{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T11:18:57Z","timestamp":1774264737738,"version":"3.50.1"},"reference-count":54,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2018,8,1]],"date-time":"2018-08-01T00:00:00Z","timestamp":1533081600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2018,8,1]],"date-time":"2018-08-01T00:00:00Z","timestamp":1533081600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2018,8,1]],"date-time":"2018-08-01T00:00:00Z","timestamp":1533081600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2018,8,1]],"date-time":"2018-08-01T00:00:00Z","timestamp":1533081600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1717313"],"award-info":[{"award-number":["CNS-1717313"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["IIP-1758179"],"award-info":[{"award-number":["IIP-1758179"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-0953600"],"award-info":[{"award-number":["CNS-0953600"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE\/ACM Trans. Networking"],"published-print":{"date-parts":[[2018,8]]},"DOI":"10.1109\/tnet.2018.2854795","type":"journal-article","created":{"date-parts":[[2018,7,23]],"date-time":"2018-07-23T18:18:00Z","timestamp":1532369880000},"page":"1948-1961","source":"Crossref","is-referenced-by-count":54,"title":["Practical Proactive DDoS-Attack Mitigation via Endpoint-Driven In-Network Traffic Control"],"prefix":"10.1109","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7532-0434","authenticated-orcid":false,"given":"Zhuotao","family":"Liu","sequence":"first","affiliation":[]},{"given":"Hao","family":"Jin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7829-3929","authenticated-orcid":false,"given":"Yih-Chun","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Bailey","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","author":"gueron","year":"2010","journal-title":"Intel Advanced Encryption Standard (Aes) Instructions Set"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6040"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2240276.2240277"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/2018436.2018452"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/863965.863966"},{"key":"ref30","first-page":"111","article-title":"Exit from hell? Reducing the impact of amplification DDoS attacks","author":"k\u00fchrer","year":"2014","journal-title":"Proc Usenix Secur Symp"},{"key":"ref37","year":"2018","journal-title":"MiddlePolice Source Code"},{"key":"ref36","first-page":"1","article-title":"Network capabilities: The good, the bad and the ugly","author":"argyraki","year":"2005","journal-title":"ACM HotNets-IV"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.12"},{"key":"ref34","first-page":"1","article-title":"UDP encapsulation in linux","author":"herbert","year":"2015","journal-title":"Proc Tech Conf Linux Netw"},{"key":"ref28","first-page":"1","article-title":"Universal DDoS mitigation bypass","author":"miu","year":"2013","journal-title":"Proc Black Hat USA"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/2619239.2626318"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813633"},{"key":"ref2","volume":"9","author":"networks","year":"2016","journal-title":"WorldWide Infrastructure Security Report"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978306"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1159913.1159948"},{"key":"ref22","first-page":"1","article-title":"CDN-on-demand: An affordable DDoS defense via untrusted clouds","author":"gilad","year":"2016","journal-title":"Proc NDSS"},{"key":"ref21","author":"mittal","year":"2011","journal-title":"Mirage Towards Deployable Ddos Defense for Web Applications"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866404"},{"key":"ref23","year":"2016","journal-title":"AT&T Denial of Service Protection"},{"key":"ref26","first-page":"1","article-title":"SIBRA: Scalable Internet bandwidth reservation architecture","author":"basescu","year":"2016","journal-title":"Proc NDSS"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1282380.1282413"},{"key":"ref50","first-page":"817","article-title":"Bohatei: Flexible and elastic DDoS defense","author":"fayaz","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref51","first-page":"1","article-title":"FRESCO: Modular composable security services for software-defined networks","author":"shin","year":"2013","journal-title":"Proc NDSS"},{"key":"ref54","first-page":"1","article-title":"Wide-scale botnet detection and characterization","author":"karasaridis","year":"2007","journal-title":"Proceedings of USENIX HotBots"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2006.322210"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787500"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402981"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301320"},{"key":"ref40","year":"2015","journal-title":"AS Relationships—CIDR Report"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080120"},{"key":"ref13","first-page":"255","article-title":"NetFence: Preventing Internet denial of service from inside out","author":"liu","year":"2011","journal-title":"Proc ACM Sigcomm"},{"key":"ref14","first-page":"45","article-title":"Phalanx: Withstanding multimillion-node botnets","author":"dixon","year":"2008","journal-title":"Proc USENIX NSDI"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/633025.633032"},{"key":"ref16","first-page":"20","article-title":"Mayday: Distributed filtering for Internet services","author":"andersen","year":"2003","journal-title":"Proc USNIX USITS"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.21236\/ADA579930"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402997"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656885"},{"key":"ref4","author":"klaba","year":"2017","journal-title":"OVH Hit With 1 Tbps DDoS"},{"key":"ref3","author":"krebs","year":"2017","journal-title":"Krebsonsecurity hit with record ddos"},{"key":"ref6","first-page":"878","article-title":"Advanced and authenticated marking schemes for IP traceback","author":"song","year":"2001","journal-title":"Proc IEEE InfoCom"},{"key":"ref5","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1145\/347057.347560","article-title":"Practical network support for IP traceback","author":"savage","year":"2000","journal-title":"Proc ACM Sigcomm"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/571697.571724"},{"key":"ref7","first-page":"135","article-title":"Active Internet traffic filtering: Real-time response to denial-of-service attacks","author":"argyraki","year":"2005","journal-title":"Proc USENIX ATC"},{"key":"ref49","first-page":"365","article-title":"Passport: Secure and adoptable source authentication","author":"liu","year":"2008","journal-title":"Proc USENIX NSDI"},{"key":"ref9","first-page":"1","article-title":"Implementing pushback: Router-based defense against DDoS attacks","author":"ioannidis","year":"2002","journal-title":"Proc USENIX NSDI"},{"key":"ref46","year":"2016","journal-title":"The Discrete Event Network Simulator - Ns-2"},{"key":"ref45","year":"2016","journal-title":"Planetlab"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7552(89)90019-6"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015499"},{"key":"ref42","first-page":"547","article-title":"Inherently safe backup routing with BGP","author":"gao","year":"2001","journal-title":"Proc IEEE InfoCom"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/1198255.1198259"},{"key":"ref44","year":"2015","journal-title":"AS Names—CIDR Report"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851195"}],"container-title":["IEEE\/ACM Transactions on Networking"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielaam\/90\/8438336\/8418343-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/90\/8438336\/08418343.pdf?arnumber=8418343","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,8]],"date-time":"2022-04-08T18:49:13Z","timestamp":1649443753000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8418343\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8]]},"references-count":54,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/tnet.2018.2854795","relation":{},"ISSN":["1063-6692","1558-2566"],"issn-type":[{"value":"1063-6692","type":"print"},{"value":"1558-2566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8]]}}}