{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T17:03:46Z","timestamp":1780074226109,"version":"3.54.0"},"reference-count":28,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2020,4,6]],"date-time":"2020-04-06T00:00:00Z","timestamp":1586131200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Intelligent & Fuzzy Systems"],"published-print":{"date-parts":[[2020,5,29]]},"abstract":"\u00a0A Distributed Denial of Service (DDoS) attack is the biggest threat to Internet-based applications and consumes victim service by sending a massive amount of attack traffic. In the literature, numerous approaches are available to protect the victim from the DDoS attacks. However, the attack incidents are increasing year by year. Further, several issues exist in the traditional framework based detection system such as itself becoming a victim, slow detection, no real-time response, etc. Therefore, the traditional framework based system is not capable of processing live traffic in the big data environment. This paper proposes a novel Spark streaming-based distributed and real-time DDoS detection system called S-DDoS. The proposed S-DDoS system employs the K-Means clustering algorithm to recognize the DDoS attack traffic in real-time. The proposed detection model designed on the Apache Hadoop framework using highly scalable H2O sparkling water. The detection model deployed on the Spark framework to classify live traffic flows. The results show that the proposed S-DDoS detection system efficiently detects the DDoS attack from network traffic flows with higher detection accuracy (98% ).<\/jats:p>","DOI":"10.3233\/jifs-179733","type":"journal-article","created":{"date-parts":[[2020,4,7]],"date-time":"2020-04-07T13:48:56Z","timestamp":1586267336000},"page":"6527-6535","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":22,"title":["S-DDoS: Apache spark based real-time DDoS detection system"],"prefix":"10.1177","volume":"38","author":[{"given":"Nilesh Vishwasrao","family":"Patil","sequence":"first","affiliation":[{"name":"Department of Computer Science & Engineering, National Institute of Technical Teachers Training & Research (NITTTR), Panjab University, Chandigarh, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"C.","family":"Rama Krishna","sequence":"additional","affiliation":[{"name":"Department of Computer Science & Engineering, National Institute of Technical Teachers Training & Research (NITTTR), Panjab University, Chandigarh, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Krishan","family":"Kumar","sequence":"additional","affiliation":[{"name":"Department of Information Technology, University Institute of Engineering & Technology (UIET), Panjab University, Chandigarh, India"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"179","published-online":{"date-parts":[[2020,4,6]]},"reference":[{"key":"e_1_3_1_2_2","doi-asserted-by":"crossref","unstructured":"SachdevaM. and KumarK. A traffic cluster entropy based approach to distinguish DDoS attacks from flash event using DETER testbed ISRN Communications and Networking 2014 1\u201314.","DOI":"10.1155\/2014\/259831"},{"key":"e_1_3_1_3_2","unstructured":"Apache Spark Link: https:\/\/spark.apache.org\/ [Accessed: 04-April-2019]."},{"key":"e_1_3_1_4_2","unstructured":"MalohlavaM. MehtaN. and IyengarV. Machine learning with sparkling water: H2o+ spark. H2O.ai Inc 2016."},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","unstructured":"LeeY. and LeeY. Detecting DDoS attacks with hadoop Proceedings of The ACM CoNEXT Student Workshop ACM 2011.","DOI":"10.1145\/2079327.2079334"},{"key":"e_1_3_1_6_2","doi-asserted-by":"crossref","unstructured":"KhattakR. BanoS. HussainS. and AnwarZ. Dofur: DDoS forensics using mapreduce in Frontiers of Information Technology (FIT) IEEE 2011 117\u2013120.","DOI":"10.1109\/FIT.2011.29"},{"key":"e_1_3_1_7_2","doi-asserted-by":"crossref","unstructured":"ZhaoT. LoD.C.