{"id":"https://openalex.org/W2146189323","doi":"https://doi.org/10.1109/discex.2003.1194894","title":"Statistical approaches to DDoS attack detection and response","display_name":"Statistical approaches to DDoS attack detection and response","publication_year":2004,"publication_date":"2004-03-02","ids":{"openalex":"https://openalex.org/W2146189323","doi":"https://doi.org/10.1109/discex.2003.1194894","mag":"2146189323"},"language":"en","primary_location":{"id":"doi:10.1109/discex.2003.1194894","is_oa":false,"landing_page_url":"https://doi.org/10.1109/discex.2003.1194894","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings DARPA Information Survivability Conference and Exposition","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038053478","display_name":"Lee Feinstein","orcid":null},"institutions":[{"id":"https://openalex.org/I1295339012","display_name":"Boeing (United States)","ror":"https://ror.org/04sm5zn07","country_code":"US","type":"company","lineage":["https://openalex.org/I1295339012"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"L. Feinstein","raw_affiliation_strings":["Phantom Works, Boeing Company, USA","[Phantom Works, Boeing Company, USA]"],"affiliations":[{"raw_affiliation_string":"Phantom Works, Boeing Company, USA","institution_ids":["https://openalex.org/I1295339012"]},{"raw_affiliation_string":"[Phantom Works, Boeing Company, USA]","institution_ids":["https://openalex.org/I1295339012"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063002284","display_name":"D. Schnackenberg","orcid":null},"institutions":[{"id":"https://openalex.org/I1295339012","display_name":"Boeing (United States)","ror":"https://ror.org/04sm5zn07","country_code":"US","type":"company","lineage":["https://openalex.org/I1295339012"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"D. Schnackenberg","raw_affiliation_strings":["Phantom Works, Boeing Company, USA","[Phantom Works, Boeing Company, USA]"],"affiliations":[{"raw_affiliation_string":"Phantom Works, Boeing Company, USA","institution_ids":["https://openalex.org/I1295339012"]},{"raw_affiliation_string":"[Phantom Works, Boeing Company, USA]","institution_ids":["https://openalex.org/I1295339012"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062282124","display_name":"R. Balupari","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"R. Balupari","raw_affiliation_strings":["Network Associates Laboratories, USA","[Network Associates Laboratories, USA]"],"affiliations":[{"raw_affiliation_string":"Network Associates Laboratories, USA","institution_ids":[]},{"raw_affiliation_string":"[Network Associates Laboratories, USA]","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033802760","display_name":"Darrell Kindred","orcid":null},"institutions":[{"id":"https://openalex.org/I1295339012","display_name":"Boeing (United States)","ror":"https://ror.org/04sm5zn07","country_code":"US","type":"company","lineage":["https://openalex.org/I1295339012"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"D. Kindred","raw_affiliation_strings":["Phantom Works, Boeing Company, USA","[Phantom Works, Boeing Company, USA]"],"affiliations":[{"raw_affiliation_string":"Phantom Works, Boeing Company, USA","institution_ids":["https://openalex.org/I1295339012"]},{"raw_affiliation_string":"[Phantom Works, Boeing Company, USA]","institution_ids":["https://openalex.org/I1295339012"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5038053478"],"corresponding_institution_ids":["https://openalex.org/I1295339012"],"apc_list":null,"apc_paid":null,"fwci":21.1708,"has_fulltext":false,"cited_by_count":499,"citation_normalized_percentile":{"value":0.99442057,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"303","last_page":"314"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.943423330783844},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7953344583511353},{"id":"https://openalex.org/keywords/application-layer-ddos-attack","display_name":"Application layer DDoS attack","score":0.6652576923370361},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6394271850585938},{"id":"https://openalex.org/keywords/trinoo","display_name":"Trinoo","score":0.5807185173034668},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5667132139205933},{"id":"https://openalex.org/keywords/enhanced-data-rates-for-gsm-evolution","display_name":"Enhanced Data Rates for GSM Evolution","score":0.545066237449646},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5368080735206604},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5286194682121277},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.4649803340435028},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.13842961192131042},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.07730281352996826}],"concepts":[{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.943423330783844},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7953344583511353},{"id":"https://openalex.org/C120865594","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Application