{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T18:02:25Z","timestamp":1774720945895,"version":"3.50.1"},"reference-count":29,"publisher":"Zhejiang University Press","issue":"9","license":[{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"the National Key R&D Program of China","award":["2017YFB0802300"],"award-info":[{"award-number":["2017YFB0802300"]}]},{"name":"the National Key R&D Program of China","award":["2017YFC0803700"],"award-info":[{"award-number":["2017YFC0803700"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Frontiers Inf Technol Electronic Eng"],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1631\/fitee.1800436","type":"journal-article","created":{"date-parts":[[2019,10,18]],"date-time":"2019-10-18T12:01:05Z","timestamp":1571400065000},"page":"1195-1208","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Discovery method for distributed denial-of-service attack behavior in SDNs using a feature-pattern graph model"],"prefix":"10.1631","volume":"20","author":[{"given":"Ya","family":"Xiao","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7011-8632","authenticated-orcid":false,"given":"Zhi-jie","family":"Fan","sequence":"additional","affiliation":[]},{"given":"Amiya","family":"Nayak","sequence":"additional","affiliation":[]},{"given":"Cheng-xiang","family":"Tan","sequence":"additional","affiliation":[]}],"member":"635","published-online":{"date-parts":[[2019,10,18]]},"reference":[{"key":"1428_CR1","doi-asserted-by":"publisher","unstructured":"Albin E, Rowe NC, 2012. A realistic experimental comparison of the Suricata and Snort intrusion-detection systems. Proc 26th Int Conf on Advanced Information Networking and Applications Workshops, p.122\u2013127. \n https:\/\/doi.org\/10.1109\/WAINA.2012.29","DOI":"10.1109\/WAINA.2012.29"},{"key":"1428_CR2","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1016\/j.jnca.2016.12.024","volume":"80","author":"A AlEroud","year":"2017","unstructured":"AlEroud A, Alsmadi I, 2017. Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach. J Netw Comput Appl, 80:152\u2013164. \n https:\/\/doi.org\/10.1016\/j.jnca.2016.12.024","journal-title":"J Netw Comput Appl"},{"key":"1428_CR3","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/978-3-319-11599-3_14","volume-title":"Secure IT Systems","author":"Markku Antikainen","year":"2014","unstructured":"Antikainen M, Aura T, S\u00e4rel\u00e4 M, 2014. Spook in your network: attacking an SDN with a compromised OpenFlow switch. Proc 19th Nordic Conf on Secure IT Systems, p.229\u2013244. \n https:\/\/doi.org\/10.1007\/978-3-319-11599-3_14"},{"issue":"10","key":"1428_CR4","first-page":"166","volume":"17","author":"MZA Aziz","year":"2017","unstructured":"Aziz MZA, Okamura K, 2017. Leveraging SDN for detection and mitigation SMTP flood attack through deep learning analysis techniques. Int J Comput Sci Netw Secur, 17(10):166\u2013172.","journal-title":"Int J Comput Sci Netw Secur"},{"issue":"2","key":"1428_CR5","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/s13369-017-2414-5","volume":"42","author":"NZ Bawany","year":"2017","unstructured":"Bawany NZ, Shamsi JA, Salah K, 2017. DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng, 42(2):425\u2013441. \n https:\/\/doi.org\/10.1007\/s13369-017-2414-5","journal-title":"Arab J Sci Eng"},{"key":"1428_CR6","doi-asserted-by":"publisher","unstructured":"Braga R, Mota E, Passito A, 2010. Lightweight DDoS flooding attack detection using NOX\/OpenFlow. Proc IEEE Local Computer Network Conf, p.408\u2013415. \n https:\/\/doi.org\/10.1109\/LCN.2010.5735752","DOI":"10.1109\/LCN.2010.5735752"},{"issue":"4","key":"1428_CR7","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TDSC.2013.8","volume":"10","author":"CJ Chung","year":"2013","unstructured":"Chung CJ, Khatkar P, Xing TY, et al., 2013. NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans Depend Sec Comput, 10(4):198\u2013211. \n https:\/\/doi.org\/10.1109\/TDSC.2013.8","journal-title":"IEEE Trans Depend Sec Comput"},{"key":"1428_CR8","doi-asserted-by":"publisher","unstructured":"de Oliveira RLS, Schweitzer CM, Shinoda AA, et al., 2014. Using Mininet for emulation and prototyping software-defined networks. Proc IEEE Colombian Conf on