{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T14:13:23Z","timestamp":1772115203644,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,4,12]],"date-time":"2025-04-12T00:00:00Z","timestamp":1744416000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,12]],"date-time":"2025-04-12T00:00:00Z","timestamp":1744416000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01029-9","type":"journal-article","created":{"date-parts":[[2025,4,12]],"date-time":"2025-04-12T08:30:19Z","timestamp":1744446619000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Filter aggregation for DDoS prevention systems: hardware perspective"],"prefix":"10.1007","volume":"24","author":[{"given":"Piotr","family":"Arabas","sequence":"first","affiliation":[]},{"given":"Marek","family":"Dawidiuk","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,12]]},"reference":[{"key":"1029_CR1","unstructured":"Arista Networks, Inc. 7280r3 series data center switch router data sheet. (2024) https:\/\/www.arista.com\/assets\/data\/pdf\/Datasheets\/7280R3-Data-Sheet.pdf"},{"key":"1029_CR2","unstructured":"Arista Networks, Inc. 7500r3 series data center switch router data sheet. (2024) https:\/\/www.arista.com\/ assets\/data\/pdf\/Datasheets\/7500R3-Data-Sheet.pdf"},{"key":"1029_CR3","unstructured":"Arista Networks, Inc. 7050x3 series 10\/25\/40\/50\/100g data center switches data sheet. (2024) https:\/\/www.arista.com\/assets\/data\/ pdf\/Datasheets\/7050X3-Datasheet.pdf"},{"key":"1029_CR4","doi-asserted-by":"crossref","unstructured":"Bandi, N., Tajbakhsh, H., Analoui, M.: Fastmove: Fast ip switching moving target defense to mitigate ddos attacks. In: 2021 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1\u20137, (2021)","DOI":"10.1109\/DSC49826.2021.9346278"},{"key":"1029_CR5","doi-asserted-by":"crossref","unstructured":"Chen, A., Sriraman, A., Vaidya, T., Zhang, Y., Haeberlen, A., Loo, B., Phan, L., Sherr, M., Shields, C., Zhou, W.: Dispersing asymmetric ddos attacks with splitstack. In Proceedings of the 15th ACM Workshop on Hot Topics in Networks, HotNets \u201916, pp.197\u2013203, New York, NY, USA, Association for Computing Machinery. (2016)","DOI":"10.1145\/3005745.3005773"},{"key":"1029_CR6","doi-asserted-by":"publisher","first-page":"665","DOI":"10.1016\/j.cose.2004.06.008","volume":"23","author":"L-C Chen","year":"2004","unstructured":"Chen, L.-C., Longstaff, T.A., Carley, K.M.: Characterization of defense mechanisms against distributed denial of service attacks. Comput. Secur. 23, 665\u2013678 (2004)","journal-title":"Comput. Secur."},{"key":"1029_CR7","unstructured":"Cisco Systems, Inc. Cisco nexus 3132c-z switches. (2020) https:\/\/www.cisco.com\/c\/en\/us\/products\/ collateral\/switches\/nexus-3000-series-switches\/datasheet-c78-740895.pdf"},{"issue":"5","key":"1029_CR8","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.comnet.2003.10.003","volume":"44","author":"C Douligeris","year":"2004","unstructured":"Douligeris, C., Mitrokotsa, A.: Ddos attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643\u2013666 (2004)","journal-title":"Comput. Netw."},{"key":"1029_CR9","doi-asserted-by":"crossref","unstructured":"Giotsas, V., Smaragdakis, G., Dietzel, C., Richter, P., Feldmann, A., Berger, A.: Inferring bgp blackholing activity in the internet. In Proceedings of the 2017 Internet Measurement Conference, pp. 1\u201314, (2017)","DOI":"10.1145\/3131365.3131379"},{"key":"1029_CR10","unstructured":"Hanks, D.\u00a0R.: Juniper QFX5100 Series. A Comprehensive Guide to Building Next-Generation Networks. O\u2019Reilly Media, Inc., (2015)"},{"key":"1029_CR11","unstructured":"Hanks, D.\u00a0R.: Juniper QFX10000 Series. A Comprehensive Guide to Building Next-Generation Data Centers. O\u2019Reilly Media, Inc., (2016)"},{"key":"1029_CR12","doi-asserted-by":"crossref","unstructured":"Hiesgen, R., Nawrocki, M., Barcellos, M., Kopp, D., Hohlfeld, O., Chan, E., Dobbins, R., Doer, C., Rossow, C., Thomas, D., Jonker, M., Mok, R., Luo, X., Kristoff, J., Schmidt, T., W\u00e4hlisch, M., Claffy, K.: The age of DDoScovery: an empirical comparison of industry and academic DDoS assessments. In: ACM Internet Measurement Conference (IMC), (2024)","DOI":"10.1145\/3646547.3688451"},{"key":"1029_CR13","doi-asserted-by":"crossref","unstructured":"Hinze, N., Nawrocki, M., Jonker, M., Dainotti, A., Schmidt, T., W\u00e4hlisch, M.: On the potential of BGP flowspec for DDoS mitigation at two sources: ISP and IXP. In ACM SIGCOMM Poster, (2018)","DOI":"10.1145\/3234200.3234209"},{"key":"1029_CR14","doi-asserted-by":"crossref","unstructured":"Hung, C.