"crossref","unstructured":"Larose, D.T., Larose, C.D.: k-Nearest neighbor algorithm. Discovering Knowledge in Data: an Introduction to Data Mining, 2nd edn, pp. 149\u2013164. John Wiley & Sons (2014)","DOI":"10.1002\/9781118874059.ch7"},{"issue":"1","key":"434_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10115-007-0114-2","volume":"14","author":"X Wu","year":"2008","unstructured":"Wu, X., et al.: Top 10 algorithms in data mining. Knowl. Inf. Syst. 14(1), 1\u201337 (2008)","journal-title":"Knowl. Inf. Syst."},{"key":"434_CR41","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-1-4899-7641-3","volume-title":"Support Vector Machine, Machine Learning Models and Algorithms for Big Data Classification","author":"S Suthaharan","year":"2016","unstructured":"Suthaharan, S.: Support Vector Machine, Machine Learning Models and Algorithms for Big Data Classification, pp. 207\u2013235. Springer, Berlin (2016)"},{"issue":"1","key":"434_CR42","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"434_CR43","unstructured":"Nielsen, M.A.: Neural Networks and Deep Learning. Determination Press (2015). \n                    http:\/\/neuralnetworksanddeeplearning.com\/"},{"key":"434_CR44","unstructured":"Glorot, X., Bordes, A., Bengio, Y.: Deep sparse rectifier neural networks. In: 14th International Conference on Artificial Intelligence and Statistics, pp. 315\u2013323 (2011)"},{"key":"434_CR45","unstructured":"scikit-learn: Data science library for Python. \n                    https:\/\/pypi.org\/project\/scikit-learn\/"},{"key":"434_CR46","unstructured":"TensorFlow: Open source ML platform. \n                    https:\/\/www.tensorflow.org\/"},{"issue":"1","key":"434_CR47","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1002\/widm.8","volume":"1","author":"W-Y Loh","year":"2011","unstructured":"Loh, W.-Y.: Classification and regression trees. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 1(1), 14\u201323 (2011)","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Discov."},{"issue":"7","key":"434_CR48","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","volume":"30","author":"AP Bradley","year":"1997","unstructured":"Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognit. 30(7), 1145\u20131159 (1997)","journal-title":"Pattern Recognit."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-019-00434-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-019-00434-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-019-00434-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,9]],"date-time":"2020-04-09T23:27:29Z","timestamp":1586474849000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-019-00434-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,11]]},"references-count":48,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["434"],"URL":"https:\/\/doi.org\/10.1007\/s10207-019-00434-1","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,11]]},"assertion":[{"value":"11 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}