{"id":"https://openalex.org/W4376109490","doi":"https://doi.org/10.1109/mic.2023.3264319","title":"SAV-D: Defending DDoS with Incremental Deployment of SAV","display_name":"SAV-D: Defending DDoS with Incremental Deployment of SAV","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4376109490","doi":"https://doi.org/10.1109/mic.2023.3264319"},"language":"en","primary_location":{"id":"doi:10.1109/mic.2023.3264319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mic.2023.3264319","pdf_url":null,"source":{"id":"https://openalex.org/S205899252","display_name":"IEEE Internet Computing","issn_l":"1089-7801","issn":["1089-7801","1941-0131"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040579527","display_name":"Linbo Hui","orcid":"https://orcid.org/0000-0002-2841-2002"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Linbo Hui","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-2841-2002","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100603173","display_name":"Lei Zhang","orcid":"https://orcid.org/0000-0001-7991-2915"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lei Zhang","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7991-2915","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018856126","display_name":"Yannan Hu","orcid":"https://orcid.org/0009-0008-3960-553X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yannan Hu","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0008-3960-553X","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jianping Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianping Wu","raw_affiliation_strings":["Zhongguancun Laboratory and Tsinghua University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory and Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091090025","display_name":"Yong Cui","orcid":"https://orcid.org/0000-0002-5171-739X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yong Cui","raw_affiliation_strings":["Zhongguancun Laboratory and Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-5171-739X","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory and Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5040579527"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.7853,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.72206329,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"27","issue":"3","first_page":"44","last_page":"49"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.984000027179718,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.8947511315345764},{"id":"https://openalex.org/keywords/honeypot","display_name":"Honeypot","score":0.8752063512802124},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7230461835861206},{"id":"https://openalex.org/keywords/spoofing-attack","display_name":"Spoofing attack","score":0.7129849195480347},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.7047613859176636},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6518984436988831},{"id":"https://openalex.org/keywords/ip-address-spoofing","display_name":"IP address spoofing","score":0.6322373747825623},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6170365810394287},{"id":"https://openalex.org/keywords/application-layer-ddos-attack","display_name":"Application layer DDoS attack","score":0.5784841775894165},{"id":"https://openalex.org/keywords/bloom-filter","display_name":"Bloom filter","score":0.5238107442855835},{"id":"https://openalex.org/keywords/quality-of-service","display_name":"Quality of service","score":0.49359142780303955},{"id":"https://openalex.org/keywords/ip-traceback","display_name":"IP traceback","score":0.4588736593723297},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4546842575073242},{"id":"https://openalex.org/keywords/internet-protocol","display_name":"Internet Protocol","score":0.3885681927204132},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.11308670043945312},{"id":"https://openalex.org/keywords/network-address-translation","display_name":"Network address translation","score":0.10060155391693115},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10005307197570801}],"concepts":[{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.8947511315345764},{"id":"https://openalex.org/C191267431","wikidata":"https://www.wikidata.org/wiki/Q911932","display_name":"Honeypot","level":2,"score":0.8752063512802124},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7230461835861206},{"id":"https://openalex.org/C167900197","wikidata":"https://www.wikidata.org/wiki/Q11081100","display_name":"Spoofing