-H., Wang, J.-J., Wang, L.-C., Wang, K.-C., Lee, C.-W.: Heterogeneous flow table integration for capacity enhancement in software-defined networks. In 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 832\u2013836, (2018)","DOI":"10.1109\/ICCNC.2018.8390421"},{"key":"1029_CR15","doi-asserted-by":"crossref","unstructured":"Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch me if you can: A cloud-enabled ddos defense. In 2014 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 264\u2013275, (2014)","DOI":"10.1109\/DSN.2014.35"},{"key":"1029_CR16","doi-asserted-by":"crossref","unstructured":"Jonker, M., Pras, A., Dainotti, A., Sperotto, A.: A first joint look at dos attacks and bgp blackholing in the wild. In Proceedings of the Internet Measurement Conference 2018, IMC \u201918, pp. 457\u2013463, New York, NY, USA, Association for Computing Machinery. (2018)","DOI":"10.1145\/3278532.3278571"},{"key":"1029_CR17","unstructured":"Juniper Networks, Inc. Qfx10000 switches system architecture, white paper. (2015) https:\/\/www.juniper.net\/content\/dam\/www\/assets\/white-papers\/us\/en\/routers\/qfx10000-system-architecture.pdf"},{"key":"1029_CR18","unstructured":"Juniper Networks, Inc. Configuring firewall filters (qfx series switches, ex4600 switches, ptx series routers). (2024) https:\/\/www.juniper.net\/documentation\/us\/en\/software \/junos\/routing-policy\/topics\/topic-map\/firewall-filters-planning-numbers-map-qfx-series.html"},{"issue":"4","key":"1029_CR19","doi-asserted-by":"publisher","first-page":"2761","DOI":"10.1109\/JSYST.2016.2602848","volume":"11","author":"K Kalkan","year":"2017","unstructured":"Kalkan, K., G\u00fcr, G., Alag\u00f6z, F.: Filtering-based defense mechanisms against ddos attacks: a survey. IEEE Syst. J. 11(4), 2761\u20132773 (2017)","journal-title":"IEEE Syst. J."},{"issue":"4","key":"1029_CR20","doi-asserted-by":"publisher","first-page":"137","DOI":"10.3390\/fi16040137","volume":"16","author":"V Kampourakis","year":"2024","unstructured":"Kampourakis, V., Makrakis, G., Kolias, C.: From seek-and-destroy to split-and-destroy: connection partitioning as an effective tool against low-rate dos attacks. Future Internet 16(4), 137 (2024)","journal-title":"Future Internet"},{"key":"1029_CR21","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1016\/j.ejcon.2021.07.001","volume":"61","author":"MP Karpowicz","year":"2021","unstructured":"Karpowicz, M.P.: Adaptive tuning of network traffic policing mechanisms for ddos attack mitigation systems. Eur. J. Control. 61, 101\u2013118 (2021)","journal-title":"Eur. J. Control."},{"key":"1029_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102423","volume":"110","author":"S Kaur","year":"2021","unstructured":"Kaur, S., Kumar, K., Aggarwal, N., Singh, G.: A comprehensive survey of ddos defense solutions in sdn: taxonomy, research challenges, and future directions. Comput. & Secur. 110, 102423 (2021)","journal-title":"Comput. & Secur."},{"key":"1029_CR23","doi-asserted-by":"publisher","first-page":"9436","DOI":"10.1109\/TIFS.2024.3472477","volume":"19","author":"D Kong","year":"2024","unstructured":"Kong, D., Chen, X., Wu, C., Shen, Y., Zhou, Z., Cheng, Q., Liu, X., Yang, M., Qiu, Y., Zhang, D., Khan, M.K.: rdefender: alightweight and robust defense against flow table overflow attacks in sdn. IEEE Trans. Inf. Forensics Secur. 