{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T11:29:12Z","timestamp":1780054152703,"version":"3.54.0"},"reference-count":57,"publisher":"Springer Science and Business Media LLC","issue":"18","license":[{"start":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T00:00:00Z","timestamp":1700697600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T00:00:00Z","timestamp":1700697600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100011665","name":"Deanship of Scientific Research, King Saud University","doi-asserted-by":"publisher","award":["RG-1439-021"],"award-info":[{"award-number":["RG-1439-021"]}],"id":[{"id":"10.13039\/501100011665","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Multimed Tools Appl"],"DOI":"10.1007\/s11042-023-17637-3","type":"journal-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T05:01:44Z","timestamp":1700715704000},"page":"53655-53685","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["DDoS attack forecasting based on online multiple change points detection and time series analysis"],"prefix":"10.1007","volume":"83","author":[{"given":"Rahmoune","family":"Bitit","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abdelouahid","family":"Derhab","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mohamed","family":"Guerroumi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Farrukh Aslam","family":"Khan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,11,23]]},"reference":[{"key":"17637_CR1","unstructured":"datareportal: (2021) DIGITAL AROUND THE WORLD. https:\/\/datareportal.com\/global-digital-overview, Last accessed on 2021-10-22"},{"key":"17637_CR2","unstructured":"Brodsky Z (2020) The Psychology Behind DDoS: Motivations and Methods. https:\/\/www.perimeter81.com\/blog\/network\/the-psychology-behind-ddos-attacks\/, Last accessed on 2021-10-26"},{"key":"17637_CR3","unstructured":"Cisco (2020) Cisco Annual Internet Report (2018-2023) White Paper. https:\/\/www.cisco.com\/c\/en\/us\/solutions\/collateral\/executive-perspectives\/annual-internet-report\/white-paper-c11-741490.html, Last accessed on 2021-10-26"},{"key":"17637_CR4","unstructured":"Galov N (2021) 39 Jaw-Dropping DDoS Statistics to Keep in Mind for 2021. https:\/\/hostingtribunal.com\/blog\/ddos-statistics\/, Last accessed on 2021-11-01"},{"key":"17637_CR5","unstructured":"Kupreev O, Badovskaya E, Gutnikov A (2020) DDoS attacks in Q1 2020. https:\/\/securelist.com\/ddos-attacks-in-q1-2020\/96837\/, Last accessed on 2021-10-26"},{"key":"17637_CR6","unstructured":"Nichols S (2020) US Health and Human Services targeted by DDoS scum at just the time it\u2019s needed to be up and running. https:\/\/www.theregister.com\/2020\/03\/16\/hhs_reports_cyberattack\/, Last accessed on 2021-10-26"},{"key":"17637_CR7","unstructured":"Teller Report Team (2020) Hospital systems Paris inaccessible for hours on end due to DDOS attack. https:\/\/www.tellerreport.com\/tech\/2020-03-23---hospital-systems-paris-inaccessible-for-hours-on-end-due-to-ddos-attack-.ByG627LILL.html, Last accessed on 2021-10-26"},{"key":"17637_CR8","unstructured":"Ilascu I (2020) Food Delivery Service in Germany Under DDoS Attack. https:\/\/www.bleepingcomputer.com\/news\/security\/food-delivery-service-in-germany-under-ddos-attack\/, Last accessed on 2021-10-26"},{"key":"17637_CR9","unstructured":"Mutzbauer J (2020) Bavarian learning platform Mebis paralyzed by DDoS attack. https:\/\/www.security-insider.de\/bayerische-lernplattform-mebis-durch-ddos-angriff-lahmgelegt-a-914085, Last accessed on 2021-10-26"},{"key":"17637_CR10","unstructured":"Cox Business (2019) 12 DDoS Statistics That Should Concern Business Leaders. https:\/\/www.coxblue.com\/12-ddos-statistics-that-should-concern-business-leaders\/, Last accessed on 2021-10-26"},{"key":"17637_CR11","first-page":"1","volume-title":"Network Science and Cybersecurity","author":"A Kott","year":"2014","unstructured":"Kott A (2014) Towards fundamental science of cyber security. Network Science and Cybersecurity. Springer, New York, pp 1\u201313"},{"key":"17637_CR12","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","volume":"60","author":"M Ahmed","year":"2016","unstructured":"Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19\u201331","journal-title":"J Netw Comput Appl"},{"key":"17637_CR13","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1016\/j.cose.2018.03.001","volume":"76","author":"J