{"id":"https://openalex.org/W2761831203","doi":"https://doi.org/10.1109/tifs.2017.2758754","title":"SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks","display_name":"SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks","publication_year":2017,"publication_date":"2017-10-02","ids":{"openalex":"https://openalex.org/W2761831203","doi":"https://doi.org/10.1109/tifs.2017.2758754","mag":"2761831203"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2017.2758754","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2758754","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100455048","display_name":"Chenxu Wang","orcid":"https://orcid.org/0000-0002-9539-5046"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]},{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN","HK"],"is_corresponding":true,"raw_author_name":"Chenxu Wang","raw_affiliation_strings":["Department of Computing, The Hong Kong Polytechnic University, Hong Kong","MoE Key Laboratory for Intelligent Networks and Network Security, Xi\u2019an Jiaotong University, Xi\u2019an, China","MoE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"MoE Key Laboratory for Intelligent Networks and Network Security, Xi\u2019an Jiaotong University, Xi\u2019an, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"MoE Key Laboratory for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065006593","display_name":"Tony T. N. Miu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210127430","display_name":"Lucky Technology (China)","ror":"https://ror.org/0341fmf68","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210127430"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tony T. N. Miu","raw_affiliation_strings":["Nexusguard Ltd., Hong Kong"],"affiliations":[{"raw_affiliation_string":"Nexusguard Ltd., Hong Kong","institution_ids":["https://openalex.org/I4210127430"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400376","display_name":"Xiapu Luo","orcid":"https://orcid.org/0000-0002-9082-3208"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Xiapu Luo","raw_affiliation_strings":["Shenzhen Research Institute, The Hong Kong Polytechnic University, Hong Kong"],"affiliations":[{"raw_affiliation_string":"Shenzhen Research Institute, The Hong Kong Polytechnic University, Hong Kong","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083872248","display_name":"Jinhe Wang","orcid":"https://orcid.org/0000-0002-1293-085X"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]},{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN","HK"],"is_corresponding":false,"raw_author_name":"Jinhe Wang","raw_affiliation_strings":["Department of Computing, The Hong Kong Polytechnic University, Hong Kong","School of Software Engineering, Xi\u2019an Jiaotong University, Xi\u2019an, China","School of Software Engineering, Xi'an Jiaotong University, Xi'an, China"],"affiliations":[{"raw_affiliation_string":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong","institution_ids":["https://openalex.org/I14243506"]},{"raw_affiliation_string":"School of Software Engineering, Xi\u2019an Jiaotong University, Xi\u2019an, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"School of Software Engineering, Xi'an Jiaotong University, Xi'an, China","institution_ids":["https://openalex.org/I87445476"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100455048"],"corresponding_institution_ids":["https://openalex.org/I14243506","https://openalex.org/I87445476"],"apc_list":null,"apc_paid":null,"fwci":12.4667,"has_fulltext":false,"cited_by_count":116,"citation_normalized_percentile":{"value":0.98870684,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":100},"biblio":{"volume":"13","issue":"3","first_page":"559","last_page":"573"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8921777606010437},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.8639095425605774},{"id":"https://openalex.org/keywords/sketch","display_name":"Sketch","score":0.7046916484832764},{"id":"https://openalex.org/keywords/application-layer-ddos-attack","display_name":"Application layer DDoS attack","score":0.6493360996246338},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6224586367607117},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5930376648902893},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5906945466995239},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.5548549294471741},{"id":"https://openalex.org/keywords/application-layer","display_name":"Application layer","score":0.49402981996536255},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.41614842414855957},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.23361840844154358},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.13360336422920227},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12865883111953735}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8921777606010437},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.8639095425605774},{"id":"https://openalex.org/C2779231336","wikidata":"https://www.wikidata.org/wiki/Q7534724","display_name":"Sketch","level":2,"score":0.7046916484832764},{"id":"https://openalex.org/C120865594","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Application layer DDoS attack","level":4,"score":0.6493360996246338},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6224586367607117},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5930376648902893},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5906945466995239},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.5548549294471741},{"id":"https://openalex.org/C190793597","wikidata":"https://www.wikidata.org/wiki/Q189768","display_name":"Application layer","level":3,"score":0.49402981996536255},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.41614842414855957},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.23361840844154358},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.13360336422920227},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12865883111953735},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2017.2758754","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2017.2758754","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:ira.lib.polyu.edu.hk:10397/73848","is_oa":false,"landing_page_url":"http://hdl.handle.net/10397/73848","pdf_url":null,"source":{"id":"https://openalex.org/S4306400205","display_name":"PolyU