-T. and QianK. A neural-network based DDoS detection system using hadoop and hbase in High Performance Computing and Communications (HPCC) 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS) 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS) 17th International Conference IEEE 2015 1326\u20131331.","DOI":"10.1109\/HPCC-CSS-ICESS.2015.38"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.5120\/20718-3062"},{"key":"e_1_3_1_9_2","doi-asserted-by":"crossref","unstructured":"HameedS. and AliU. Efficacy of live DDoS detection with hadoop in Network Operations and Management Symposium (NOMS) IEEE 2016 488\u2013494.","DOI":"10.1109\/NOMS.2016.7502848"},{"issue":"1","key":"e_1_3_1_10_2","article-title":"Hadec: Hadoop-based live DDoS detection framework, EURASIP","volume":"2018","author":"Hameed S.","year":"2018","unstructured":"HameedS. and AliU., Hadec: Hadoop-based live DDoS detection framework, EURASIP, Journal on Information Security2018(1), 2018.","journal-title":"Journal on Information Security"},{"issue":"15","key":"e_1_3_1_11_2","article-title":"Hadoop-based analytic framework for cyber forensics","volume":"31","author":"Chhabra G.S.","year":"2018","unstructured":"ChhabraG.S., SinghV. and SinghM., Hadoop-based analytic framework for cyber forensics, International Journal of Communication Systems, Wiley Online Library31(15), 2018.","journal-title":"International Journal of Communication Systems, Wiley Online Library"},{"key":"e_1_3_1_12_2","unstructured":"PatilN.V. KrishnaC.R. KumarK. and BehalS. E-had: A distributed and collaborative detection framework for early detection of DDoS attacks Journal of King Saud University Computer and Information Sciences 2019."},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","unstructured":"BasicevicI. and OcovajS. Application of entropy formulas in detection of denial-of-service attacks International Journal of Communication Systems Wiley Online Library 2019.","DOI":"10.1002\/dac.4067"},{"key":"e_1_3_1_14_2","doi-asserted-by":"crossref","unstructured":"AhrenholzJ. Comparison of core network emulation platforms in 2010-Milcom 2010 Military Communications Conference IEEE 2010 166\u2013171","DOI":"10.1109\/MILCOM.2010.5680218"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.08.001"},{"issue":"3","key":"e_1_3_1_16_2","first-page":"383","article-title":"Characterization and comparison of DDoS attack tools and traffic generators: A review","volume":"19","author":"Behal S.","year":"2017","unstructured":"BehalS. and KumarK., Characterization and comparison of DDoS attack tools and traffic generators: A review, IJ Network Security19(3) (2017), 383\u2013393.","journal-title":"IJ Network Security"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2011.02.025"},{"key":"e_1_3_1_18_2","unstructured":"A BONESi DDoS Botnet Simulator Link: https:\/\/github.com\/MarkusGo\/bonesi [Accessed: 06-April-2019]."},{"issue":"2","key":"e_1_3_1_19_2","article-title":"Performance metrics for defense framework against distributed denial of service attacks","volume":"5","author":"Bhandari A.","year":"2014","unstructured":"BhandariA., SangalA. and KumarK., Performance metrics for defense framework against distributed denial of service attacks, International Journal on Network Security5(2), 2014.","journal-title":"International Journal on Network Security"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2015.11.001"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.2298\/CSIS161217028H"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","unstructured":"MaheshwariV. BhatiaA. and KumarK. Faster detection and prediction of DDoS attacks using mapreduce and time series analysis in Information Networking (ICOIN) IEEE 2018 556\u2013561.","DOI":"10.1109\/ICOIN.2018.8343180"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.03.024"},{"key":"e_1_3_1_24_2","unstructured":"Behal Sunny and Kumar Krishan and Sachdeva Monika DFAC: A novel \u03d5-divergence based distributed DDoS defense system Journal of King Saud University-Computer and Information Sciences 2018 1\u201312."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1002\/dac.3823"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2758754"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1530"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2016.05.004"},{"key":"e_1_3_1_29_2","unstructured":"BrentR.P. and ZimmermannP. Modern computer arithmetic Cambridge University Press 18 2010."}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-179733","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JIFS-179733","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JIFS-179733","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:41:25Z","timestamp":1777455685000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JIFS-179733"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,6]]},"references-count":28,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,5,29]]}},"alternative-id":["10.3233\/JIFS-179733"],"URL":"https:\/\/doi.org\/10.3233\/jifs-179733","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,6]]}}}