{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:09:37Z","timestamp":1750219777041,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1815495"],"award-info":[{"award-number":["1815495"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3607199.3607238","type":"proceedings-article","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T22:30:51Z","timestamp":1696372251000},"page":"744-758","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Leader: Defense Against Exploit-Based Denial-of-Service Attacks on Web Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4941-1834","authenticated-orcid":false,"given":"Rajat","family":"Tandon","sequence":"first","affiliation":[{"name":"University of Southern California Information Sciences Institute, United States of America and Juniper Networks Inc., USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9029-8071","authenticated-orcid":false,"given":"Haoda","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4000-1193","authenticated-orcid":false,"given":"Nicolaas","family":"Weideman","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4079-3952","authenticated-orcid":false,"given":"Shushan","family":"Arakelyan","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8393-9472","authenticated-orcid":false,"given":"Genevieve","family":"Bartlett","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7698-8041","authenticated-orcid":false,"given":"Christophe","family":"Hauser","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7462-8747","authenticated-orcid":false,"given":"Jelena","family":"Mirkovic","sequence":"additional","affiliation":[{"name":"University of Southern California Information Sciences Institute, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"volume-title":"Accessed: July 6th","year":"2020","key":"e_1_3_2_1_1_1","unstructured":"Akamai. 2020. State of the Internet Reports. https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/state-of-the-internet\/soti-security-a-year-in-review-report-2019.pdf, Accessed: July 6th, 2021."},{"volume-title":"Accessed: July 6th","year":"2021","key":"e_1_3_2_1_2_1","unstructured":"Akamai. 2021. State of the Internet Reports. https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/state-of-the-internet\/soti-security-a-year-in-review-report-2020.pdf, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00077"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510047"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/S2212-5671(15)01077-1"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.35"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.13"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/850936.852479"},{"key":"e_1_3_2_1_9_1","volume-title":"International Workshop on Information Security Applications. Springer, 42\u201353","author":"Choi Jongseok","year":"2016","unstructured":"Jongseok Choi, Jong-gyu Park, Shinwook Heo, Namje Park, and Howon Kim. 2016. Slowloris DoS Countermeasure over WebSocket. In International Workshop on Information Security Applications. Springer, 42\u201353."},{"volume-title":"Accessed: July 6th","year":"2022","key":"e_1_3_2_1_10_1","unstructured":"CloudFlare. 2022. DDoS Attack Trends for 2022 Q1. https:\/\/blog.cloudflare.com\/ddos-attack-trends-for-2022-q1\/, Accessed: July 6th, 2022."},{"key":"e_1_3_2_1_11_1","volume-title":"The mahalanobis distance. Chemometrics and intelligent laboratory systems 50, 1","author":"De\u00a0Maesschalck Roy","year":"2000","unstructured":"Roy De\u00a0Maesschalck, Delphine Jouan-Rimbaud, and D\u00e9sir\u00e9\u00a0L Massart. 2000. The mahalanobis distance. Chemometrics and intelligent laboratory systems 50, 1 (2000), 1\u201318."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2022.109553"},{"key":"e_1_3_2_1_13_1","volume-title":"2019 USENIX Annual Technical Conference (USENIX ATC 19)","author":"Demoulin Henri\u00a0Maxime","year":"2019","unstructured":"Henri\u00a0Maxime Demoulin, Isaac Pedisich, Nikos Vasilakis, Vincent Liu, Boon\u00a0Thau Loo, and Linh Thi\u00a0Xuan Phan. 2019. Detecting asymmetric application-layer denial-of-service attacks in-flight with finelame. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). 693\u2013708."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274727"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_20"},{"key":"e_1_3_2_1_16_1","volume-title":"Accessed: July 6th","author":"Database Exploit","year":"2012","unstructured":"Exploit Database. 