{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T17:31:40Z","timestamp":1780594300012,"version":"3.54.1"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,8,30]],"date-time":"2022-08-30T00:00:00Z","timestamp":1661817600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,8,30]],"date-time":"2022-08-30T00:00:00Z","timestamp":1661817600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cloud Comp"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>In this paper, a real cloud computing platform-oriented Low-rate Denial of Service (LDoS) attack detection method based on time-frequency characteristics of traffic data is proposed. All the traffic data flowing through the Web server is acquired by the collection and storage system, the original traffic data is divided into multiple flow segments by the preprocessing module, and the simple statistical features of several data packets in the flow are extracted by the analysis tool to form the detection sequence. The deep neural network is used to learn the potential time-frequency domain connection in the normal feature sequence and generate the reconstructed sequence. The discrimination module discriminates against the LDoS attack according to the difference between the reconstructed sequence and the input data in the time-frequency domain. The experimental results show that the proposed method can accurately detect the attack features in the stream segments in a very short time, and can achieve high detection accuracy for complex and diverse LDoS attacks. Because only the statistical characteristics of data packets are used, it is not necessary to analyze the data in the packets, which can be adapted to different network environments.<\/jats:p>","DOI":"10.1186\/s13677-022-00308-3","type":"journal-article","created":{"date-parts":[[2022,8,30]],"date-time":"2022-08-30T16:06:06Z","timestamp":1661875566000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Low-rate Denial of Service attack detection method based on time-frequency characteristics"],"prefix":"10.1186","volume":"11","author":[{"given":"Yu","family":"Fu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xueyuan","family":"Duan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kun","family":"Wang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Bin","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,8,30]]},"reference":[{"key":"308_CR1","first-page":"133","volume-title":"Proceedings of 2015 IEEE International Conference on IT Convergence & Security (ICITCS)","author":"E Adi","year":"2015","unstructured":"Adi E, Baig Z, Lam CP et al (2015) Low-rate denial-of-service attacks against HTTP\/2 services. In: Proceedings of 2015 IEEE International Conference on IT Convergence & Security (ICITCS), pp 133\u2013139"},{"key":"308_CR2","doi-asserted-by":"publisher","first-page":"43920","DOI":"10.1109\/ACCESS.2020.2976609","volume":"8","author":"ZHJ Wu","year":"2020","unstructured":"Wu ZHJ, Li WJ, Liu L et al (2020) Low-rate DoS attacks, detection, defense, and challenges: a survey. IEEE Access 8:43920\u201343943","journal-title":"IEEE Access"},{"key":"308_CR3","volume-title":"Computer networking. A top-down approach","author":"JF Kurose","year":"2021","unstructured":"Kurose JF, Ross KW (2021) Computer networking. A top-down approach, 8th edn. Pearson, New York","edition":"8"},{"key":"308_CR4","doi-asserted-by":"publisher","first-page":"9377","DOI":"10.1007\/s11227-021-04213-5","volume":"78","author":"S Manimurugan","year":"2022","unstructured":"Manimurugan S, Almutairi S (2022) A user-based video recom-mendation approach using CAC filtering, PCA with LDOS-CoMoDa. J Supercomput 78:9377\u20139391","journal-title":"J Supercomput"},{"key":"308_CR5","volume-title":"Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA","author":"XP Luo","year":"2005","unstructured":"Luo XP, Chang RK (2005) On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA"},{"key":"308_CR6","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1109\/ICNP.2004.1348109","volume-title":"Proceedings of the 12th IEEE International Conference on Network Protocols, ICNP 2004, Berlin, Germany","author":"M Guirguis","year":"2004","unstructured":"Guirguis M, Bestavros A, Matta I (2004) Exploiting the transients of adaptation for RoQ attacks on internet resources. In: Proceedings of the 12th IEEE International Conference on Network Protocols, ICNP 2004, Berlin, Germany, pp 184\u2013195"},{"key":"308_CR7","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1109\/SPW.2018.00013","volume-title":"Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA","author":"R Doshi","year":"2018","unstructured":"Doshi R, Apthorpe N, Feamster N (2018) Machine learning ddos detection for consumer internet of things devices. In: Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, pp 29\u201335"},{"key":"308_CR8","doi-asserted-by":"publisher","unstructured":"Badshah A, Jalal A, Farooq U, Rehman GU, Band SS, Iwendi