Communications and Computing, p.1\u20136. \n https:\/\/doi.org\/10.1109\/ColComCon.2014.6860404","DOI":"10.1109\/ColComCon.2014.6860404"},{"issue":"2","key":"1428_CR9","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/s12083-017-0604-2","volume":"12","author":"ZJ Fan","year":"2019","unstructured":"Fan ZJ, Xiao Y, Nayak A, et al., 2019. An improved network security situation assessment approach in software defined networks. Peer-to-Peer Netw Appl, 12(2):295\u2013309. \n https:\/\/doi.org\/10.1007\/s12083-017-0604-2","journal-title":"Peer-to-Peer Netw Appl"},{"issue":"4","key":"1428_CR10","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/2829988.2790011","volume":"45","author":"P Fiadino","year":"2015","unstructured":"Fiadino P, D\u2019Alconzo A, Schiavone M, et al., 2015. Challenging entropy-based anomaly detection and diagnosis in cellular networks. ACM SIGCOMM Comput Commun Rev, 45(4):87\u201388. \n https:\/\/doi.org\/10.1145\/2829988.2790011","journal-title":"ACM SIGCOMM Comput Commun Rev"},{"key":"1428_CR11","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1016\/j.bjp.2013.10.014","volume":"62","author":"K Giotis","year":"2014","unstructured":"Giotis K, Argyropoulos C, Androulidakis G, et al., 2014. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw, 62:122\u2013136. \n https:\/\/doi.org\/10.1016\/j.bjp.2013.10.014","journal-title":"Comput Netw"},{"key":"1428_CR12","unstructured":"Goldberger J, Roweis S, Hinton G, et al., 2004. Neighbourhood components analysis. Proc 17th Int Conf on Neural Information Processing Systems, p.513\u2013520."},{"key":"1428_CR13","doi-asserted-by":"publisher","unstructured":"Kl\u00f6ti R, Kotronis V, Smith P, 2013. OpenFlow: a security analysis. Proc 21st IEEE Int Conf on Network Protocols, p.1\u20136. \n https:\/\/doi.org\/10.1109\/ICNP.2013.6733671","DOI":"10.1109\/ICNP.2013.6733671"},{"key":"1428_CR14","doi-asserted-by":"publisher","unstructured":"Kobayashi TH, Batista AB, Brito AM, et al., 2007. Using a packet manipulation tool for security analysis of industrial network protocols. Proc IEEE Conf on Emerging Technologies and Factory Automation, p.744\u2013747. \n https:\/\/doi.org\/10.1109\/EFTA.2007.4416847","DOI":"10.1109\/EFTA.2007.4416847"},{"issue":"1","key":"1428_CR15","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","volume":"103","author":"D Kreutz","year":"2015","unstructured":"Kreutz D, Ramos FM, Ver\u00edssimo PE, et al., 2015. Software-defined networking: a comprehensive survey. Proc IEEE, 103(1):14\u201376. \n https:\/\/doi.org\/10.1109\/JPROC.2014.2371999","journal-title":"Proc IEEE"},{"key":"1428_CR16","doi-asserted-by":"publisher","first-page":"709","DOI":"10.1007\/978-3-642-19309-5_55","volume-title":"Computer Vision \u2013 ACCV 2010","author":"Hieu V. Nguyen","year":"2011","unstructured":"Nguyen HV, Bai L, 2010. Cosine similarity metric learning for face verification. Proc 10th Asian Conf on Computer Vision, p.709\u2013720. \n https:\/\/doi.org\/10.1007\/978-3-642-19309-5_55"},{"issue":"12","key":"1428_CR17","doi-asserted-by":"publisher","first-page":"e2","DOI":"10.4108\/eai.28-12-2017.153515","volume":"4","author":"Q Niyaz","year":"2017","unstructured":"Niyaz Q, Sun WQ, Javaid AY, 2017. A deep learning based DDoS detection system in software-defined networking (SDN). EAI Endorsed Trans Secur Safety, 4(12):e2. \n https:\/\/doi.org\/10.4108\/eai.28-12-2017.153515","journal-title":"EAI Endorsed Trans Secur Safety"},{"key":"1428_CR18","unstructured":"Roesch M, 1999. Snort: lightweight intrusion detection for networks. Proc 13th USENIX Conf on System Administration, p.229\u2013238."},{"key":"1428_CR19","doi-asserted-by":"publisher","unstructured":"Scott-Hayward S, O\u2019Callaghan G, Sezer S, 2013. SDN security: a survey. IEEE SDN for Future Networks and Services, p.1\u20137. \n https:\/\/doi.org\/10.1109\/SDN4FNS.2013.6702553","DOI":"10.1109\/SDN4FNS.2013.6702553"},{"key":"1428_CR20","doi-asserted-by":"publisher","unstructured":"Shalimov A, Zuikov D, Zimarina D, et al., 2013. Advanced study of SDN\/OpenFlow controllers. Proc 9th Central & Eastern European Software Engineering Conf in Russia, Article 1. \n https:\/\/doi.org\/10.1145\/2556610.2556621","DOI":"10.1145\/2556610.2556621"},{"issue":"9","key":"1428_CR21","doi-asserted-by":"publisher","first-page":"1524","DOI":"10.1109\/TNN.2010.2052630","volume":"21","author":"C Shen","year":"2010","unstructured":"Shen C, Kim J, Wang L, 2010. Scalable large-margin ma-halanobis distance metric learning. IEEE Trans Neur Netw, 21(9):1524\u20131530. \n https:\/\/doi.org\/10.1109\/TNN.2010.2052630","journal-title":"IEEE Trans Neur Netw"},{"issue":"3","key":"1428_CR22","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi A, Shiravi H, Tavallaee M, et al., 2012. