{"id":"https://openalex.org/W2900111018","doi":"https://doi.org/10.1145/3278681.3278701","title":"Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN)","display_name":"Using network flow data to analyse distributed reflection denial of service (DRDoS) attacks, as observed on the South African national research and education network (SANReN)","publication_year":2018,"publication_date":"2018-09-26","ids":{"openalex":"https://openalex.org/W2900111018","doi":"https://doi.org/10.1145/3278681.3278701","mag":"2900111018"},"language":"en","primary_location":{"id":"doi:10.1145/3278681.3278701","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3278681.3278701","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032974099","display_name":"Ivan D Burke","orcid":null},"institutions":[{"id":"https://openalex.org/I21360634","display_name":"Council for Scientific and Industrial Research","ror":"https://ror.org/05j00sr48","country_code":"ZA","type":"funder","lineage":["https://openalex.org/I21360634"]}],"countries":["ZA"],"is_corresponding":true,"raw_author_name":"Ivan Daniel Burke","raw_affiliation_strings":["Council for Scientific and Industrial Research, Pretoria, South Africa"],"affiliations":[{"raw_affiliation_string":"Council for Scientific and Industrial Research, Pretoria, South Africa","institution_ids":["https://openalex.org/I21360634"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061906205","display_name":"Alan Herbert","orcid":null},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Alan Herbert","raw_affiliation_strings":["Rhodes University, Grahamstown, South Africa"],"affiliations":[{"raw_affiliation_string":"Rhodes University, Grahamstown, South Africa","institution_ids":["https://openalex.org/I203238179"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5034329836","display_name":"Roderick Mooi","orcid":"https://orcid.org/0000-0001-8598-3402"},"institutions":[{"id":"https://openalex.org/I21360634","display_name":"Council for Scientific and Industrial Research","ror":"https://ror.org/05j00sr48","country_code":"ZA","type":"funder","lineage":["https://openalex.org/I21360634"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Roderick Mooi","raw_affiliation_strings":["Council for Scientific and Industrial Research, Pretoria, South Africa"],"affiliations":[{"raw_affiliation_string":"Council for Scientific and Industrial Research, Pretoria, South Africa","institution_ids":["https://openalex.org/I21360634"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5032974099"],"corresponding_institution_ids":["https://openalex.org/I21360634"],"apc_list":null,"apc_paid":null,"fwci":0.1845,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.56738964,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"164","last_page":"170"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.7837032675743103},{"id":"https://openalex.org/keywords/denial","display_name":"Denial","score":0.6903074979782104},{"id":"https://openalex.org/keywords/reflection","display_name":"Reflection (computer programming)","score":0.6704713106155396},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5619744062423706},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.47530850768089294},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4712451100349426},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3908592760562897},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.13246968388557434},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1182803213596344},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.10325351357460022},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.07091304659843445}],"concepts":[{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.7837032675743103},{"id":"https://openalex.org/C2780900520","wikidata":"https://www.wikidata.org/wiki/Q100268981","display_name":"Denial","level":2,"score":0.6903074979782104},{"id":"https://openalex.org/C65682993","wikidata":"https://www.wikidata.org/wiki/Q1056451","display_name":"Reflection (computer programming)","level":2,"score":0.6704713106155396},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5619744062423706},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47530850768089294},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4712451100349426},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3908592760562897},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.13246968388557434},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1182803213596344},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.10325351357460022},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.07091304659843445},{"id":"https://openalex.org/C11171543","wikidata":"https://www.wikidata.org/wiki/Q41630","display_name":"Psychoanalysis","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3278681.3278701","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3278681.3278701","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5400000214576721,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W922919515","https://openalex.org/W1734799737","https://openalex.org/W1867219652","https://openalex.org/W2026168289","https://openalex.org/W2053550965","https://openalex.org/W2061133001","https://openalex.org/W2101173463","https://openalex.org/W2111371783","https://openalex.org/W2151584216","https://openalex.org/W2158673492","https://openalex.org/W2169662797","https://openalex.org/W2232992392","https://openalex.org/W2255206882","https://openalex.org/W2288632536","https://openalex.org/W2574964486","https://openalex.org/W2999097477","https://openalex.org/W4233898666","https://openalex.org/W4300930169","https://openalex.org/W6637631891"],"related_works":["https://openalex.org/W2035091929","https://openalex.org/W2161226151","https://openalex.org/W2765658188","https://openalex.org/W2235209299","https://openalex.org/W2886198660","https://openalex.org/W1994643043","https://openalex.org/W1997184652","https://openalex.org/W2413774596","https://openalex.org/W206810774","https://openalex.org/W2417152646"],"abstract_inverted_index":{"Distributed":[0],"Denial":[1],"of":[2],"Service":[3],"(DDoS)":[4],"attacks":[5],"cause":[6],"significant":[7],"disruption":[8],"on":[9,37,66],"critical":[10],"networks":[11],"within":[12],"South":[13],"Africa.":[14],"Timely":[15],"detection":[16],"and":[17,61,86,109],"mitigation":[18],"is":[19,99],"a":[20],"key":[21],"concern":[22],"for":[23],"the":[24,38,51,59,62,67],"SANReN":[25,68],"Cyber":[26],"Security":[27],"Incident":[28],"Response":[29],"Team":[30],"(CSIRT).":[31],"This":[32],"paper":[33,71],"presents":[34],"an":[35],"analysis":[36,90],"Memcached":[39],"reflection":[40],"DDoS":[41,53],"attack":[42,49,54,60,89,97,107,111],"which":[43],"occurred":[44],"in":[45],"February":[46],"2018.":[47],"The":[48,96],"was":[50],"largest":[52],"to":[55,73,82,91],"date.":[56],"By":[57],"analysing":[58],"impact":[63],"it":[64],"had":[65],"network,":[69],"this":[70],"aims":[72],"show":[74],"how":[75],"network":[76,84,94],"flow":[77],"data":[78],"can":[79],"be":[80],"used":[81],"detect":[83],"attacks,":[85],"perform":[87],"post":[88,110],"prevent":[92],"future":[93],"attacks.":[95],"time-line":[98],"divided":[100],"into":[101],"three":[102],"main":[103],"phases:":[104],"pre-attack,":[105],"peek":[106],"period":[108],"residue.":[112]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}