{"id":"https://openalex.org/W4381745037","doi":"https://doi.org/10.1109/noms56928.2023.10154315","title":"DDoS Detection in P4 Using HYPERLOGLOG and COUNTMIN Sketches","display_name":"DDoS Detection in P4 Using HYPERLOGLOG and COUNTMIN Sketches","publication_year":2023,"publication_date":"2023-05-08","ids":{"openalex":"https://openalex.org/W4381745037","doi":"https://doi.org/10.1109/noms56928.2023.10154315"},"language":"en","primary_location":{"id":"doi:10.1109/noms56928.2023.10154315","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms56928.2023.10154315","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037539499","display_name":"Vera Clemens","orcid":"https://orcid.org/0000-0002-9917-4443"},"institutions":[{"id":"https://openalex.org/I176453806","display_name":"University of Potsdam","ror":"https://ror.org/03bnmw459","country_code":"DE","type":"education","lineage":["https://openalex.org/I176453806"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Vera Clemens","raw_affiliation_strings":["University of Potsdam,Potsdam,Germany","University of Potsdam, Potsdam, Germany"],"affiliations":[{"raw_affiliation_string":"University of Potsdam,Potsdam,Germany","institution_ids":["https://openalex.org/I176453806"]},{"raw_affiliation_string":"University of Potsdam, Potsdam, Germany","institution_ids":["https://openalex.org/I176453806"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082063262","display_name":"Lars-Christian Schulz","orcid":"https://orcid.org/0009-0009-9065-6372"},"institutions":[{"id":"https://openalex.org/I95793202","display_name":"Otto-von-Guericke University Magdeburg","ror":"https://ror.org/00ggpsq73","country_code":"DE","type":"education","lineage":["https://openalex.org/I95793202"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lars-Christian Schulz","raw_affiliation_strings":["Otto-von-Guericke University,Magdeburg,Germany","Otto-von-Guericke University, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"Otto-von-Guericke University,Magdeburg,Germany","institution_ids":["https://openalex.org/I95793202"]},{"raw_affiliation_string":"Otto-von-Guericke University, Magdeburg, Germany","institution_ids":["https://openalex.org/I95793202"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059516222","display_name":"Marten Gartner","orcid":"https://orcid.org/0000-0002-8263-0297"},"institutions":[{"id":"https://openalex.org/I95793202","display_name":"Otto-von-Guericke University Magdeburg","ror":"https://ror.org/00ggpsq73","country_code":"DE","type":"education","lineage":["https://openalex.org/I95793202"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marten Gartner","raw_affiliation_strings":["Otto-von-Guericke University,Magdeburg,Germany","Otto-von-Guericke University, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"Otto-von-Guericke University,Magdeburg,Germany","institution_ids":["https://openalex.org/I95793202"]},{"raw_affiliation_string":"Otto-von-Guericke University, Magdeburg, Germany","institution_ids":["https://openalex.org/I95793202"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040083496","display_name":"David Hausheer","orcid":"https://orcid.org/0000-0002-3385-303X"},"institutions":[{"id":"https://openalex.org/I95793202","display_name":"Otto-von-Guericke University Magdeburg","ror":"https://ror.org/00ggpsq73","country_code":"DE","type":"education","lineage":["https://openalex.org/I95793202"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"David Hausheer","raw_affiliation_strings":["Otto-von-Guericke University,Magdeburg,Germany","Otto-von-Guericke University, Magdeburg, Germany"],"affiliations":[{"raw_affiliation_string":"Otto-von-Guericke University,Magdeburg,Germany","institution_ids":["https://openalex.org/I95793202"]},{"raw_affiliation_string":"Otto-von-Guericke University, Magdeburg, Germany","institution_ids":["https://openalex.org/I95793202"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5037539499"],"corresponding_institution_ids":["https://openalex.org/I176453806"],"apc_list":null,"apc_paid":null,"fwci":1.969,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.86889652,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.927327573299408},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8453851938247681},{"id":"https://openalex.org/keywords/forwarding-plane","display_name":"Forwarding plane","score":0.7821462154388428},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.7147678136825562},{"id":"https://openalex.org/keywords/throughput","display_name":"Throughput","score":0.5770436525344849},{"id":"https://openalex.org/keywords/trinoo","display_name":"Trinoo","score":0.5421084761619568},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.501779317855835},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4890926480293274},{"id":"https://openalex.org/keywords/software-defined-networking","display_name":"Software-defined