{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T14:59:23Z","timestamp":1776783563587,"version":"3.51.2"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,7,31]],"date-time":"2018-07-31T00:00:00Z","timestamp":1532995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2018,12]]},"DOI":"10.1186\/s13635-018-0081-z","type":"journal-article","created":{"date-parts":[[2018,7,31]],"date-time":"2018-07-31T08:33:49Z","timestamp":1533026029000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["HADEC: Hadoop-based live DDoS detection framework"],"prefix":"10.1186","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4683-1988","authenticated-orcid":false,"given":"Sufian","family":"Hameed","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Usman","family":"Ali","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,7,31]]},"reference":[{"key":"81_CR1","unstructured":"Dyn cyberattack. \n www.theguardian.com\/technology\/2016\/oct\/26\/ddos-attack-dyn-mirai-botnet\n \n . Accessed 09 July 2018."},{"key":"81_CR2","unstructured":"Github ddos attack. \n www.wired.com\/story\/github-ddos-memcached\/\n \n . Accessed 09 July 2018."},{"key":"81_CR3","unstructured":"Hadoop. \n https:\/\/hadoop.apache.org\/\n \n . Accessed 09 July 2018."},{"key":"81_CR4","unstructured":"Hadoop yarn. \n http:\/\/hortonworks.com\/hadoop\/yarn\/\n \n . Accessed 09 July 2018."},{"key":"81_CR5","unstructured":"Iperf: network performance measurement tool. \n https:\/\/iperf.fr\/\n \n . Accessed 09 July 2018."},{"key":"81_CR6","unstructured":"Loic: a network stress testing application. \n http:\/\/sourceforge.net\/projects\/loic\/\n \n . Accessed 09 July 2018."},{"key":"81_CR7","unstructured":"Mapreduce. \n http:\/\/wiki.apache.org\/hadoop\/MapReduce\n \n . Accessed 09 July 2018."},{"key":"81_CR8","unstructured":"Mausezahn. \n https:\/\/github.com\/uweber\/mausezahn\n \n . Accessed 09 July 2018."},{"key":"81_CR9","unstructured":"Operation Payback cripples MasterCard site in revenge for WikiLeaks ban, dec. 8, 2010. \n http:\/\/www.guardian.co.uk\n \n . Accessed 09 July 2018."},{"key":"81_CR10","unstructured":"Powerful attack cripples internet, oct. 23, 2002. \n http:\/\/www.greenspun.com\/\n \n . Accessed 09 July 2018."},{"key":"81_CR11","unstructured":"Scapy. \n http:\/\/www.secdev.org\/projects\/scapy\/\n \n . Accessed 09 July 2018."},{"key":"81_CR12","unstructured":"Secure copy. \n http:\/\/linux.die.net\/man\/1\/scp\n \n . Accessed 09 July 2018."},{"key":"81_CR13","unstructured":"Tshark: network analyzer. \n www.wireshark.org\/docs\/man-pages\/tshark.html\n \n . Accessed 09 July 2018."},{"key":"81_CR14","unstructured":"Yahoo on trail of site hackers, wired.com, Feb. 8, 2000. \n http:\/\/www.wired.com\/\n \n . Accessed 09 July 2018."},{"key":"81_CR15","doi-asserted-by":"publisher","unstructured":"AA C\u00e1rdenas, PK Manadhata, SP Rajan, Big Data Analytics for Security. IEEE Security & Privacy. 11(6), 74\u201376 (2013). \n https:\/\/doi.org\/10.1109\/MSP.2013.138\n \n .","DOI":"10.1109\/MSP.2013.138"},{"key":"81_CR16","doi-asserted-by":"crossref","unstructured":"B Claise, Cisco systems netflow services export version 9, rfc 3954 (informational) (2004).","DOI":"10.17487\/rfc3954"},{"key":"81_CR17","unstructured":"PJ Criscuolo, Distributed denial of service: Trin00, tribe flood network, tribe flood network 2000, and stacheldraht ciac-2319 (2000). Technical report, DTIC Document."},{"key":"81_CR18","doi-asserted-by":"publisher","unstructured":"R Fontugne, J Mazel, K Fukuda, in 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Hashdoop: A MapReduce framework for network anomaly detection (Toronto, 2014), pp. 494\u2013499. \n https:\/\/doi.org\/10.1109\/INFCOMW.2014.6849281\n \n .","DOI":"10.1109\/INFCOMW.2014.6849281"},{"key":"81_CR19","doi-asserted-by":"publisher","unstructured":"J Francois, S Wang, W Bronzi, R State, T Engel, in 2011 IEEE International Workshop on Information Forensics and Security. BotCloud: Detecting botnets using MapReduce (Iguacu Falls, 2011), pp. 1\u20136. \n https:\/\/doi.org\/10.1109\/WIFS.2011.6123125\n \n .","DOI":"10.1109\/WIFS.2011.6123125"},{"key":"81_CR20","unstructured":"J Francois, S Wang, R State, T Engel, ed. by J Domingo-Pascual, P Manzoni, S Palazzo, A Pont, and C Scoglio. NETWORKING 2011, volume 6640 of Lecture Notes in Computer Science (SpringerBerlin Heidelberg, 2011), pp. 1\u201314."