{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T18:09:53Z","timestamp":1780596593915,"version":"3.54.1"},"reference-count":36,"publisher":"Oxford University Press (OUP)","issue":"7","license":[{"start":{"date-parts":[[2019,7,3]],"date-time":"2019-07-03T00:00:00Z","timestamp":1562112000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>At the advent of advanced wireless technology and contemporary computing paradigms, Distributed Denial of Service (DDoS) attacks on Web-based services have not only increased exponentially in number, but also in the degree of sophistication; hence the need for detecting these attacks within the ocean of communication packets is extremely important. DDoS attacks were initially projected toward the network and transport layers. Over the years, attackers have shifted their offensive strategies toward the application layer. The application layer attacks are potentially more detrimental and stealthier because of the attack traffic and the benign traffic flows being indistinguishable. The distributed nature of these attacks is difficult to combat as they may affect tangible computing resources apart from network bandwidth consumption. In addition, smart devices connected to the Internet can be infected and used as botnets to launch DDoS attacks. In this paper, we propose a novel deep neural network-based detection mechanism that uses feed-forward back-propagation for accurately discovering multiple application layer DDoS attacks. The proposed neural network architecture can identify and use the most relevant high level features of packet flows with an accuracy of 98% on the state-of-the-art dataset containing various forms of DDoS attacks.<\/jats:p>","DOI":"10.1093\/comjnl\/bxz064","type":"journal-article","created":{"date-parts":[[2019,6,4]],"date-time":"2019-06-04T19:10:56Z","timestamp":1559675456000},"page":"983-994","source":"Crossref","is-referenced-by-count":91,"title":["DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning"],"prefix":"10.1093","volume":"63","author":[{"given":"Muhammad","family":"Asad","sequence":"first","affiliation":[{"name":"Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Muhammad","family":"Asim","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Talha","family":"Javed","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mirza O","family":"Beg","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hasan","family":"Mujtaba","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sohail","family":"Abbas","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Sharjah, UAE"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2019,7,3]]},"reference":[{"key":"2020071706562743600_ref1","doi-asserted-by":"crossref","first-page":"488","DOI":"10.1016\/j.ins.2014.03.066","article-title":"Big data analytics framework for peer-to-peer botnet detection using random forests","volume":"278","author":"Singh","year":"2014","journal-title":"Inform. Sci."},{"key":"2020071706562743600_ref2","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1145\/3058060.3058074","article-title":"FL-GUARD: a detection and defense system for DDoS attack in SDN","author":"Liu","year":"2017","journal-title":"Proc. 2017 Int. Conf. Cryptography, Security and Privacy (ICCSP)"},{"key":"2020071706562743600_ref3","first-page":"610","article-title":"Exploring cybercrime\u2013realities and challenges","volume":"16","author":"Stanciu","year":"2017","journal-title":"Account. Manag. Inf. Syst."},{"key":"2020071706562743600_ref4","doi-asserted-by":"crossref","first-page":"1788","DOI":"10.3390\/s19081788","article-title":"The security of big data in fog-enabled IoT applications including blockchain: a survey","volume":"19","author":"Tariq","year":"2019","journal-title":"Sensors"},{"key":"2020071706562743600_ref5","doi-asserted-by":"crossref","first-page":"16","DOI":"10.3390\/jsan8010016","article-title":"A mechanism for securing IoT-enabled applications at the fog layer","volume":"8","author":"Abbas","year":"2019","journal-title":"J. Sens. Actuator Netw."