{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T13:24:54Z","timestamp":1772112294096,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1028788.1028812","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:58:48Z","timestamp":1107107928000},"page":"187-200","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":49,"title":["On scalable attack detection in the network"],"prefix":"10.1145","author":[{"given":"Ramana Rao","family":"Kompella","sequence":"first","affiliation":[{"name":"University of California, San Diego, La Jolla, CA"}]},{"given":"Sumeet","family":"Singh","sequence":"additional","affiliation":[{"name":"University of California, San Diego, La Jolla, CA"}]},{"given":"George","family":"Varghese","sequence":"additional","affiliation":[{"name":"University of California, San Diego, La Jolla, CA"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Cert. advisory ca-1998-01 smurf ip denial-of-service attacks. http:\/\/www.cert.org\/advisories\/CA-1998-01.html.  Cert. advisory ca-1998-01 smurf ip denial-of-service attacks. http:\/\/www.cert.org\/advisories\/CA-1998-01.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Cert. advisory ca-2001-19 \"code red\" worm exploiting buffer overflow in iis indexing service dll. http:\/\/www.cert.org\/advisories\/CA-2001-19.html.  Cert. advisory ca-2001-19 \"code red\" worm exploiting buffer overflow in iis indexing service dll. http:\/\/www.cert.org\/advisories\/CA-2001-19.html."},{"key":"e_1_3_2_1_3_1","unstructured":"Cert advisory ca-2001-26 nimda worm. http:\/\/www.cert.org\/advisories\/CA-2001-26.html.  Cert advisory ca-2001-26 nimda worm. http:\/\/www.cert.org\/advisories\/CA-2001-26.html."},{"key":"e_1_3_2_1_4_1","unstructured":"Mazu networks. http:\/\/www.mazu.com.  Mazu networks. http:\/\/www.mazu.com."},{"key":"e_1_3_2_1_5_1","unstructured":"Mydoom.b virus. http:\/\/www.us-cert.gov\/cas\/alerts\/SA04-028A.html.  Mydoom.b virus. http:\/\/www.us-cert.gov\/cas\/alerts\/SA04-028A.html."},{"key":"e_1_3_2_1_6_1","unstructured":"Sco inc. http:\/\/www.sco.com.  Sco inc. http:\/\/www.sco.com."},{"key":"e_1_3_2_1_7_1","unstructured":"Arbor Networks. http:\/\/www.arbornetworks.com.  Arbor Networks. http:\/\/www.arbornetworks.com."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637210"},{"key":"e_1_3_2_1_9_1","unstructured":"Bernstein D. J. SYN cookies. http:\/\/cr.yp.to\/syncookies.html 1997.  Bernstein D. J. SYN cookies. http:\/\/cr.yp.to\/syncookies.html 1997."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/362686.362692"},{"key":"e_1_3_2_1_11_1","unstructured":"Check Point Software Technologies Ltd. Syndefender. http:\/\/www.checkpoint.com\/products\/firewall-1.  Check Point Software Technologies Ltd. Syndefender. http:\/\/www.checkpoint.com\/products\/firewall-1."},{"key":"e_1_3_2_1_12_1","volume-title":"DIMACS","author":"Datar M.","year":"2001","unstructured":"Datar , M. , and Muthukrishnan , S . Estimating rarity and similarity over data stream windows. Technical report, 2001--21 ,, DIMACS , Nov. 2001 . Datar, M., and Muthukrishnan, S. Estimating rarity and similarity over data stream windows. Technical report, 2001--21,, DIMACS, Nov. 2001."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/633025.633056"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948225"},{"key":"e_1_3_2_1_15_1","unstructured":"Forescout Technologies. http:\/\/www.forescout.com.  Forescout Technologies. http:\/\/www.forescout.com."},{"key":"e_1_3_2_1_16_1","unstructured":"Fyodor. http:\/\/www.insecure.org\/nmap.  Fyodor. http:\/\/www.insecure.org\/nmap."},{"key":"e_1_3_2_1_17_1","volume-title":"DIMACS","author":"Gilbert A.","year":"2001","unstructured":"Gilbert , A. , Guha , S. , Indyk , P. , Muthukrishnan , S. , and Strauss , M . Quicksand: Quick summary and analysis of network data. Technical report, 2001-43 , DIMACS , Nov. 2001 . Gilbert, A., Guha, S., Indyk, P., Muthukrishnan, S., and Strauss, M. Quicksand: Quick summary and analysis of network data. Technical report, 2001-43, DIMACS, Nov. 2001."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251327.1251330"},{"key":"e_1_3_2_1_19_1","unstructured":"Greene B. R. and McPherson D. Sink holes: A swiss army knife isp security tool. http:\/\/www.nanog.org\/mtg-0306\/pdf\/sink.pdf.  Greene B. R. and McPherson D. Sink holes: A swiss army knife isp security tool. http:\/\/www.nanog.org\/mtg-0306\/pdf\/sink.pdf."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1990.63859"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/863955.863968"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948116"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"e_1_3_2_1_24_1","unstructured":"Keyes R. The Naptha DoS Vulnerabilities. http:\/\/razor.bindview.com\/publish\/advisories\/adv_NAPTHA.html.  Keyes R. The Naptha DoS Vulnerabilities. http:\/\/razor.bindview.com\/publish\/advisories\/adv_NAPTHA.html."