attack","level":2,"score":0.7129849195480347},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.7047613859176636},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6518984436988831},{"id":"https://openalex.org/C111814575","wikidata":"https://www.wikidata.org/wiki/Q550893","display_name":"IP address spoofing","level":5,"score":0.6322373747825623},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6170365810394287},{"id":"https://openalex.org/C120865594","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Application layer DDoS attack","level":4,"score":0.5784841775894165},{"id":"https://openalex.org/C147224247","wikidata":"https://www.wikidata.org/wiki/Q885373","display_name":"Bloom filter","level":2,"score":0.5238107442855835},{"id":"https://openalex.org/C5119721","wikidata":"https://www.wikidata.org/wiki/Q220501","display_name":"Quality of service","level":2,"score":0.49359142780303955},{"id":"https://openalex.org/C2776059407","wikidata":"https://www.wikidata.org/wiki/Q5973212","display_name":"IP traceback","level":4,"score":0.4588736593723297},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4546842575073242},{"id":"https://openalex.org/C35341882","wikidata":"https://www.wikidata.org/wiki/Q8795","display_name":"Internet Protocol","level":3,"score":0.3885681927204132},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.11308670043945312},{"id":"https://openalex.org/C147873670","wikidata":"https://www.wikidata.org/wiki/Q11182","display_name":"Network address translation","level":4,"score":0.10060155391693115},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10005307197570801}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/mic.2023.3264319","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mic.2023.3264319","pdf_url":null,"source":{"id":"https://openalex.org/S205899252","display_name":"IEEE Internet Computing","issn_l":"1089-7801","issn":["1089-7801","1941-0131"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7033924410","display_name":null,"funder_award_id":"62132009","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":4,"referenced_works":["https://openalex.org/W3040590365","https://openalex.org/W3057691552","https://openalex.org/W3212591162","https://openalex.org/W4311118514"],"related_works":["https://openalex.org/W1555931190","https://openalex.org/W2060954861","https://openalex.org/W4213246274","https://openalex.org/W1493760256","https://openalex.org/W2026334903","https://openalex.org/W2810903447","https://openalex.org/W3215145745","https://openalex.org/W2010787569","https://openalex.org/W2354384324","https://openalex.org/W2286654277"],"abstract_inverted_index":{"Large-scale":[0],"Internet":[1],"Protocol":[2],"(IP)":[3],"spoofing":[4,54,80],"distributed":[5,75],"denial-of-service":[6],"(DDoS)":[7],"attacks":[8,22,103],"is":[9,63],"one":[10],"of":[11,33,40,131,139],"the":[12,24,31,36,58,109],"major":[13],"cyber":[14],"threats.":[15],"Current":[16],"commercial":[17],"defenses":[18],"focus":[19],"on":[20,38,151],"eliminating":[21],"at":[23],"destination":[25],"end,":[26],"which":[27],"raises":[28],"concerns":[29],"about":[30],"cost":[32],"appliances":[34],"and":[35,104,113],"impact":[37],"quality":[39],"service.":[41],"As":[42],"complementaries,":[43],"source-end":[44],"schemes":[45],"using":[46],"source":[47],"address":[48],"validation":[49],"(SAV)":[50],"can":[51,99,116,126],"block":[52],"IP":[53,79],"traffic":[55,133],"from":[56],"entering":[57],"backbone.":[59],"However,":[60],"their":[61],"effectiveness":[62],"restricted":[64],"by":[65],"incremental":[66],"deployment.":[67],"This":[68],"paper":[69],"proposes":[70],"SAV-D,":[71],"an":[72],"SAV-based":[73],"honeynet-like":[74],"defense":[76,106],"architecture":[77],"against":[78],"DDoS.":[81],"Each":[82],"SAV":[83,112],"device":[84],"functions":[85],"as":[86],"a":[87,135],"honeypot":[88],"to":[89],"capture":[90],"more":[91],"threat":[92],"data.":[93],"By":[94],"aggregating":[95],"these":[96],"data,":[97],"SAV-D":[98,125],"accurately":[100],"detect":[101],"ongoing":[102],"generate":[105],"policies.":[107],"With":[108],"policies,":[110],"both":[111],"non-SAV":[114],"devices":[115],"filter":[117,128],"malicious":[118],"traffic.":[119],"Our":[120],"simulation":[121],"results":[122],"demonstrate":[123],"that":[124],"effectively":[127],"out":[129],"80%":[130],"attack":[132],"with":[134],"modest":[136],"deployment":[137],"ratio":[138],"only":[140],"10%.":[141],"To":[142],"enable":[143],"broader":[144],"adoption,":[145],"we":[146],"also":[147],"provide":[148],"some":[149],"guidance":[150],"standardizing":[152],"SAV-D.":[153]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2025-10-10T00:00:00"}