{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T16:16:28Z","timestamp":1781799388961,"version":"3.54.5"},"reference-count":21,"publisher":"MDPI AG","issue":"13","license":[{"start":{"date-parts":[[2023,7,4]],"date-time":"2023-07-04T00:00:00Z","timestamp":1688428800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Distributed Denial of Service (DDoS) attacks pose a significant threat to internet and cloud security. Our study utilizes a Poisson distribution model to efficiently detect DDoS attacks with a computational complexity of O(n). Unlike Machine Learning (ML)-based algorithms, our method only needs to set up one or more Poisson models for legitimate traffic based on the granularity of the time periods during preprocessing, thus eliminating the need for training time. We validate this approach with four virtual machines on the CDX 3.0 platform, each simulating different aspects of DDoS attacks for offensive, monitoring, and defense evaluation purposes. The study further analyzes seven diverse DDoS attack methods. When compared with existing methods, our approach demonstrates superior performance, highlighting its potential effectiveness in real-world DDoS attack detection.<\/jats:p>","DOI":"10.3390\/s23136139","type":"journal-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T00:53:04Z","timestamp":1688518384000},"page":"6139","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["An Experimental Detection of Distributed Denial of Service Attack in CDX 3 Platform Based on Snort"],"prefix":"10.3390","volume":"23","author":[{"given":"Chin-Ling","family":"Chen","sequence":"first","affiliation":[{"name":"Department of Information Management, National Pingtung University, Pingtung 900, Taiwan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jian Lin","family":"Lai","sequence":"additional","affiliation":[{"name":"Department of Information Management, National Pingtung University, Pingtung 900, Taiwan"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2023,7,4]]},"reference":[{"key":"ref_1","unstructured":"Cimpanu, C. (2023, April 30). Google Says It Mitigated a 2.54 Tbps DDoS Attack in 2017, Largest Known to Date. ZDNet. Available online: https:\/\/www.zdnet.com\/article\/google-says-it-mitigated-a-2-54-tbps-ddos-attack-in-2017-largest-known-to-date\/."},{"key":"ref_2","unstructured":"Kottler, S. (2023, April 30). February 28th DDoS Incident Report. The GitHub Blog. Available online: https:\/\/github.blog\/2018-03-01-ddos-incident-report\/."},{"key":"ref_3","unstructured":"Cimpanu, C. (2023, April 30). AWS Said It Mitigated a 2.3 Tbps DDoS Attack, the Largest Ever. ZDNet. Available online: https:\/\/www.zdnet.com\/article\/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever\/."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Nenova, M., Atanasov, D., Kassev, K., and Nenov, A. (2019, January 4\u20136). Intrusion Detection System Model Implementation against DDOS attacks. Proceedings of the 2019 IEEE International Conference on Microwaves, Antennas, Communications and Electronic Systems (COMCAS), Tel-Aviv, Israel.","DOI":"10.1109\/COMCAS44984.2019.8958346"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Habib, B., Khurshid, F., Dar, A.H., and Shah, Z. (2019, January 21\u201322). DDoS Mitigation in Eucalyptus Cloud Platform Using Snort and Packet Filtering\u2014IP-Tables. Proceedings of the 2019 4th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India.","DOI":"10.1109\/ISCON47742.2019.9036183"},{"key":"ref_6","unstructured":"Yudha, G.V., and Wardhani, R.W. (2021, January 3\u20135). Design of a Snort-based IDS on the Raspberry Pi 3 Model B+ Applying TaZmen Sniffer Protocol and Log Alert Integrity Assurance with SHA-3. Proceedings of the 2021 9th International Conference on Information and Communication Technology (ICoICT), Yogyakarta, Indonesia."