Navarro","year":"2018","unstructured":"Navarro J, Deruyver A, Parrend P (2018) A systematic survey on multi-step attack detection. Comput Secur 76:214\u2013249","journal-title":"Comput Secur"},{"issue":"1","key":"17637_CR14","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1109\/COMST.2018.2871866","volume":"21","author":"M Hus\u00e1k","year":"2018","unstructured":"Hus\u00e1k M, Kom\u00e1rkov\u00e1 J, Bou-Harb E, \u010celeda P (2018) Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun Surv Tutor 21(1):640\u2013660","journal-title":"IEEE Commun Surv Tutor"},{"issue":"2","key":"17637_CR15","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1109\/MIS.2018.111145153","volume":"33","author":"A Rege","year":"2018","unstructured":"Rege A, Obradovic Z, Asadi N, Parker E, Pandit R, Masceri N, Singer B (2018) Predicting adversarial cyber-intrusion stages using autoregressive neural networks. IEEE Intell Syst 33(2):29\u201339","journal-title":"IEEE Intell Syst"},{"issue":"8","key":"17637_CR16","doi-asserted-by":"publisher","first-page":"1666","DOI":"10.1109\/TIFS.2015.2422261","volume":"10","author":"Z Zhan","year":"2015","unstructured":"Zhan Z, Xu M, Xu S (2015) Predicting cyber attack rates with extreme values. IEEE Trans Inf Forensics Secur 10(8):1666\u20131677","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"2","key":"17637_CR17","first-page":"311","volume":"7","author":"AS Sendi","year":"2012","unstructured":"Sendi AS, Dagenais M, Jabbarifar M, Couture M (2012) Real time intrusion prediction based on optimized alerts with hidden markov model. J Netw 7(2):311","journal-title":"J Netw"},{"issue":"3","key":"17637_CR18","first-page":"582","volume":"5","author":"AZ Almutairi","year":"2015","unstructured":"Almutairi AZ, Flint J, Parish D (2015) Pre-dicting multi-stage attacks based on hybrid approach. Int J Inf Secur Res 5(3):582\u2013590","journal-title":"Int J Inf Secur Res"},{"issue":"1","key":"17637_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-018-0016-5","volume":"1","author":"A Okutan","year":"2018","unstructured":"Okutan A, Werner G, Yang SJ, McConky K (2018) Forecasting cyberattacks with incomplete, imbalanced, and insignificant data. Cybersecurity 1(1):1\u201316","journal-title":"Cybersecurity"},{"issue":"2","key":"17637_CR20","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/s10115-016-0987-z","volume":"51","author":"S Aminikhanghahi","year":"2017","unstructured":"Aminikhanghahi S, Cook DJ (2017) A survey of methods for time series change point detection. Knowl Inf Syst 51(2):339\u2013367","journal-title":"Knowl Inf Syst"},{"issue":"4","key":"17637_CR21","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1109\/TDSC.2004.34","volume":"1","author":"H Wang","year":"2004","unstructured":"Wang H, Zhang D, Shin KG (2004) Change-point monitoring for the detection of dos attacks. IEEE Trans Dependable Secure Comput 1(4):193\u2013208","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"1","key":"17637_CR22","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1504\/IJAACS.2017.082737","volume":"10","author":"J Cheng","year":"2017","unstructured":"Cheng J, Tang X, Yin J (2017) A change-point ddos attack detection method based on half interaction anomaly degree. Int J Auton Adapt Commun Syst 10(1):38\u201354","journal-title":"Int J Auton Adapt Commun Syst"},{"issue":"3","key":"17637_CR23","first-page":"409","volume":"31","author":"AS Polunchenko","year":"2012","unstructured":"Polunchenko AS, Tartakovsky AG, Mukhopadhyay N (2012) Nearly optimal change-point detection with an application to cybersecurity. Seq Anal 31(3):409\u2013435","journal-title":"Seq Anal"},{"key":"17637_CR24","unstructured":"Chen Y, Hwang K, Ku W-S (2007) Distributed change-point detection of ddos attacks: Experimental results on deter testbed. In: DETER"},{"key":"17637_CR25","doi-asserted-by":"crossref","unstructured":"Silva A, Pontes E Zhou F, Guelf A, Kofuji S (2014) Prbs\/ewma based model for predicting burst attacks (brute froce, dos) in computer networks. In: Ninth International Conference on Digital Information Management (ICDIM 2014), pp. 194\u2013200. Ieee","DOI":"10.1109\/ICDIM.2014.6991410"},{"key":"17637_CR26","doi-asserted-by":"crossref","unstructured":"Zhang G, Jiang S, Wei G, Guan Q (2009) A prediction-based detection algorithm against distributed denial-of-service