C (2022) Service level agreement monitoring as a service: an independent monitoring service for service level agreements in clouds, Big Data. Ahead of print https:\/\/doi.org\/10.1089\/big.2021.0274","DOI":"10.1089\/big.2021.0274"},{"issue":"1","key":"308_CR9","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/TCC.2014.2325045","volume":"3","author":"F Massimo","year":"2015","unstructured":"Massimo F, Massimiliano R (2015) Stealthy denial of service strategy in cloud computing. IEEE Trans Cloud Comput 3(1):80\u201394","journal-title":"IEEE Trans Cloud Comput"},{"key":"308_CR10","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1109\/TDSC.2015.2443807","volume":"13","author":"ZJ Wu","year":"2015","unstructured":"Wu ZJ, Zhang LY, Yue M (2015) Low-rate DoS attacks detection based on network multifractal. IEEE T rans Dependable Secur Comput 13:559\u2013567","journal-title":"IEEE T rans Dependable Secur Comput"},{"key":"308_CR11","first-page":"80","volume-title":"International Conference on Big Data and Security","author":"S Xie","year":"2019","unstructured":"Xie S, Xing C, Zhang G et al (2019) Research on table overflow ldos attack detection and defense method in software defined networks. In: International Conference on Big Data and Security. Springer, Singapore, pp 80\u201397"},{"issue":"4","key":"308_CR12","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1016\/j.dcan.2020.04.002","volume":"6","author":"L Liu","year":"2020","unstructured":"Liu L, Wang HY, Wu ZHJ et al (2020) The detection method of low-rate DoS attack based on multi-feature fusion. Digit Commun Netw 6(4):504\u2013513","journal-title":"Digit Commun Netw"},{"key":"308_CR13","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/CSCloud.2017.58","volume-title":"Proceedings of the 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA","author":"Z He","year":"2017","unstructured":"He Z, Zhang T, Lee RB (2017) Machine learning based DDoS attack detection from source side in cloud. In: Proceedings of the 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA, pp 114\u2013120"},{"key":"308_CR14","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1145\/863955.863966","volume-title":"Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe Germany","author":"A Kuzmanovic","year":"2003","unstructured":"Kuzmanovic A, Knightly EW (2003) Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe Germany, pp 75\u201386"},{"issue":"4","key":"308_CR15","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1109\/TNET.2006.880180","volume":"14","author":"A Kuzmanovic","year":"2006","unstructured":"Kuzmanovic A, Knightly EW (2006) Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE ACM Trans Netw 14(4):683\u2013696 Karlsruhe, Germany","journal-title":"IEEE ACM Trans Netw"},{"key":"308_CR16","doi-asserted-by":"publisher","first-page":"1373","DOI":"10.1007\/s10586-022-03537-y","volume":"25","author":"D Tang","year":"2022","unstructured":"Tang D, Yan Y, Dai R et al (2022) A novel LDoS attack detection method based on reconstruction anomaly. Clust Comput 25:1373\u20131392","journal-title":"Clust Comput"},{"key":"308_CR17","volume-title":"Proc. ACM CCS","author":"C Jin","year":"2003","unstructured":"Jin C, Wang H, Shin K (2003) Hop-count filtering: an effective defense against spoofed DoS traffic. In: Proc. ACM CCS"},{"issue":"5","key":"308_CR18","first-page":"19","volume":"38","author":"ZJ Wu","year":"2017","unstructured":"Wu ZJ, Zhang JA, Yue M (2017) Approach of detecting low-rate DoS attack based on combined features. J Commun 38(5):19\u201330","journal-title":"J Commun"},{"key":"308_CR19","first-page":"413","volume-title":"Proceedings of the International Conference on Grid and Cooperative Computing, Shanghai, China","author":"D Liu","year":"2003","unstructured":"Liu D, Shuai D (2003) Multifractal characteristic quantities of network traffic models. In: Proceedings of the International Conference on Grid and Cooperative Computing, Shanghai, China, pp 413\u2013417"},{"issue":"15","key":"308_CR20","doi-asserted-by":"publisher","first-page":"3417","DOI":"10.1016\/j.comnet.2012.07.003","volume":"56","author":"C Zhang","year":"2012","unstructured":"Zhang C, Cai Z, Chen W et al (2012) Flow level detection and filtering of low-rate DDoS. Comput Netw 56(15):3417\u20133431","journal-title":"Comput Netw"},{"issue":"6","key":"308_CR21","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1109\/CC.2017.7961367","volume":"14","author":"Z Wu","year":"2017","unstructured":"Wu Z, Wang M, Yan C et al (2017) Low-rate DoS attack flows filtering based on frequency spectral analysis. China Commun 14(6):98\u2013112","journal-title":"China Commun"},{"key":"308_CR22","doi-asserted-by":"crossref","unstructured":"Zhang DSH, Tang D, Tang L, et al (2019) PCA-SVM-based approach of detecting low-rate dos attack. In: Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Zhangjiajie, China. pp 