},{"key":"2020071706562743600_ref6","first-page":"21","article-title":"Hackers use new weapons to disrupt major websites across us","volume-title":"The New York Times","author":"Perlroth","year":"2016"},{"key":"2020071706562743600_ref7","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and other botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"2020071706562743600_ref8","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","article-title":"A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks","volume":"15","author":"Zargar","year":"2013","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"2020071706562743600_ref9","first-page":"570","article-title":"A recent survey on DDoS attacks and defense mechanisms","author":"Srivastava","year":"2011","journal-title":"Proc. Int. Conf. Parallel Distributed Computing Technologies and Applications"},{"key":"2020071706562743600_ref10","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1109\/TNET.2008.925628","article-title":"Monitoring the application-layer DDoS attacks for popular websites","volume":"17","author":"Xie","year":"2009","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"2020071706562743600_ref11","first-page":"362","article-title":"Application of PSO-RBF neural network in network intrusion detection","author":"Chen","year":"2009","journal-title":"Proc. 3rd Int. Symposium on Intelligent Information Technology Application (IITA)"},{"key":"2020071706562743600_ref12","doi-asserted-by":"crossref","first-page":"1366","DOI":"10.1109\/ICACCI.2017.8126031","article-title":"Detection of distributed denial of service attacks using machine learning algorithms in software defined networks","author":"Meti","year":"2017","journal-title":"Proc. 2017 Int. Conf. Advances in Computing, Communications and Informatics (ICACCI)"},{"key":"2020071706562743600_ref13","first-page":"272","article-title":"Physical layer driven protocol and algorithm design for energy-efficient wireless sensor networks","volume-title":"Proc. 7th Int. Conf. Mobile Computing and Networking","author":"Shih","year":"2001"},{"key":"2020071706562743600_ref14","doi-asserted-by":"crossref","first-page":"108","DOI":"10.5220\/0006639801080116","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","author":"Sharafaldin","year":"2018","journal-title":"Proc. 4th Int. Conf. Information Systems Security and Privacy (ICISSP)"},{"key":"2020071706562743600_ref15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1177\/1550147717741463","article-title":"A survey of distributed denial-of-service attack, prevention, and mitigation techniques","volume":"13","author":"Mahjabin","year":"2017","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"2020071706562743600_ref16","doi-asserted-by":"crossref","first-page":"4341","DOI":"10.1002\/sec.1611","article-title":"HADM: detection of HTTP GET flooding attacks by using analytical hierarchical process and Dempster\u2013Shafer theory with MapReduce","volume":"9","author":"Sree","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"2020071706562743600_ref17","article-title":"DoS","author":"Slowloris"},{"key":"2020071706562743600_ref18","first-page":"519","article-title":"Analysis of the impact of the slow HTTP DoS and DDoS attacks on the cloud environment","author":"Yevsieieva","year":"2017","journal-title":"Proc. Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)"},{"key":"2020071706562743600_ref19","first-page":"323","article-title":"Measuring the impact of DDoS attacks on web services-a realtime experimentation","volume":"14","author":"Behal","year":"2016","journal-title":"Int. J. Comp. Sci. Inf. Secur."},{"key":"2020071706562743600_ref20","first-page":"383","article-title":"Characterization and comparison of DDoS attack tools and traffic generators: a review","volume":"19","author":"Behal","year":"2017","journal-title":"Int. J. Netw. Secur."},{"key":"2020071706562743600_ref21","doi-asserted-by":"crossref","first-page":"344","DOI":"10.1016\/j.cose.2016.10.005","article-title":"Application layer HTTP-GET flood DDoS attacks: research landscape and challenges","volume":"65","author":"Singh","year":"2017","journal-title":"Comput. Secur."},{"key":"2020071706562743600_ref22","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/997150.997156","article-title":"A taxonomy of DDoS attack and DDoS defense mechanisms","volume":"34","author":"Mirkovic","year":"2004","journal-title":"ACM SIGCOMM Comp. Comm. Rev."