attacks. In: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly, pp. 106\u2013110","DOI":"10.1145\/1582379.1582403"},{"key":"17637_CR27","doi-asserted-by":"crossref","unstructured":"Fachkha C, Bou-Harb E, Debbabi M (2013) Towards a forecasting model for distributed denial of service activities. In: 2013 IEEE 12th International Symposium on Network Computing and Applications, pp. 110\u2013117. IEEE","DOI":"10.1109\/NCA.2013.13"},{"key":"17637_CR28","doi-asserted-by":"crossref","unstructured":"Kwon D, Hong JW-K, Ju H (2012) Ddos attack forecasting system architecture using honeynet. In: 2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1\u20134. IEEE","DOI":"10.1109\/APNOMS.2012.6356055"},{"key":"17637_CR29","doi-asserted-by":"crossref","unstructured":"Kwon D, Kim H, An D, Ju H (2017) Ddos attack volume forecasting using a statistical approach. In: 2017 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), pp. 1083\u20131086. IEEE","DOI":"10.23919\/INM.2017.7987432"},{"key":"17637_CR30","doi-asserted-by":"crossref","unstructured":"Procopiou A, Komninos N, Douligeris C (2019) Forchaos: real time application ddos detection using forecasting and chaos theory in smart home iot network. Wirel Commun Mob Comput 2019","DOI":"10.1155\/2019\/8469410"},{"key":"17637_CR31","doi-asserted-by":"crossref","unstructured":"Olabelurin A, Veluru S, Healing A, Rajarajan M (2015) Entropy clustering approach for improving forecasting in ddos attacks. In: 2015 IEEE 12th International Conference on Networking, Sensing and Control, pp. 315\u2013320. IEEE","DOI":"10.1109\/ICNSC.2015.7116055"},{"key":"17637_CR32","unstructured":"Gurevich G, Hadad Y, Keren B. Forecasting accuracy and change point detection. SOR\u201917 Proceedings, 314"},{"key":"17637_CR33","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-015-8163-9","volume-title":"Nonparametric Methods in Change Point Problems","author":"E Brodsky","year":"1993","unstructured":"Brodsky E, Darkhovsky BS (1993) Nonparametric Methods in Change Point Problems, vol 243. Springer, Dordrecht"},{"key":"17637_CR34","unstructured":"Pollak M, Tartakovsky AG (2009) Optimality properties of the shiryaev-roberts procedure. Statistica Sinica 1729\u20131739"},{"key":"17637_CR35","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.dsp.2017.10.009","volume":"77","author":"B Kurt","year":"2018","unstructured":"Kurt B, Y\u0131ld\u0131z \u00c7, Ceritli TY, Sankur B, Cemgil AT (2018) A bayesian change point model for detecting sip-based ddos attacks. Digit Signal Process 77:48\u201362","journal-title":"Digit Signal Process"},{"key":"17637_CR36","unstructured":"Yin Q, Shen L, Zhang R, Li X (2004) A new intrusion detection method based on behavioral model. In: Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No. 04EX788), vol. 5, pp. 4370\u20134374. IEEE"},{"key":"17637_CR37","doi-asserted-by":"crossref","unstructured":"Cisar P, Cisar SM (2007) Ewma statistic in adaptive threshold algorithm. In: 2007 11th International Conference on Intelligent Engineering Systems, pp. 51\u201354 . IEEE","DOI":"10.1109\/INES.2007.4283671"},{"key":"17637_CR38","volume-title":"Time Series Analysis: Forecasting and Control","author":"GE Box","year":"2015","unstructured":"Box GE, Jenkins GM, Reinsel GC, Ljung GM (2015) Time Series Analysis: Forecasting and Control. John Wiley & Sons, New Jersey"},{"issue":"2","key":"17637_CR39","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/s11222-006-8450-8","volume":"16","author":"P Fearnhead","year":"2006","unstructured":"Fearnhead P (2006) Exact and efficient bayesian inference for multiple changepoint problems. Stati Comput 16(2):203\u2013213","journal-title":"Stati Comput"},{"key":"17637_CR40","unstructured":"LINCOLN LABORATORY, MASSACHUSETTS INSTITUTE OF TECHNOLOGY (2000) 2000 DARPA INTRUSION DETECTION SCENARIO SPECIFIC DATASETS. https:\/\/www.ll.mit.edu\/r-d\/datasets\/2000-darpa-intrusion-detection-scenario-specific-datasets, Last accessed on 2021-10-12"},{"key":"17637_CR41","unstructured":"The USC Information Sciences Institute: The Network Simulator. https:\/\/www.isi.edu\/nsnam\/ns\/, Last accessed on 2021-10-10"},{"key":"17637_CR42","volume-title":"Introduction to Time Series Analysis and Forecasting","author":"DC Montgomery","year":"2015","unstructured":"Montgomery DC, Jennings CL, Kulahci M (2015) Introduction to Time Series Analysis and Forecasting. John