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Hirakawa, T., Ogura, K., Bista, B.B., and Takata, T. (2016, January 7\u20139). A Defense Method against Distributed Slow HTTP DoS Attack. Proceedings of the 2016 19th international conference on network-based information systems (NBiS), Ostrava, Czech Republic.","DOI":"10.1109\/NBiS.2016.58"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Al-Duwairi, B., and \u00d6zkasap, \u00d6. (2020, January 20\u201324). Preventing DDoS Attacks in Path Identifiers-Based Information Centric Networks. Proceedings of the NOMS 2020\u20142020 IEEE\/IFIP Network Operations and Management Symposium, Budapest, Hungary.","DOI":"10.1109\/NOMS47738.2020.9110388"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Jiao, J., Ye, B., Zhao, Y., Rebecca, J., Stones, R.J., Wang, G., Liu, X., Wang, S., and Xie, G. (2017, January 26\u201329). Detecting TCP-Based DDoS Attacks in Baidu Cloud Computing Data Centers. Proceedings of the 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS), Hong Kong, China.","DOI":"10.1109\/SRDS.2017.37"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Nur, A.Y. (May, January 15). Combating DDoS Attacks with Fair Rate Throttling. Proceedings of the 2021 IEEE International Systems Conference (SysCon), Vancouver, BC, Canada.","DOI":"10.1109\/SysCon48628.2021.9447054"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/TSC.2017.2694426","article-title":"Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud","volume":"13","author":"Wahab","year":"2017","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Das, S., Venugopal, D., Shiva, S., and Sheldon, F.T. (2020, January 1\u20133). Empirical Evaluation of the Ensemble Framework for Feature Selection in DDoS Attack. Proceedings of the 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)\/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), New York, NY, USA.","DOI":"10.1109\/CSCloud-EdgeCom49738.2020.00019"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Nandi, S., Phadikar, S., and Majumder, K. (March, January 27). Detection of DDoS Attack and Classification Using a Hybrid Approach. Proceedings of the 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), Guwahati, India.","DOI":"10.1109\/ISEA-ISAP49340.2020.234999"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Radain, D., Almalki, S., Alsaadi, H., and Salama, S. (2021, January 30\u201331). A Review on Defense Mechanisms against Distributed Denial of Service (DDoS) Attacks on Cloud Computing. Proceedings of the 2021 International Conference of Women in Data Science at Taif University (WiDSTaif), Taif, Saudi Arabia.","DOI":"10.1109\/WiDSTaif52235.2021.9430220"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Al\u2019aziz, B.A.A., Sukarno, P., and Wardana, A.A. (2020, January 14\u201316). Blacklisted IP Distribution System to Handle DDoS Attacks on IPS Snort Based on Blockchain. Proceedings of the 2020 6th Information Technology International Seminar (ITIS), Surabaya, Indonesia.","DOI":"10.1109\/ITIS50118.2020.9320996"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Abbas, N., Nasser, Y., Shehab, M., and Sharafeddine, S. (2021, January 3\u20135). Attack-Specific Feature Selection for Anomaly Detection in Software-Defined Networks. Proceedings of the 2021 3rd IEEE Middle East and North Africa COMMunications Conference (MENACOMM), Agadir, Morocco.","DOI":"10.1109\/MENACOMM50742.2021.9678279"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"43","DOI":"10.4018\/IJSWIS.297143","article-title":"Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms: Issues, Challenges, and Future Research Directions","volume":"18","author":"Singh","year":"2022","journal-title":"Int. J. Semant. Web Inf. Syst."},{"key":"ref_18","unstructured":"(2023, April 30). Cyber Defense eXercise (CDX). Available online: https:\/\/cdx.nchc.org.tw\/."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Shortle, J.F., Thompson, J.M., Gross, D., and Harris, C.M. (2018). Fundamentals of Queueing Theory, John Wiley & Sons, Inc.","DOI":"10.1002\/9781119453765"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Kokila, R.T., Selvi, S.T., and Govindarajan, K. (2014, January 17\u201319). DDoS Detection and Analysis in SDN-based Environment Using Support Vector Machine Classifier. Proceedings of the 2014 Sixth International Conference on Advanced Computing (ICoAC), Chennai, India.","DOI":"10.1109\/ICoAC.2014.7229711"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1961189.1961199","article-title":"LIBSVM: A Library for Support Vector Machines","volume":"2","author":"Chang","year":"2011","journal-title":"ACM Trans. Intell. Syst. Technol."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/13\/6139\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:05:55Z","timestamp":1760126755000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/13\/6139"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,4]]},"references-count":21,"journal-issue":{"issue":"13","published-online":{"date-parts":[[2023,7]]}},"alternative-id":["s23136139"],"URL":"https:\/\/doi.org\/10.3390\/s23136139","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,4]]}}}