},{"key":"2020071706562743600_ref23","doi-asserted-by":"crossref","first-page":"672","DOI":"10.1109\/BWCCA.2010.153","article-title":"DDoS detection technique using statistical analysis to generate quick response time","author":"Oshima","year":"2010","journal-title":"Proc. Int. Conf. Broadband, Wireless Computing, Communication and Applications (BWCCA)"},{"key":"2020071706562743600_ref24","doi-asserted-by":"crossref","first-page":"2015","DOI":"10.23919\/INM.2017.7987432","article-title":"DDoS attack volume forecasting using a statistical approach","volume-title":"Proc. IFIP\/IEEE Symposium on Integrated Network and Service Management (IM)","author":"Kwon","year":"2017"},{"key":"2020071706562743600_ref25","first-page":"312","article-title":"A text mining approach for anomaly detection in application layer DDoS attacks","volume-title":"Proc. 13th Int. Florida Artificial Intelligence Research Society Conference (FLAIRS)","author":"Najafabadi","year":"2005"},{"key":"2020071706562743600_ref26","first-page":"2","article-title":"DDoS detection system based on data mining","volume-title":"Proc. 2nd Int. Symposium on Networking and Network Security (ISNNS)","author":"Zhong","year":"2010"},{"key":"2020071706562743600_ref27","first-page":"1","article-title":"Detection DDoS attacks based on neural-network using apache spark","author":"Hsieh","year":"2016","journal-title":"Proc. Int. Conf. Applied System Innovation (ICASI)"},{"key":"2020071706562743600_ref28","first-page":"105","article-title":"Beyond independence: conditions for the optimality of the simple bayesian classifier","volume-title":"Proc. 13th Int. Conf. Machine Learning (ICML)","author":"Domingos","year":"1996"},{"key":"2020071706562743600_ref29","first-page":"1711","article-title":"Evaluating host-based anomaly detection systems: a preliminary analysis of ADFA-LD","author":"Xie","year":"2013","journal-title":"Proc. 6th Int. Conf. Image and Signal Processing (CISP)"},{"key":"2020071706562743600_ref30","first-page":"579","article-title":"DeepGFL: deep feature learning via graph for attack detection on flow-based network traffic","author":"Yao","year":"2018","journal-title":"Proc. IEEE Military Communications Conference (MILCOM)"},{"key":"2020071706562743600_ref31","first-page":"1565","article-title":"ALDD: a hybrid traffic-user behavior detection method for application layer DDoS","author":"Jiang","year":"2018","journal-title":"Proc. 17th IEEE Int. Conf. Trust, Security and Privacy\/12th IEEE Computing And Communications Conference On Big Data Science and Engineering (TrustCom\/BigDataSE)"},{"key":"2020071706562743600_ref32","first-page":"1","article-title":"Machine learning based DDoS detection through NetFlow analysis","author":"Hou","year":"2018","journal-title":"Proc. IEEE Military Communications Conference (MILCOM)"},{"key":"2020071706562743600_ref33","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1016\/j.cose.2018.04.010","article-title":"Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection","volume":"77","author":"Vijayanand","year":"2018","journal-title":"Comput. Secur."},{"key":"2020071706562743600_ref34","author":"IDS","year":"2017","journal-title":"Canadian Institute For CyberSecurity"},{"key":"2020071706562743600_ref35","first-page":"1","article-title":"An evaluation framework for intrusion detection dataset","author":"Gharib","year":"2016","journal-title":"Proc. Int. Conf. Information Science and Security (ICISS)"},{"key":"2020071706562743600_ref36","doi-asserted-by":"crossref","first-page":"253","DOI":"10.5220\/0006105602530262","article-title":"Characterization of tor traffic using time based features","volume-title":"Proc. 3rd Int. Conf. Information Systems Security and Privacy (ICISSP)","author":"Lashkari","year":"2017"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/63\/7\/983\/33506138\/bxz064.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/63\/7\/983\/33506138\/bxz064.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,17]],"date-time":"2020-07-17T18:37:57Z","timestamp":1595011077000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/63\/7\/983\/5525444"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,3]]},"references-count":36,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2019,7,3]]},"published-print":{"date-parts":[[2020,7,17]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxz064","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2020,7]]},"published":{"date-parts":[[2019,7,3]]}}}