networking","score":0.4566977322101593},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4364728629589081},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.43194568157196045},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.42584237456321716},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35221222043037415},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3203394114971161},{"id":"https://openalex.org/keywords/application-layer-ddos-attack","display_name":"Application layer DDoS attack","score":0.25303512811660767},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.2219102382659912},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1714148223400116}],"concepts":[{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.927327573299408},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8453851938247681},{"id":"https://openalex.org/C10597312","wikidata":"https://www.wikidata.org/wiki/Q5473302","display_name":"Forwarding plane","level":3,"score":0.7821462154388428},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.7147678136825562},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.5770436525344849},{"id":"https://openalex.org/C43639116","wikidata":"https://www.wikidata.org/wiki/Q7843050","display_name":"Trinoo","level":5,"score":0.5421084761619568},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.501779317855835},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4890926480293274},{"id":"https://openalex.org/C77270119","wikidata":"https://www.wikidata.org/wiki/Q1655198","display_name":"Software-defined networking","level":2,"score":0.4566977322101593},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4364728629589081},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.43194568157196045},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.42584237456321716},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35221222043037415},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3203394114971161},{"id":"https://openalex.org/C120865594","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Application layer DDoS attack","level":4,"score":0.25303512811660767},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.2219102382659912},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1714148223400116},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/noms56928.2023.10154315","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms56928.2023.10154315","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.4300000071525574,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2783466926","https://openalex.org/W2292210693","https://openalex.org/W2097156747","https://openalex.org/W2276629685","https://openalex.org/W2000326002","https://openalex.org/W4400952743","https://openalex.org/W4387183101","https://openalex.org/W3010924008"],"abstract_inverted_index":{"Distributed":[0],"denial-of-service":[1],"(DDoS)":[2],"attacks":[3,37,51,109],"are":[4,40,82],"a":[5,99,122,185],"growing":[6],"threat":[7],"in":[8,21,110,138],"the":[9,13,22,86,163,170,174],"Internet.":[10],"For":[11],"example,":[12],"increasing":[14],"number":[15],"of":[16,24,101,118,176],"small":[17],"low-powered":[18],"devices":[19],"participating":[20],"Internet":[23],"Things":[25],"can":[26],"be":[27,53],"hijacked":[28],"by":[29,85],"botnets":[30],"and":[31,66,103,126,133,183,189],"used":[32],"to":[33,74,106,159,169],"perpetrate":[34],"powerful":[35],"DDoS":[36,77,108],"if":[38,162],"they":[39],"not":[41],"secured":[42],"correctly.":[43],"Different":[44],"works":[45],"have":[46,70],"already":[47],"investigated":[48],"how":[49],"such":[50],"may":[52],"detected":[54],"using":[55],"efficient":[56],"probabilistic":[57],"data":[58,67,87],"structures":[59],"known":[60],"as":[61,147,149],"\u201csketches\u201d.":[62],"Additionally,":[63],"software-defined":[64],"networking":[65],"plane":[68],"programmability":[69],"created":[71],"new":[72,76],"opportunities":[73],"develop":[75],"attack":[78],"detection":[79,131,145,165,181],"approaches":[80],"that":[81,97],"performed":[83],"entirely":[84],"plane.":[88],"In":[89],"this":[90,119],"work,":[91],"we":[92],"specifically":[93],"investigate":[94],"an":[95,116,139],"approach":[96,120],"uses":[98],"combination":[100],"HYPERLOGLOG":[102],"COUNTMIN":[104],"sketches":[105],"detect":[107],"P4-programmable":[111],"network":[112],"switches.":[113],"We":[114,172],"present":[115],"implementation":[117,143],"for":[121],"software-based":[123],"P4":[124],"switch":[125,155],"evaluate":[127],"its":[128,134],"accuracy,":[129],"achieved":[130],"latencies":[132,146],"effect":[135],"on":[136,154,180],"throughput":[137,156],"emulated":[140],"environment.":[141],"Our":[142],"achieves":[144],"low":[148],"0.97":[150],"s.":[151],"The":[152],"impact":[153,175],"is":[157,167],"limited":[158],"approximately":[160],"10%":[161],"final":[164],"step":[166],"offloaded":[168],"controller.":[171],"explore":[173],"different":[177],"sketch":[178],"sizes":[179],"accuracy":[182,188],"find":[184],"trade-off":[186],"between":[187],"memory":[190],"requirements.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-23T09:07:50.710637","created_date":"2025-10-10T00:00:00"}