1163\u20131170","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00164"},{"key":"308_CR23","doi-asserted-by":"crossref","unstructured":"Yan, Y, Tang D, Zhan S, et al (2019) Low-rate dos attack detection based on improved logistic regression. In: Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC\/SmartCity\/DSS), Zhangjiajie, China. pp 468\u2013476","DOI":"10.1109\/HPCC\/SmartCity\/DSS.2019.00076"},{"key":"308_CR24","doi-asserted-by":"publisher","first-page":"155859","DOI":"10.1109\/ACCESS.2020.3019330","volume":"8","author":"JA P\u00e9rez-D\u00edaz","year":"2020","unstructured":"P\u00e9rez-D\u00edaz JA, Valdovinos IA, Choo KKR, Zhu D (2020) A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8:155859\u2013155872","journal-title":"IEEE Access"},{"issue":"8","key":"308_CR25","first-page":"178","volume":"46","author":"ZH Du","year":"2019","unstructured":"Du ZH, Ma LP, Sun GZ (2019) Network traffic anomaly detection based on wavelet analysis. Comput Sci 46(8):178\u2013182","journal-title":"Comput Sci"},{"key":"308_CR26","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1016\/j.ipl.2018.06.001","volume":"138","author":"N Agrawal","year":"2018","unstructured":"Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inf Process Lett 138:44\u201350","journal-title":"Inf Process Lett"},{"key":"308_CR27","first-page":"954","volume-title":"Proceedings of the 2015 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Paris, France","author":"J Brynielsson","year":"2015","unstructured":"Brynielsson J, Sharma R (2015) Detectability of low-rate HTTP server DoS attacks using spectral analysis. In: Proceedings of the 2015 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Paris, France, pp 954\u2013961"},{"key":"308_CR28","doi-asserted-by":"crossref","unstructured":"Wu XX, Tang D, Tang L, et al (2018) A low-rate dos attack detection method based on hilbert spectrum and correlation. Proceedings of the 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld\/SCALCOM\/UIC\/ATC\/CBDCom\/IOP\/SCI), Guangzhou, China. pp. 1358\u20131363","DOI":"10.1109\/SmartWorld.2018.00236"},{"key":"308_CR29","first-page":"1","volume-title":"Proceedings of 2019 IEEE 4th International Conference on Internet of Things: Smart Innovation and Usages","author":"R Swami","year":"2019","unstructured":"Swami R, Dave M, Ranga V (2019) Defending DDoS against software defined networks using entropy. In: Proceedings of 2019 IEEE 4th International Conference on Internet of Things: Smart Innovation and Usages, pp 1\u20135"},{"key":"308_CR30","first-page":"1","volume-title":"Proceedings of the International Carnahan Conference on Security Technology (ICCST), Chennai, India","author":"I Sharafaldin","year":"2019","unstructured":"Sharafaldin I, Lashkari AH, Hakak S et al (2019) Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: Proceedings of the International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp 1\u20138"},{"key":"308_CR31","first-page":"1595","volume-title":"ICDCS","author":"D Kwon","year":"2018","unstructured":"Kwon D, Natarajan K, Suh SC et al (2018) An empirical study on network anomaly detection using convolutional neural networks. In: ICDCS, pp 1595\u20131598"},{"key":"308_CR32","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-030-01168-0_7","volume-title":"Internet of things, smart spaces, and next generation networks and systems","author":"T Bodstr\u00f6m","year":"2018","unstructured":"Bodstr\u00f6m T, H\u00e4m\u00e4l\u00e4inen T (2018) State of the art literature review on network anomaly detection with deep learning. In: Internet of things, smart spaces, and next generation networks and systems, pp 64\u201376"},{"key":"308_CR33","first-page":"550","volume-title":"Advances in neural information processing systems","author":"A Veit","year":"2016","unstructured":"Veit A, Wilber M, Belongie S (2016) Residual networks behave like ensembles of relatively shallow networks. In: Advances in neural information processing systems, pp 550\u2013558"}],"container-title":["Journal of Cloud Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-022-00308-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13677-022-00308-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13677-022-00308-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,2]],"date-time":"2022-09-02T22:03:34Z","timestamp":1662156214000},"score":1,"resource":{"primary":{"URL":"https:\/\/journalofcloudcomputing.springeropen.com\/articles\/10.1186\/s13677-022-00308-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,30]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["308"],"URL":"https:\/\/doi.org\/10.1186\/s13677-022-00308-3","relation":{},"ISSN":["2192-113X"],"issn-type":[{"value":"2192-113X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,30]]},"assertion":[{"value":"29 June 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 August 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 August 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"31"}}