Wiley & Sons, New Jersey"},{"key":"17637_CR43","unstructured":"NS3 Team (2020) Network Simulator. https:\/\/www.nsnam.org\/, Last accessed on 2021-10-10"},{"key":"17637_CR44","doi-asserted-by":"publisher","DOI":"10.1142\/1402","volume-title":"Chaotic Oscillators: Theory and Applications","author":"T Kapitaniak","year":"1992","unstructured":"Kapitaniak T (1992) Chaotic Oscillators: Theory and Applications. World Scientific, Singapore"},{"issue":"1","key":"17637_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1002\/for.3980040103","volume":"4","author":"ES Gardner Jr","year":"1985","unstructured":"Gardner ES Jr (1985) Exponential smoothing: The state of the art. J Forecast 4(1):1\u201328","journal-title":"J Forecast"},{"key":"17637_CR46","volume-title":"Predictive Analytics and Data Mining: Concepts and Practice with Rapidminer","author":"V Kotu","year":"2014","unstructured":"Kotu V, Deshpande B (2014) Predictive Analytics and Data Mining: Concepts and Practice with Rapidminer. Morgan Kaufmann, Waltham, USA"},{"key":"17637_CR47","unstructured":"Downey AB (2008) A novel changepoint detection algorithm. arXiv preprint arXiv:0812.1237"},{"issue":"4","key":"17637_CR48","doi-asserted-by":"publisher","first-page":"482","DOI":"10.1109\/TKDE.2006.1599387","volume":"18","author":"J-I Takeuchi","year":"2006","unstructured":"Takeuchi J-I, Yamanishi K (2006) A unifying framework for detecting outliers and change points from time series. IEEE Trans Knowl Data Eng 18(4):482\u2013492","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"17637_CR49","unstructured":"Adams RP, MacKay DJ (2007) Bayesian online changepoint detection. arXiv preprint arXiv:0710.3742"},{"key":"17637_CR50","volume-title":"Forecasting: Principles and Practice","author":"RJ Hyndman","year":"2018","unstructured":"Hyndman RJ, Athanasopoulos G (2018) Forecasting: Principles and Practice. OTexts, Melbourne, Australia"},{"key":"17637_CR51","volume-title":"Statistical Distributions","author":"BP Merran Evans","year":"2000","unstructured":"Merran Evans BP, Hastings Nicholas (2000) Statistical Distributions, 3rd edn. Wiley Series in Probability and Statistics, Wiley-Interscience, New York","edition":"3"},{"key":"17637_CR52","unstructured":"Kulick J: bayesian-changepoint-detection 0.2.dev1. https:\/\/www.pypi.org\/project\/bayesian-changepoint-detection\/. Last accessed on 2023-08-08"},{"key":"17637_CR53","unstructured":"Aihara S: changefinder 0.03. https:\/\/www.pypi.org\/project\/changefinder\/. Last accessed on 2023-08-08"},{"key":"17637_CR54","unstructured":"statsmodels: statsmodels v0.11.1. https:\/\/www.statsmodels.org\/v0.11.1\/, Last accessed on 2023-08-08"},{"key":"17637_CR55","unstructured":"Canadian Institute for Cybersecurity (2019) DDoS Evaluation Dataset (CICDDoS2019). https:\/\/www.unb.ca\/cic\/datasets\/ddos-2019.html, Last accessed on 2021-11-22"},{"key":"17637_CR56","doi-asserted-by":"crossref","unstructured":"Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1\u20138. IEEE","DOI":"10.1109\/CCST.2019.8888419"},{"key":"17637_CR57","unstructured":"scikit-learn: Tuning the hyper-parameters of an estimator. https:\/\/scikit-learn.org\/stable\/modules\/grid_search.html, Last accessed on 2021-10-06"}],"container-title":["Multimedia Tools and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-023-17637-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11042-023-17637-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11042-023-17637-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,2]],"date-time":"2024-11-02T21:56:48Z","timestamp":1730584608000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11042-023-17637-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,23]]},"references-count":57,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2024,5]]}},"alternative-id":["17637"],"URL":"https:\/\/doi.org\/10.1007\/s11042-023-17637-3","relation":{},"ISSN":["1573-7721"],"issn-type":[{"value":"1573-7721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,23]]},"assertion":[{"value":"10 October 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 September 2023","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 October 2023","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 November 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interests that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interests"}}]}}