Institutional Research Archive (Hong Kong Polytechnic University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I14243506","host_organization_name":"Hong Kong Polytechnic University","host_organization_lineage":["https://openalex.org/I14243506"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Journal/Magazine Article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1732853937","display_name":null,"funder_award_id":"2016JM6040","funder_id":"https://openalex.org/F4320324173","funder_display_name":"Natural Science Foundation of Shaanxi Province"},{"id":"https://openalex.org/G3224803776","display_name":null,"funder_award_id":"1191320006","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"},{"id":"https://openalex.org/G3343719966","display_name":null,"funder_award_id":"61602370","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4224320565","display_name":null,"funder_award_id":"61772411","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5839275618","display_name":null,"funder_award_id":"61672026","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8392991950","display_name":null,"funder_award_id":"201659M2806","funder_id":"https://openalex.org/F4320321543","funder_display_name":"China Postdoctoral Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321543","display_name":"China Postdoctoral Science Foundation","ror":"https://ror.org/0426zh255"},{"id":"https://openalex.org/F4320324173","display_name":"Natural Science Foundation of Shaanxi Province","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":59,"referenced_works":["https://openalex.org/W197785030","https://openalex.org/W1572403558","https://openalex.org/W1573745704","https://openalex.org/W1603565383","https://openalex.org/W1911710799","https://openalex.org/W1969670714","https://openalex.org/W1972458709","https://openalex.org/W1972950122","https://openalex.org/W1978502884","https://openalex.org/W1979006661","https://openalex.org/W1980193150","https://openalex.org/W1988725147","https://openalex.org/W1990680872","https://openalex.org/W1993284846","https://openalex.org/W1998496248","https://openalex.org/W2018992824","https://openalex.org/W2038543890","https://openalex.org/W2041198666","https://openalex.org/W2046106084","https://openalex.org/W2062706606","https://openalex.org/W2079411451","https://openalex.org/W2087766914","https://openalex.org/W2088301450","https://openalex.org/W2096159591","https://openalex.org/W2097602077","https://openalex.org/W2098260620","https://openalex.org/W2098334439","https://openalex.org/W2099389120","https://openalex.org/W2102481563","https://openalex.org/W2103024672","https://openalex.org/W2104692292","https://openalex.org/W2110238613","https://openalex.org/W2112135709","https://openalex.org/W2113484578","https://openalex.org/W2121511513","https://openalex.org/W2124589355","https://openalex.org/W2127605496","https://openalex.org/W2130216882","https://openalex.org/W2130873367","https://openalex.org/W2134598092","https://openalex.org/W2146467316","https://openalex.org/W2155087074","https://openalex.org/W2155141181","https://openalex.org/W2155883880","https://openalex.org/W2157202423","https://openalex.org/W2157496457","https://openalex.org/W2159205978","https://openalex.org/W2169384417","https://openalex.org/W2170874246","https://openalex.org/W2308483349","https://openalex.org/W2346047936","https://openalex.org/W2573541888","https://openalex.org/W2740580754","https://openalex.org/W3147513489","https://openalex.org/W4246870340","https://openalex.org/W4393509101","https://openalex.org/W6672775965","https://openalex.org/W6698286094","https://openalex.org/W6741684655"],"related_works":["https://openalex.org/W2908108831","https://openalex.org/W2375951120","https://openalex.org/W3005836778","https://openalex.org/W2754163055","https://openalex.org/W2552641916","https://openalex.org/W4254515188","https://openalex.org/W2591571751","https://openalex.org/W2784282778","https://openalex.org/W2954653956","https://openalex.org/W2991861214"],"abstract_inverted_index":{"Application":[0],"layer":[1,82],"distributed":[2],"denial":[3],"of":[4,16,34,91,101,119,122,130,137,145],"service":[5],"(DDoS)":[6],"attacks":[7,20,36,54],"have":[8,141],"become":[9],"a":[10,42,88,143,158,175],"severe":[11],"threat":[12],"to":[13,49,76,115],"the":[14,72,92,99,106,112,117,128,134],"security":[15],"web":[17,160],"servers.":[18],"These":[19],"evade":[21],"most":[22,33],"intrusion":[23,44],"prevention":[24,45],"systems":[25],"by":[26,132],"sending":[27],"numerous":[28],"benign":[29],"HTTP":[30],"requests.":[31],"Since":[32],"these":[35,53],"are":[37],"launched":[38],"abruptly":[39],"and":[40,51,79,104,147],"severely,":[41],"fast":[43],"system":[46],"is":[47],"desirable":[48],"detect":[50,78],"mitigate":[52,80],"as":[55,57],"soon":[56],"possible.":[58],"In":[59],"this":[60],"paper,":[61],"we":[62,86,110],"propose":[63,87],"an":[64,123],"effective":[65],"defense":[66],"system,":[67],"named":[68],"SkyShield,":[69],"which":[70,97],"leverages":[71],"sketch":[73,114],"data":[74,155],"structure":[75],"quickly":[77,169],"application":[81],"DDoS":[83],"attacks.":[84],"First,":[85],"novel":[89],"calculation":[90,136],"divergence":[93],"between":[94],"two":[95],"sketches,":[96],"alleviates":[98],"impact":[100,177],"network":[102],"dynamics":[103],"improves":[105,127],"detection":[107],"accuracy.":[108],"Second,":[109],"utilize":[111],"abnormal":[113],"facilitate":[116],"identification":[118],"malicious":[120,138,171],"hosts":[121],"ongoing":[124],"attack.":[125],"This":[126],"efficiency":[129],"SkyShield":[131,146,167],"avoiding":[133],"reverse":[135],"hosts.":[139],"We":[140],"developed":[142],"prototype":[144],"carefully":[148],"evaluated":[149],"its":[150],"effectiveness":[151],"using":[152],"real":[153],"attack":[154],"collected":[156],"from":[157],"large-scale":[159],"cluster.":[161],"The":[162],"experimental":[163],"results":[164],"show":[165],"that":[166],"can":[168],"reduce":[170],"requests,":[172],"while":[173],"posing":[174],"limited":[176],"on":[178],"normal":[179],"users.":[180]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":20},{"year":2021,"cited_by_count":20},{"year":2020,"cited_by_count":20},{"year":2019,"cited_by_count":20},{"year":2018,"cited_by_count":17}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}