{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T15:57:46Z","timestamp":1778083066950,"version":"3.51.4"},"reference-count":33,"publisher":"MDPI AG","issue":"20","license":[{"start":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T00:00:00Z","timestamp":1602806400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003593","name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","doi-asserted-by":"publisher","award":["303343\/2017-6 PQ-2, 312180\/2019-5 PQ-2, BRICS 2017-591 LargEWiN, 465741\/2014-2 INCT 532 on Cybersecurity"],"award-info":[{"award-number":["303343\/2017-6 PQ-2, 312180\/2019-5 PQ-2, BRICS 2017-591 LargEWiN, 465741\/2014-2 INCT 532 on Cybersecurity"]}],"id":[{"id":"10.13039\/501100003593","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002322","name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior","doi-asserted-by":"publisher","award":["23038.007604\/2014-69 FORTE, 88887.144009\/2017-00 PROBRAL"],"award-info":[{"award-number":["23038.007604\/2014-69 FORTE, 88887.144009\/2017-00 PROBRAL"]}],"id":[{"id":"10.13039\/501100002322","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100005668","name":"Funda\u00e7\u00e3o de Apoio \u00e0 Pesquisa do Distrito Federal","doi-asserted-by":"publisher","award":["0193.001366\/2016 UIoT, 0193.001365\/2016 535 SSDDC"],"award-info":[{"award-number":["0193.001366\/2016 UIoT, 0193.001365\/2016 535 SSDDC"]}],"id":[{"id":"10.13039\/501100005668","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Minist\u00e9rio da Economia","award":["005\/2016 DIPLA, 083\/2016 ENAP"],"award-info":[{"award-number":["005\/2016 DIPLA, 083\/2016 ENAP"]}]},{"name":"Gabinete de Seguran\u00e7a Institucional da Presid\u00eancia da Rep\u00fablica","award":["ABIN 002\/2017"],"award-info":[{"award-number":["ABIN 002\/2017"]}]},{"name":"Conselho Administrativo de Defesa Econ\u00f4mica","award":["CADE 08700.000047\/2019-14"],"award-info":[{"award-number":["CADE 08700.000047\/2019-14"]}]},{"name":"Advocacia-Geral da Uni\u00e3o","award":["AGU 697.935\/2019"],"award-info":[{"award-number":["AGU 697.935\/2019"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In recent years, advanced threats against Cyber\u2013Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.<\/jats:p>","DOI":"10.3390\/s20205845","type":"journal-article","created":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T08:56:48Z","timestamp":1602838608000},"page":"5845","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0632-6434","authenticated-orcid":false,"given":"Jo\u00e3o Paulo","family":"Abreu Maranh\u00e3o","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering, University of Bras\u00edlia, Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8616-4924","authenticated-orcid":false,"given":"Jo\u00e3o Paulo","family":"Carvalho Lustosa da Costa","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, University of Bras\u00edlia, Bras\u00edlia 70910-900, Brazil"},{"name":"Department 2-Campus Lippstadt, Hamm-Lippstadt University of Applied Sciences, 59063 Hamm, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4655-8889","authenticated-orcid":false,"given":"Edison","family":"Pignaton de Freitas","sequence":"additional","affiliation":[{"name":"Informatics Institute, Federal University of Rio Grande do Sul, Porto Alegre 91509-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9648-7639","authenticated-orcid":false,"given":"Elnaz","family":"Javidi","sequence":"additional","affiliation":[{"name":"Department of Mechanical Engineering, University of Bras\u00edlia, Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1101-3029","authenticated-orcid":false,"given":"Rafael","family":"Tim\u00f3teo de Sousa J\u00fanior","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, University of Bras\u00edlia, Bras\u00edlia 70910-900, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,10,16]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1052","DOI":"10.1109\/JSYST.2013.2257594","article-title":"Intrusion detection in Cyber-Physical Systems: Techniques and challenges","volume":"8","author":"Han","year":"2014","journal-title":"IEEE Syst. J."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Lee, E.A. (2010, January 13\u201318). CPS Foundations. Proceedings of the 47th Design Automation Conference, Anaheim, CA, USA.","DOI":"10.1145\/1837274.1837462"},{"key":"ref_3","first-page":"137","article-title":"Distributed-graph-based statistical approach for intrusion detection in Cyber-Physical Systems","volume":"4","author":"Sadreazami","year":"2018","journal-title":"IEEE Trans. Signal Inf. Process. Netw."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1027","DOI":"10.1109\/COMST.2019.2962207","article-title":"Survey on Unmanned Aerial Vehicle networks: A Cyber Physical System prspective","volume":"22","author":"Wang","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1016\/j.jnca.2017.04.012","article-title":"Model order selection and eigen similarity based framework for detection and identification of network attacks","volume":"90","author":"Vieira","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"101645","DOI":"10.1016\/j.cose.2019.101645","article-title":"A dynamic MLP-based DDoS attack detection method using feature selection and feedback","volume":"88","author":"Wang","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Jiang, J., Yu, Q., Yu, M., Li, G., Chen, J., Liu, K., Liu, C., and Huang, W. (2018, January 1\u20133). ALDD: A hybrid traffic-user behavior detection method for application layer DDoS. Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00225"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ins.2013.06.002","article-title":"Tackling the problem of classification with noisy data using Multiple Classifier Systems: Analysis of the performance and robustness","volume":"247","author":"Saez","year":"2013","journal-title":"Inf. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"729","DOI":"10.1109\/TCYB.2018.2871951","article-title":"False Data Injection Attack for Cyber-Physical Systems With Resource Constraint","volume":"50","author":"Li","year":"2020","journal-title":"IEEE Trans. Cybern."