layer DDoS attack","level":4,"score":0.6652576923370361},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6394271850585938},{"id":"https://openalex.org/C43639116","wikidata":"https://www.wikidata.org/wiki/Q7843050","display_name":"Trinoo","level":5,"score":0.5807185173034668},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5667132139205933},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.545066237449646},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5368080735206604},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5286194682121277},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.4649803340435028},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.13842961192131042},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.07730281352996826},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/discex.2003.1194894","is_oa":false,"landing_page_url":"https://doi.org/10.1109/discex.2003.1194894","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings DARPA Information Survivability Conference and Exposition","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.134.4506","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.134.4506","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.unc.edu/~jeffay/courses/nidsS05/signal-proc/feinstein-stat-anal-03.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6200000047683716,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1521824845","https://openalex.org/W1558174478","https://openalex.org/W1563061804","https://openalex.org/W1674877186","https://openalex.org/W1976969221","https://openalex.org/W1981663184","https://openalex.org/W1995875735","https://openalex.org/W2041404167","https://openalex.org/W2081357650","https://openalex.org/W2108601876","https://openalex.org/W2154178154","https://openalex.org/W2222445509","https://openalex.org/W2256735758","https://openalex.org/W2288766236","https://openalex.org/W2997134027","https://openalex.org/W4255911135","https://openalex.org/W6631214068","https://openalex.org/W6633496579","https://openalex.org/W6637096788","https://openalex.org/W6696294499"],"related_works":["https://openalex.org/W2783466926","https://openalex.org/W4286539397","https://openalex.org/W1968168724","https://openalex.org/W2204131204","https://openalex.org/W2754163055","https://openalex.org/W4322008378","https://openalex.org/W2383770723","https://openalex.org/W2186749541","https://openalex.org/W2360429410","https://openalex.org/W4256682929"],"abstract_inverted_index":{"The":[0,62,75,107],"nature":[1],"of":[2,9,41,58,70,89,98,125],"the":[3,18,34,39,42,68,71,96,99,137],"threats":[4],"posed":[5],"by":[6,52],"distributed":[7],"denial":[8],"service":[10],"(DDoS)":[11],"attacks":[12,51,64,118],"on":[13],"large":[14],"networks,":[15],"such":[16],"as":[17],"Internet,":[19],"demands":[20],"effective":[21,115,144],"detection":[22,76,124],"and":[23,55,78,119,135],"response":[24,145],"methods.":[25],"These":[26],"methods":[27,47,112],"must":[28],"be":[29,114,140],"deployed":[30],"not":[31],"only":[32],"at":[33,38],"edge":[35,105],"but":[36],"also":[37,130],"core":[40,97],"network":[43,90,106],"This":[44],"paper":[45],"presents":[46],"to":[48,101,142],"identify":[49],"DDoS":[50,63],"computing":[53],"entropy":[54],"frequency-sorted":[56],"distributions":[57],"selected":[59,72],"packet":[60,73],"attributes.":[61,74],"show":[65],"anomalies":[66],"in":[67,95],"characteristics":[69],"accuracy":[77],"performance":[79],"are":[80],"analyzed":[81],"using":[82],"live":[83],"traffic":[84],"traces":[85],"from":[86,93],"a":[87],"variety":[88],"environments":[91],"ranging":[92],"points":[94],"Internet":[100],"those":[102],"inside":[103],"an":[104],"results":[108],"indicate":[109],"that":[110],"these":[111],"can":[113,139],"against":[116],"current":[117],"suggest":[120],"directions":[121],"for":[122],"improving":[123],"more":[126],"stealthy":[127],"attacks.":[128],"We":[129],"describe":[131],"our":[132],"detection-response":[133],"prototype":[134],"how":[136],"detectors":[138],"extended":[141],"make":[143],"decisions.":[146]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":20},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":18},{"year":2021,"cited_by_count":15},{"year":2020,"cited_by_count":35},{"year":2019,"cited_by_count":28},{"year":2018,"cited_by_count":25},{"year":2017,"cited_by_count":27},{"year":2016,"cited_by_count":24},{"year":2015,"cited_by_count":27},{"year":2014,"cited_by_count":19},{"year":2013,"cited_by_count":20},{"year":2012,"cited_by_count":28}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}