},{"key":"81_CR21","doi-asserted-by":"publisher","unstructured":"S Hameed, U Ali, in IEEE\/IFIP Network Operations and Management Symposium (NOMS). Efficacy of Live DDoS Detection with Hadoop (Istanbul, 2016), pp. 488\u2013494. \n https:\/\/doi.org\/10.1109\/NOMS.2016.7502848\n \n .","DOI":"10.1109\/NOMS.2016.7502848"},{"key":"81_CR22","doi-asserted-by":"publisher","unstructured":"S Hameed, HA Khan, in International Conference on Networked Systems (NetSys). Leveraging SDN for collaborative DDoS mitigation (Gottingen, 2017), pp. 1\u20136. \n https:\/\/doi.org\/10.1109\/NetSys.2017.7903962\n \n .","DOI":"10.1109\/NetSys.2017.7903962"},{"key":"81_CR23","unstructured":"S Hameed, UM Ali, On the efficacy of live ddos detection with hadoop. CoRR (2015). abs\/1506.08953, arxiv.org\/abs\/1506.08953."},{"key":"81_CR24","doi-asserted-by":"crossref","unstructured":"S Hameed, HA Khan, SDN based collaborative scheme for mitigation of DDoS attacks. Futur. Internet. 23(2018).","DOI":"10.3390\/fi10030023"},{"issue":"7","key":"81_CR25","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"C Kolias, G Kambourakis, A Stavrou, J Voas, DDoA in the IoT: Mirai and other botnets. Computer. 50(7), 80\u201384 (2017).","journal-title":"Computer"},{"key":"81_CR26","first-page":"51","volume-title":"Traffic Monitoring and Analysis, volume 6613 of Lecture Notes in Computer Science","author":"Y Lee","year":"2011","unstructured":"Y Lee, W Kang, Y Lee, in Traffic Monitoring and Analysis, volume 6613 of Lecture Notes in Computer Science, ed. by J Domingo-Pascual, Y Shavitt, and S Uhlig. A hadoop-based packet trace processing tool (SpringerBerlin Heidelberg, 2011), pp. 51\u201363."},{"key":"81_CR27","doi-asserted-by":"publisher","unstructured":"Y Lee, Y Lee, in In Proceedings of The ACM CoNEXT Student Workshop (CoNEXT \u201911 Student). Detecting DDoS attacks with Hadoop (ACMNew York, 2011). Article 7, 2 pages. \n https:\/\/doi.org\/10.1145\/2079327.2079334\n \n .","DOI":"10.1145\/2079327.2079334"},{"key":"81_CR28","doi-asserted-by":"publisher","unstructured":"J Mirkovic, G Prier, P Reiher, in Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP). Attacking DDoS at the source, (2002), pp. 312\u2013321. \n https:\/\/doi.org\/10.1109\/ICNP.2002.1181418\n \n .","DOI":"10.1109\/ICNP.2002.1181418"},{"key":"81_CR29","doi-asserted-by":"publisher","unstructured":"J Mirkovic, G Prier, P Reiher, in Second IEEE International Symposium on Network Computing and Applications (NCA). Source-end DDoS defense, (2003), pp. 171\u2013178. \n https:\/\/doi.org\/10.1109\/NCA.2003.1201153\n \n .","DOI":"10.1109\/NCA.2003.1201153"},{"key":"81_CR30","doi-asserted-by":"publisher","unstructured":"K Park, H Lee, in Proceedings IEEE Conference on Computer Communications (INFOCOM), 1. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack (Anchorage, 2001), pp. 338\u2013347. \n https:\/\/doi.org\/10.1109\/INFCOM.2001.916716\n \n .","DOI":"10.1109\/INFCOM.2001.916716"},{"key":"81_CR31","doi-asserted-by":"crossref","unstructured":"K Park, H Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. ACM SIGCOMM computer communication review. 31(4) (2001).","DOI":"10.1145\/964723.383061"},{"issue":"23\u201324","key":"81_CR32","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"V Paxson, Bro: A system for detecting network intruders in real-time. Comput. Netw. 31(23\u201324), 2435\u20132463 (1999).","journal-title":"Comput. Netw"},{"key":"81_CR33","doi-asserted-by":"crossref","unstructured":"A Pras, JJ Santanna, J Steinberger, A Sperotto, in International GI\/ITG Conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance. Ddos 3.0-how terrorists bring down the internet (Springer, 2016), pp. 1\u20134.","DOI":"10.1007\/978-3-319-31559-1_1"},{"issue":"1","key":"81_CR34","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/TNET.2008.926503","volume":"17","author":"S Ranjan","year":"2009","unstructured":"S Ranjan, R Swaminathan, M Uysal, A Nucci, E Knightly, DDos-shield: DDos-resilient scheduling to counter application layer attacks. IEEE\/ACM Trans. Networking (TON). 