19, 9436\u20139451 (2024)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"4","key":"1029_CR24","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1145\/1090191.1080115","volume":"35","author":"K Lakshminarayanan","year":"2005","unstructured":"Lakshminarayanan, K., Rangarajan, A., Venkatachary, S.: Algorithms for advanced packet classification with ternary cams. SIGCOMM Comput. Commun. Rev. 35(4), 193\u2013204 (2005)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"1029_CR25","doi-asserted-by":"crossref","unstructured":"Lee, S., Kang, M., Gligor, V.: CoDef: Collaborative defense against large-scale link-flooding attacks. In ACM Conf. on Emerging Networking Experiments and Technologies (CoNEXT), pp. 417\u2013428, (2013)","DOI":"10.1145\/2535372.2535398"},{"key":"1029_CR26","doi-asserted-by":"crossref","unstructured":"Li, J., Sisodia, D., Feng, Y., Shi, L., Zhang, M., Early, C., Reiher, P.: Toward adaptive ddos-filtering rule generation. In 2023 IEEE Conference on Communications and Network Security (CNS), pp. 1\u20139. IEEE, (Oct. 2023)","DOI":"10.1109\/CNS59707.2023.10288699"},{"key":"1029_CR27","doi-asserted-by":"crossref","unstructured":"Li, X., Huang, Y.: A flow table with two-stage timeout mechanism for sdn switches. In 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), pp. 1804\u20131809, (2019)","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00248"},{"key":"1029_CR28","unstructured":"Liu, H.: Efficient mapping of range classifier into ternary-cam. In Proceedings 10th Symposium on High Performance Interconnects, pp. 95\u2013100, (2002)"},{"key":"1029_CR29","doi-asserted-by":"crossref","unstructured":"Luan, Z., Li, Q., Zhang, Z., Jiang, Y., Chen, M., Wang, Y., Li, K.: Awesome-cache: Dependency-free rule-caching for arbitrary wildcard patterns in tcam. In 2023 IEEE 31st International Conference on Network Protocols (ICNP), pp. 1\u201312, (2023)","DOI":"10.1109\/ICNP59255.2023.10355586"},{"key":"1029_CR30","unstructured":"Malware, Messaging: Mobile Anti-Abuse Working Group. M3aawg border gateway protocol (bgp) flowspec best practices. www.m3aawg.org\/flowspec-BP, (2019)"},{"issue":"2","key":"1029_CR31","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1109\/TNET.2018.2809583","volume":"26","author":"E Norige","year":"2018","unstructured":"Norige, E., Liu, A.X., Torng, E.: A ternary unification framework for optimizing tcam-based packet classification systems. IEEE\/ACM Trans. Netw. 26(2), 657\u2013670 (2018)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"1029_CR32","unstructured":"Open Networking Foundation. OpenFlow switch specification.(2013) https:\/\/www.opennetworking.org\/ images\/stories\/downloads\/sdn-resources\/onf-specifications\/openflow\/openflow-spec-v1.4.0.pdf"},{"issue":"2","key":"1029_CR33","doi-asserted-by":"publisher","first-page":"1445","DOI":"10.1109\/TNSM.2020.3047468","volume":"18","author":"M Polverini","year":"2021","unstructured":"Polverini, M., Gal\u00e1n-Jim\u00e9nez, J., Lavacca, F.G., Cianfrani, A., Eramo, V.: A scalable and offloading-based traffic classification solution in nfv\/sdn network architectures. IEEE Trans. Netw. Serv. Manag. 18(2), 1445\u20131460 (2021)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"1029_CR34","unstructured":"Ryburn, J.: Day one: Deploying bgp flowspec, juniper networks books. https:\/\/www.juniper.net\/documentation\/en_US\/day-one-books\/DO_BGP_FLowspec.pdf, (2015)"},{"key":"1029_CR35","doi-asserted-by":"crossref","unstructured":"Sheu, J.-P., Wang, P.-Y., Jagadeesha, R.: Wildcard-rule caching and cache replacement algorithms in software-defined networking. In 2017 European Conference on Networks and Communications (EuCNC), pp. 1\u20136, (2017)","DOI":"10.1109\/EuCNC.2017.7980654"},{"key":"1029_CR36","unstructured":"Simon, D.\u00a0R., Agarwal, S., Maltz, D.\u00a0A.: As-based accountability as a cost-effective ddos defense. In Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots\u201907, p. 9, USA, USENIX Association, (2007)"},{"key":"1029_CR37","doi-asserted-by":"crossref","unstructured":"Sommese, R., Claffy, K., Van Rijswijk-Deij, R., Chattopadhyay, A., Dainotti, A., Sperotto, A., Jonker, M.: Investigating the impact of DDoS attacks on DNS infrastructure. In ACM Internet Measurement Conference (IMC), (2022)","DOI":"10.1145\/3517745.3561458"},{"key":"1029_CR38","doi-asserted-by":"publisher","first-page":"06","DOI":"10.1007\/s11277-023-10544-8","volume":"131","author":"R Swami","year":"2023","unstructured":"Swami, R., Dave, M., Ranga, V.: Mitigation of ddos attack using moving target defense in sdn. Wireless Pers. Commun. 131, 06 (2023)","journal-title":"Wireless Pers. Commun."