2012. Hashtables Denial of Service. https:\/\/www.exploit-db.com\/exploits\/18296, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1088\/1757-899X\/850\/1\/012037"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3158644"},{"key":"e_1_3_2_1_19_1","volume-title":"Accessed: July 6th","author":"Hacking","year":"2015","unstructured":"Hacking with PHP. 2015. Denial of service. http:\/\/www.hackingwithphp.com\/17\/1\/9\/denial-of-service, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS.2016.7439939"},{"volume-title":"Accessed: July 6th","year":"2020","key":"e_1_3_2_1_21_1","unstructured":"[21] Imperva. 2020. https:\/\/tinyurl.com\/y5jmjuzv, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_22_1","volume-title":"Accessed: July 6th","author":"INDUSFACE.","year":"2019","unstructured":"[22] INDUSFACE. 2019. https:\/\/tinyurl.com\/y4c3ywry, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987487"},{"volume-title":"Accessed: July 6th","year":"2019","key":"e_1_3_2_1_24_1","unstructured":"[24] Kaspersky. 2019. https:\/\/tinyurl.com\/y258rnpm, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_25_1","volume-title":"Accessed: July 6th","author":"Kaspersky","year":"2018","unstructured":"Kaspersky lab. 2018. Denial of service: How Businesses Evaluate the threat of DDoS attacks. https:\/\/tinyurl.com\/ybnmogg3, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_26_1","volume-title":"Accessed: July 6th","author":"Ledger The\u00a0Security","year":"2018","unstructured":"[26] The\u00a0Security Ledger. 2018. https:\/\/tinyurl.com\/yysvu859, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 2003 international conference on machine learning and cybernetics (IEEE Cat. No. 03EX693)","author":"Li Kun-Lun","year":"2003","unstructured":"Kun-Lun Li, Hou-Kuan Huang, Sheng-Feng Tian, and Wei Xu. 2003. Improving one-class SVM for anomaly detection. In Proceedings of the 2003 international conference on machine learning and cybernetics (IEEE Cat. No. 03EX693), Vol.\u00a05. IEEE, 3077\u20133081."},{"key":"e_1_3_2_1_28_1","unstructured":"Lukas Martinelli. [n. d.]. Simulate Hash Collision Attack on a PHP Server. https:\/\/github.com\/lukasmartinelli\/php-dos-attack."},{"key":"e_1_3_2_1_29_1","volume-title":"Accessed: July 6th, 2021","author":"Meng Wei","year":"2018","unstructured":"Wei Meng. 2018. Rampart\u2019s code. https:\/\/github.com\/cuhk-seclab\/rampart, Accessed: July 6th, 2021. (2018)."},{"volume-title":"27th { USENIX} Security Symposium ({ USENIX} Security 18). 393\u2013410.","author":"Meng Wei","key":"e_1_3_2_1_30_1","unstructured":"Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, and Wenke Lee. 2018. Rampart: protecting web applications from CPU-exhaustion denial-of-service attacks. In 27th { USENIX} Security Symposium ({ USENIX} Security 18). 393\u2013410."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/306225.306235"},{"key":"e_1_3_2_1_32_1","volume-title":"Accessed: July 6th","author":"Niclausse Nicolas","year":"2017","unstructured":"Nicolas Niclausse. 2017. Tsung 1.7.0 released. http:\/\/tsung.erlang-projects.org\/, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2009.5199191"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813680"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134073"},{"key":"e_1_3_2_1_36_1","volume-title":"Accessed: July 6th","author":"Hat Red","year":"2019","unstructured":"Red Hat. 2019. Introduction to eBPF in Red Hat Enterprise Linux 7. https:\/\/www.redhat.com\/en\/blog\/introduction-ebpf-red-hat-enterprise-linux-7, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Marc Roig Marisa Catalan and Bernat Gast\u00f3n. 2019. Ensembled Outlier Detection using Multi-Variable Correlation in WSN through Unsupervised Learning Techniques.. In IoTBDS. 38\u201348.","DOI":"10.5220\/0007657400380048"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1080\/00401706.1999.10485670"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1080\/00401706.1999.10485670"},{"key":"e_1_3_2_1_40_1","volume-title":"Accessed: July 6th, 2021","author":"Scikit","year":"2018","unstructured":"Scikit learn. 2018. EllipticEnvelope. https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.covariance.EllipticEnvelope.html, Accessed: July 6th, 2021. (2018)."},{"volume-title":"Accessed: July 6th","year":"2012","key":"e_1_3_2_1_41_1","unstructured":"Selenium. 2012. Selenium Webdriver. https:\/\/tinyurl.com\/y6a4czhe, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2014.38"},{"key":"e_1_3_2_1_43_1","unstructured":"JacobMisirian SplittyDev. [n. d.]. Python implementation of a slowloris DoS tool. https:\/\/github.com\/ProjectMayhem\/PySlowLoris."},{"key":"e_1_3_2_1_44_1","volume-title":"Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In 27th USENIX Security Symposium (USENIX Security 18). 361\u2013376."