},{"key":"ref_10","unstructured":"Kisil, I., Calvi, G.G., and Mandic, D.P. (2017). Tensor valued common and individual feature extraction: Multi-dimensional perspective. arXiv."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"849","DOI":"10.1109\/TPAMI.2012.140","article-title":"Image denoising using the Higher Order Singular Value Decomposition","volume":"35","author":"Rajwade","year":"2013","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1324","DOI":"10.1137\/S0895479898346995","article-title":"On the best rank-1 and rank-(R1,R2,\u2026,RN) approximation of higher-order tensors","volume":"21","author":"Lathauwer","year":"2000","journal-title":"SIAM J. Matrix Anal. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1016\/j.comnet.2019.04.027","article-title":"The hybrid technique for DDoS detection with supervised learning algorithms","volume":"158","author":"Hosseini","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_14","first-page":"1574749","article-title":"Smart Detection: An online approach for DoS\/DDoS attack detection using machine learning","volume":"2019","author":"Silveira","year":"2019","journal-title":"Secur. Commun. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Amouri, A., Alaparthy, V.T., and Morgera, S.D. (2020). A machine learning based intrusion detection system for mobile Internet of Things. Sensors, 20.","DOI":"10.3390\/s20020461"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Vald\u00e9s, J.F., and Luna-Valero, F. (2020). Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: An experimental approach. Sensors, 20.","DOI":"10.3390\/s20030816"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"661","DOI":"10.1109\/COMST.2018.2870658","article-title":"DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications","volume":"21","author":"Praseed","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s11235-019-00599-z","article-title":"A survey of DDoS attacking techniques and defence mechanisms in the IoT network","volume":"73","author":"Vishwakarma","year":"2020","journal-title":"Telecommun. Syst."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Dantas Silva, F.S., Silva, E., Neto, E.P., Lemos, M., Neto, A.J.V., and Esposito, F. (2020). A taxonomy of DDoS attack mitigation approaches featured by SDN technologies in IoT scenarios. Sensors, 20.","DOI":"10.3390\/s20113078"},{"key":"ref_20","unstructured":"Canadian Institute for Cybersecurity (2020, June 10). DDoS Evaluation Dataset (CICDDoS2019). Available online: https:\/\/www.unb.ca\/cic\/datasets\/ddos-2019.html."},{"key":"ref_21","unstructured":"Canadian Institute for Cybersecurity (2020, June 10). Intrusion Detection Evaluation Dataset (CICIDS2017). Available online: https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Hakak, S., and Ghorbani, A.A. (2019, January 1\u20133). Developing realistic Distributed Denial of Service (DDoS) attack dataset and taxonomy. Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India.","DOI":"10.1109\/CCST.2019.8888419"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. (2018, January 22\u201324). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the 4th ICISSP, Madeira, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"2426","DOI":"10.1109\/TNNLS.2015.2487364","article-title":"Group component analysis for multiblock data: Common and individual feature extraction","volume":"27","author":"Zhou","year":"2016","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_25","first-page":"1","article-title":"Multi-dimensional model order selection","volume":"2011","author":"Roemer","year":"2011","journal-title":"EURASIP J. Adv. Signal Process."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Kisil, I., Calvi, G., Cichocki, A., and Mandic, D.P. (2018, January 15\u201320). Common and individual feature extraction using tensor decompositions: A remedy for the curse of dimensionality?. Proceedings of the 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Calgary, AB, Canada.","DOI":"10.1109\/ICASSP.2018.8461318"},{"key":"ref_27","unstructured":"Kossaifi, J., Panagakis, Y., Anandkumar, A., and Pantic, M. (2016). TensorLy: Tensor learning in Python. arXiv."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Elsayed, M.S., Le-Khac, N.A., Dev, S., and Jurcut, A.D. (2020). DDoSNet: A deep-learning model for detecting network attacks. arXiv.","DOI":"10.1109\/WoWMoM49955.2020.00072"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"876","DOI":"10.1109\/TNSM.2020.2971776","article-title":"LUCID: A practical, lightweight deep learning solution for DDoS attack detection","volume":"17","author":"Millar","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Roopak, M., Yun Tian, G., and Chambers, J. (2019, January 7\u20139). Deep learning models for cyber security in IoT networks. Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2019.8666588"},{"key":"ref_31","first-page":"1","article-title":"Network traffic behavioral analytics for detection of DDoS attacks","volume":"2","author":"Lopez","year":"2019","journal-title":"SMU Data Sci. Rev."},{"key":"ref_32","unstructured":"Aamir, M., and Zaidi, S.M.A. (2019). Clustering based semi-supervised machine learning for DDoS attack classification. J. King Saud Univ. Comput. Inf. Sci."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Minster, R., Saibaba, A.K., and Kilmer, M.E. (2019). Randomized algorithms for low-rank tensor decompositions in the Tucker format. arXiv.","DOI":"10.1137\/19M1261043"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/20\/5845\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:22:11Z","timestamp":1760178131000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/20\/5845"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,16]]},"references-count":33,"journal-issue":{"issue":"20","published-online":{"date-parts":[[2020,10]]}},"alternative-id":["s20205845"],"URL":"https:\/\/doi.org\/10.3390\/s20205845","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10,16]]}}}