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/948205.948236"},{"key":"e_1_3_2_1_26_1","volume-title":"An Introduction to Mathematical Statistics and Its Applications","author":"Larsen R. J.","year":"2001","unstructured":"Larsen , R. J. , and Marx , M. L . An Introduction to Mathematical Statistics and Its Applications . Prentice Hall , Upper Saddle River, NJ 07458, 2001 . Larsen, R. J., and Marx, M. L. An Introduction to Mathematical Statistics and Its Applications. Prentice Hall, Upper Saddle River, NJ 07458, 2001."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2002.1015594"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of USENIX BSDCon'2002 (Feb.","author":"Lemon J.","year":"2002","unstructured":"Lemon , J. Resisting syn flooding dos attacks with a syn cache . In Proceedings of USENIX BSDCon'2002 (Feb. 2002 ). Lemon, J. Resisting syn flooding dos attacks with a syn cache. In Proceedings of USENIX BSDCon'2002 (Feb. 2002)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030087"},{"key":"e_1_3_2_1_30_1","unstructured":"Martin Roesch. Snort. http:\/\/www.snort.org.  Martin Roesch. Snort. http:\/\/www.snort.org."},{"key":"e_1_3_2_1_31_1","unstructured":"Moore D. and Shannon C. Sco offline from dos attack. http:\/\/www.sco.com.  Moore D. and Shannon C. Sco offline from dos attack. http:\/\/www.sco.com."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251327.1251329"},{"key":"e_1_3_2_1_33_1","unstructured":"NetFlow C. http:\/\/www.cisco.com\/warp\/public\/732\/Tech\/netflow.  NetFlow C. http:\/\/www.cisco.com\/warp\/public\/732\/Tech\/netflow."},{"key":"e_1_3_2_1_34_1","unstructured":"Netscreen 100 Firewall Appliance. http:\/\/www.netscreen.com.  Netscreen 100 Firewall Appliance. http:\/\/www.netscreen.com."},{"key":"e_1_3_2_1_35_1","unstructured":"Netscreen Technologies. http:\/\/www.netscreen.com.  Netscreen Technologies. http:\/\/www.netscreen.com."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.649563"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/505659.505664"},{"key":"e_1_3_2_1_39_1","unstructured":"Pescatore J. Easley M. and Stiennon R. Network security platforms will transform security markets. http:\/\/www.techrepublic.com\/article.jhtml?id=r00220021223jdt01.htm&src=bc Dec. 2002.  Pescatore J. Easley M. and Stiennon R. Network security platforms will transform security markets. http:\/\/www.techrepublic.com\/article.jhtml?id=r00220021223jdt01.htm&src=bc Dec. 2002."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2003.1194879"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/882493.884376"},{"key":"e_1_3_2_1_42_1","volume-title":"In Proceedings of the 7th ACM Conference on Computer and Communications Security","author":"Staniford S.","year":"2000","unstructured":"Staniford , S. , Hoagland , J. A. , and McAlerney , J. M. Practical automated detection of stealthy portscans . In In Proceedings of the 7th ACM Conference on Computer and Communications Security ( 2000 ). Staniford, S., Hoagland, J. A., and McAlerney, J. M. Practical automated detection of stealthy portscans. In In Proceedings of the 7th ACM Conference on Computer and Communications Security (2000)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720288"},{"key":"e_1_3_2_1_44_1","volume-title":"Journal of Computer Security (Nov.","author":"Staniford S. J.","year":"2003","unstructured":"Staniford , S. J. Containment of scanning worms in enterprise networks . In Journal of Computer Security (Nov. 2003 ). Staniford, S. J. Containment of scanning worms in enterprise networks. In Journal of Computer Security (Nov. 2003)."},{"key":"e_1_3_2_1_45_1","volume-title":"Detecting syn flooding attacks","author":"Wang H.","year":"2002","unstructured":"Wang , H. , Zhang , D. , and Shin , K . Detecting syn flooding attacks . In IEEE INFOCOM ( 2002 ). Wang, H., Zhang, D., and Shin, K. Detecting syn flooding attacks. In IEEE INFOCOM (2002)."},{"key":"e_1_3_2_1_46_1","volume-title":"IEEE ICDCS","author":"Wang H.","year":"2002","unstructured":"Wang , H. , Zhang , D. , and Shin , K . Syn-dog: Sniffing syn flooding sources . In IEEE ICDCS ( Vienna, Austria , 2002 ). Wang, H., Zhang, D., and Shin, K. Syn-dog: Sniffing syn flooding sources. In IEEE ICDCS (Vienna, Austria, 2002)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/948187.948190"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/829515.830562"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301320"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/505202.505228"}],"event":{"name":"IMC04: Internet Measurement Conference","location":"Taormina Sicily, Italy","acronym":"IMC04","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 4th ACM SIGCOMM conference on Internet measurement"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1028788.1028812","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1028788.1028812","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:31:12Z","timestamp":1750264272000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1028788.1028812"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":50,"alternative-id":["10.1145\/1028788.1028812","10.1145\/1028788"],"URL":"https:\/\/doi.org\/10.1145\/1028788.1028812","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}