},{"volume-title":"Accessed: July 6th","year":"2018","key":"e_1_3_2_1_45_1","unstructured":"Statista. 2018. Most popular retail websites in the United States as of December 2017, ranked by visitors (in millions). https:\/\/www.statista.com\/statistics\/271450\/monthly-unique-visitors-to-us-retail-websites\/, Accessed: July 6th, 2021."},{"volume-title":"Accessed: July 6th","year":"2019","key":"e_1_3_2_1_46_1","unstructured":"Statista. 2019. Combined desktop and mobile visits to Amazon.com from February 2018 to April 2019 (in millions). https:\/\/www.statista.com\/statistics\/623566\/web-visits-to-amazoncom\/, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_47_1","volume-title":"Accessed: July 6th","author":"Status Stack","year":"2016","unstructured":"Stack Status. 2016. Outage postmortem. https:\/\/stackstatus.tumblr.com\/post\/147710624694\/outage-postmortem-july-20-2016, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_48_1","unstructured":"SystemTap. [n. d.]. SystemTap. https:\/\/sourceware.org\/systemtap\/."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Liran Tal. 2019. The state of open source security report. https:\/\/res.cloudinary.com\/snyk\/image\/upload\/v1551172581\/The-State-Of-Open-Source-Security-Report-2019-Snyk.pdf.","DOI":"10.1016\/S1353-4858(19)30062-5"},{"key":"e_1_3_2_1_50_1","volume-title":"A survey of distributed denial of service attacks and defenses. arXiv preprint arXiv:2008.01345","author":"Tandon Rajat","year":"2020","unstructured":"Rajat Tandon. 2020. A survey of distributed denial of service attacks and defenses. arXiv preprint arXiv:2008.01345 (2020)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM48099.2022.10001010"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CloudNet51028.2020.9335812"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-78375-4_14"},{"key":"e_1_3_2_1_54_1","volume-title":"Accessed: July 6th","author":"Web Application Security The Open","year":"2018","unstructured":"The Open Web Application Security Project (OWASP). 2018. Regular expression Denial of Service - ReDoS. https:\/\/owasp.org\/www-community\/attacks\/Regular_expression_Denial_of_Service_-_ReDoS, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_55_1","unstructured":"Marino Urso. 2020. High performance eBPF probe for Alternate Marking performance monitoring. Ph.\u00a0D. Dissertation. Politecnico di Torino."},{"key":"e_1_3_2_1_56_1","volume-title":"Accessed: July 6th","author":"Li Vickie","year":"2018","unstructured":"Vickie Li. 2018. Preg_replace() PHP Function Exploitation. https:\/\/www.yeahhub.com\/code-execution-preg_replace-php-function-exploitation\/, Accessed: July 6th, 2021."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545967"},{"key":"e_1_3_2_1_58_1","volume-title":"SI","author":"White Brian","year":"2002","unstructured":"Brian White, Jay Lepreau, Leigh Stoller, Robert Ricci, Shashi Guruprasad, Mac Newbold, Mike Hibler, Chad Barb, and Abhijeet Joglekar. 2002. An integrated experimental environment for distributed systems and networks. ACM SIGOPS Operating Systems Review 36, SI (2002), 255\u2013270."},{"volume-title":"Accessed: July 6th","year":"2018","key":"e_1_3_2_1_59_1","unstructured":"Wikipedia. 2018. Curse of dimensionality. https:\/\/en.wikipedia.org\/wiki\/Curse_of_dimensionality, Accessed: July 6th, 2021."},{"volume-title":"Accessed: July 6th","year":"2018","key":"e_1_3_2_1_60_1","unstructured":"Wikipedia. 2018. Flask. https:\/\/en.wikipedia.org\/wiki\/Flask_(web_framework), Accessed: July 6th, 2021."},{"volume-title":"Accessed: July 6th","year":"2018","key":"e_1_3_2_1_61_1","unstructured":"Wikipedia. 2018. Log rotation. https:\/\/en.wikipedia.org\/wiki\/Log_rotation\/, Accessed: July 6th, 2021."},{"volume-title":"Accessed: July 6th, 2021","year":"2018","key":"e_1_3_2_1_62_1","unstructured":"Wikipedia. 2018. Slowloris. https:\/\/en.wikipedia.org\/wiki\/slowloris_(computer_security), Accessed: July 6th, 2021. (2018)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2107320"}],"event":{"name":"RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID 2023","location":"Hong Kong China"},"container-title":["Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607238","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607238","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607238","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:35Z","timestamp":1750178255000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607238"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":63,"alternative-id":["10.1145\/3607199.3607238","10.1145\/3607199"],"URL":"https:\/\/doi.org\/10.1145\/3607199.3607238","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}