17(1), 26\u201339 (2009).","journal-title":"IEEE\/ACM Trans. Networking (TON)"},{"key":"81_CR35","first-page":"229","volume-title":"Proceedings of the 13th USENIX Conference on System Administration, LISA \u201999","author":"M Roesch","year":"1999","unstructured":"M Roesch, in Proceedings of the 13th USENIX Conference on System Administration, LISA \u201999. Snort - lightweight intrusion detection for networks (USENIX AssociationBerkeley, 1999), pp. 229\u2013238."},{"key":"81_CR36","doi-asserted-by":"publisher","unstructured":"JJ Santanna, et al., in IFIP\/IEEE International Symposium on Integrated Network Management (IM). Booters \u2013 An analysis of DDoS-as-a-service attacks (Ottawa, 2015), pp. 243\u2013251. \n https:\/\/doi.org\/10.1109\/INM.2015.7140298\n \n .","DOI":"10.1109\/INM.2015.7140298"},{"issue":"1","key":"81_CR37","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/TNET.2006.890133","volume":"15","author":"H Wang","year":"2007","unstructured":"H Wang, C Jin, KG Shin.Defense against spoofed IP traffic using hop-count filtering. IEEE\/ACM Trans. Networking (ToN). 15(1), 40\u201353 (2007).","journal-title":"IEEE\/ACM Trans. Networking (ToN)"},{"key":"81_CR38","doi-asserted-by":"publisher","unstructured":"A Yaar, A Perrig, D Song, in Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P). Pi: a path identification mechanism to defend against DDoS attacks, (2003), pp. 93\u2013107. \n https:\/\/doi.org\/10.1109\/SECPRI.2003.1199330\n \n .","DOI":"10.1109\/SECPRI.2003.1199330"},{"key":"81_CR39","doi-asserted-by":"publisher","unstructured":"X Yang, D Wetherall, T Anderson, A DoS-limiting network architecture. SIGCOMM Computer Communication Review. 35(4), 241\u2013252 (2005). \n https:\/\/doi.org\/10.1145\/1090191.1080120\n \n .","DOI":"10.1145\/1090191.1080120"},{"issue":"6","key":"81_CR40","doi-asserted-by":"publisher","first-page":"1267","DOI":"10.1109\/TNET.2007.914506","volume":"16","author":"X Yang","year":"2008","unstructured":"X Yang, D Wetherall, T Anderson, TVA: a DoS-limiting network architecture. IEEE\/ACM Trans. Networking. 16(6), 1267\u20131280 (2008).","journal-title":"IEEE\/ACM Trans. Networking"},{"issue":"4","key":"81_CR41","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","volume":"15","author":"ST Zargar","year":"2013","unstructured":"ST Zargar, J Joshi, D Tipper, A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. Commun. Surv. Tutorials IEEE. 15(4), 2046\u20132069 (2013).","journal-title":"Commun. Surv. Tutorials IEEE"}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0081-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13635-018-0081-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-018-0081-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,30]],"date-time":"2019-07-30T19:05:58Z","timestamp":1564513558000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-018-0081-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,31]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["81"],"URL":"https:\/\/doi.org\/10.1186\/s13635-018-0081-z","relation":{},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,31]]},"assertion":[{"value":"27 September 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 July 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 July 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"There are no non-financial competing interests (political, personal, religious, ideological, academic, intellectual, commercial or any other) to declare in relation to this manuscript.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"11"}}