},{"key":"1029_CR39","doi-asserted-by":"crossref","unstructured":"Tandon, R., Charnsethikul, P., Kallitsis, M., Mirkovic, J.: Amon-senss: Scalable and accurate detection of volumetric ddos attacks at isps. In GLOBECOM 2022-2022 IEEE Global Communications Conference, pp. 3399\u20133404, (2022)","DOI":"10.1109\/GLOBECOM48099.2022.10001010"},{"key":"1029_CR40","doi-asserted-by":"crossref","unstructured":"Vishwakarma, R., Jain, A.: A honeypot with machine learning based detection framework for defending iot based botnet ddos attacks. In 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), pp. 1019\u20131024, (2019)","DOI":"10.1109\/ICOEI.2019.8862720"},{"key":"1029_CR41","doi-asserted-by":"crossref","unstructured":"Wagner, D., Kopp, D., Wichtlhuber, M., Dietzel, C., Hohlfeld, O., Smaragdakis, G., Feldmann, A.: United we stand: Collaborative detection and mitigation of amplification ddos attacks at scale. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201921, pp. 970\u2013987, New York, NY, USA. Association for Computing Machinery, (2021)","DOI":"10.1145\/3460120.3485385"},{"key":"1029_CR42","unstructured":"Weiler, N.: Honeypots for distributed denial-of-service attacks. In Proceedings. 11th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 109\u2013114, (2002)"},{"key":"1029_CR43","doi-asserted-by":"crossref","unstructured":"Wichtlhuber, M., Strehle, E., Kopp, D., Prepens, L., Stegmueller, S., Rubina, A., Dietzel, C., Hohlfeld, O.: Ixp scrubber: learning from blackholing traffic for ml-driven ddos detection at scale. In Proceedings of the ACM SIGCOMM 2022 Conference, SIGCOMM \u201922, pp. 707\u2013722, New York, NY, USA. Association for Computing Machinery, (2022)","DOI":"10.1145\/3544216.3544268"},{"issue":"5","key":"1029_CR44","doi-asserted-by":"publisher","first-page":"2158","DOI":"10.1109\/TNET.2022.3169136","volume":"30","author":"R Xie","year":"2022","unstructured":"Xie, R., Cao, J., Li, Q., Sun, K., Gu, G., Xu, M., Yang, Y.: Disrupting the sdn control channel via shared links: Attacks and countermeasures. IEEE\/ACM Trans. Netw. 30(5), 2158\u20132172 (2022)","journal-title":"IEEE\/ACM Trans. Netw."},{"issue":"1","key":"1029_CR45","doi-asserted-by":"publisher","first-page":"7","DOI":"10.3390\/iot6010007","volume":"6","author":"J Ye","year":"2025","unstructured":"Ye, J., Wang, Z., Yang, J., Wang, C., Zhang, C.: An lddos attack detection method based on behavioral characteristics and stacking mechanism. IoT 6(1), 7 (2025)","journal-title":"IoT"},{"key":"1029_CR46","unstructured":"Zayo. A look at recent DDoS attacks and the cyberattack landscape in 2022 so far. (2022) https:\/\/www.zayo.com\/resources\/ddos-attack-trends\/"},{"key":"1029_CR47","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Cong, P., Liu, B., Wang, W., Xu, K.: Air: An ai-based tcam entry replacement scheme for routers. In 2021 IEEE\/ACM 29th International Symposium on Quality of Service (IWQOS), pp. 1\u201310, (2021)","DOI":"10.1109\/IWQOS52092.2021.9521314"},{"issue":"7","key":"1029_CR48","doi-asserted-by":"publisher","first-page":"1838","DOI":"10.1109\/TIFS.2018.2805600","volume":"13","author":"J Zheng","year":"2018","unstructured":"Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K.Y., Wu, J.: Realtime ddos defense using cots sdn switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838\u20131853 (2018)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1029_CR49","doi-asserted-by":"crossref","unstructured":"Zhou, H., Hong, S., Liu, Y., Luo, X., Li, W., Gu, G.: Mew: Enabling large-scale and dynamic link-flooding defenses on programmable switches. In 2023 IEEE Symposium on Security and Privacy (SP), pp. 3178\u20133192, (2023)","DOI":"10.1109\/SP46215.2023.10179404"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01029-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01029-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01029-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:27Z","timestamp":1750500687000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01029-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,12]]},"references-count":49,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1029"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01029-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,12]]},"assertion":[{"value":"12 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that there are no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"115"}}