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur, 31(3):357\u2013374. \n https:\/\/doi.org\/10.1016\/j.cose.2011.12.012","journal-title":"Comput Secur"},{"issue":"7","key":"1428_CR23","doi-asserted-by":"publisher","first-page":"3797","DOI":"10.1109\/TIT.2014.2320500","volume":"60","author":"T van Erven","year":"2014","unstructured":"van Erven T, Harremos P, 2014. R\u00e9nyi divergence and Kullback-Leibler divergence. IEEE Trans Inform Theory, 60(7):3797\u20133820. \n https:\/\/doi.org\/10.1109\/TIT.2014.2320500","journal-title":"IEEE Trans Inform Theory"},{"key":"1428_CR24","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1016\/j.comnet.2015.02.026","volume":"81","author":"B Wang","year":"2015","unstructured":"Wang B, Zheng Y, Lou WJ, et al., 2015. DDoS attack protection in the era of cloud computing and software-defined networking. Comput Netw, 81:308\u2013319. \n https:\/\/doi.org\/10.1016\/j.comnet.2015.02.026","journal-title":"Comput Netw"},{"key":"1428_CR25","doi-asserted-by":"publisher","unstructured":"Wang R, Jia ZP, Ju L, 2015. An entropy-based distributed DDoS detection mechanism in software-defined networking. Proc IEEE Trustcom\/BigDataSE\/ISPA, p.310\u2013317. \n https:\/\/doi.org\/10.1109\/Trustcom.2015.389","DOI":"10.1109\/Trustcom.2015.389"},{"key":"1428_CR26","unstructured":"Wu QS, Ferebee D, Lin YY, et al., 2009. An integrated cyber security monitoring system using correlation-based techniques. Proc IEEE Int Conf on System of Systems Engineering, p.1\u20136."},{"key":"1428_CR27","doi-asserted-by":"publisher","unstructured":"Xu Y, Liu Y, 2016. DDoS attack detection under SDN context. Proc 35th Annual IEEE Int Conf on Computer Communications, p.1\u20139. \n https:\/\/doi.org\/10.1109\/INFOCOM.2016.7524500","DOI":"10.1109\/INFOCOM.2016.7524500"},{"issue":"1","key":"1428_CR28","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1109\/COMST.2015.2487361","volume":"18","author":"Q Yan","year":"2016","unstructured":"Yan Q, Yu FR, Gong QX, et al., 2016. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor, 18(1):602\u2013622. \n https:\/\/doi.org\/10.1109\/COMST.2015.2487361","journal-title":"IEEE Commun Surv Tutor"},{"key":"1428_CR29","doi-asserted-by":"publisher","unstructured":"Yu S, Guo S, Stojmenovic I, 2012. Can we beat legitimate cyber behavior mimicking attacks from botnets? Proc IEEE INFOCOM, p.2851\u20132855. \n https:\/\/doi.org\/10.1109\/INFCOM.2012.6195714","DOI":"10.1109\/INFCOM.2012.6195714"}],"container-title":["Frontiers of Information Technology & Electronic Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1631\/FITEE.1800436.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1631\/FITEE.1800436\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1631\/FITEE.1800436.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T23:06:05Z","timestamp":1602889565000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1631\/FITEE.1800436"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9]]},"references-count":29,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2019,9]]}},"alternative-id":["1428"],"URL":"https:\/\/doi.org\/10.1631\/fitee.1800436","relation":{},"ISSN":["2095-9184","2095-9230"],"issn-type":[{"value":"2095-9184","type":"print"},{"value":"2095-9230","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9]]},"assertion":[{"value":"18 July 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 September 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 October 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Ya XIAO, Zhi-jie FAN, Amiya NAYAK, and Cheng-xiang TAN declare that they have no conflict of interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethics guidelines"}}]}}