Investigation of DDoS Attacks by Hybrid Simulation

  • Yana Bekeneva
  • Konstantin Borisenko
  • Andrey Shorov
  • Igor Kotenko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9357)


At present protection against distributed attacks of the type “denial of service” (DDoS) is one of the important tasks. The paper considers a simulation environment for DDoS attacks of different types using the combination of a simulation approach and real software-hardware testbeds. In the paper we briefly describe the system architecture and a series of experiments for DDoS attack simulation on transport and application levels. The experimental results are provided, and the analysis of these results is performed.


Network security DDoS attacks Simulation Flooding 



This research is being supported by grants of RFBR (projects 13-01-00843, 13-07-13159, 14-07-00697 and 14-07-00417), state project “Organization of scientific research” of the main part of the state plan of the Board of Education of Russia, project part of the state plan of the Board of Education of Russia (task # 2.136.2014/K) as well as by Government of the Russian Federation, Grant 074-U01.


  1. 1.
    Worldwide Infrastructure Security Report. ARBOR Networks reports 2014 (2014).
  2. 2.
    Konovalov, A., Kotenko, I., Shorov, A.: Simulation-based study of botnets and defense mechanisms against them. J. Comput. Syst. Sci. Int. 52(1), 43–65 (2013). Pleiades Publishing LtdMathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Kotenko, I., Konovalov, A., Shorov, A.: Agent-based modeling and simulation of botnets and botnet defense. In: Conference on Cyber Conflict, Proceedings 2010. CCD COE Publications. Tallinn, Estonia (2010)Google Scholar
  4. 4.
    Wang, J., Phan, R., Whitley, J., Parish, D.: Advanced DDoS attacks traffic simulation with a test center platform. Int. J. Inf. Secur. Res. (IJISR), 1(4) (2011)Google Scholar
  5. 5.
  6. 6.
    MazeBolt developer.
  7. 7.
    Butler, B.: Interop network squares off against controlled 70G bit/sec DDoS attack (2013).
  8. 8.
  9. 9.
    Årnes, A., Haas, P., Vigna, G., Kemmerer, R.A.: Using a virtual security testbed for digital forensic reconstruction. DIMVA 2006, pp. 144–163. Springer-Verlag, France (2006)Google Scholar
  10. 10.
    OMNeT ++ Discrete Event System Simulator.
  11. 11.
    INET Framework.
  12. 12.
    ReaSE, developer web-site.
  13. 13.
  14. 14.
    VMware, developer site.
  15. 15.
    Kotenko, I., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. J. Wireless Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 5(3), 14–29 (2014)Google Scholar
  16. 16.
    Fedorchenko, A., Kotenko, I., Chechulin, A.: Integrated repository of security information for network security evaluation. J. Wireless Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 6(2), 41–57 (2015)Google Scholar
  17. 17.
    TCP SYN Flooding and IP Spoofing Attacks. CA-1996–21.

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Yana Bekeneva
    • 1
  • Konstantin Borisenko
    • 1
  • Andrey Shorov
    • 1
  • Igor Kotenko
    • 2
    • 3
  1. 1.Department of Computer Science and EngineeringSaint Petersburg Electrotechnical University “LETI”Saint PetersburgRussia
  2. 2.St. Petersburg Institute for Informatics and AutomationSaint PetersburgRussia
  3. 3.St. Petersburg National Research University of Information Technologies, Mechanics and OpticsSaint PetersburgRussia

Personalised recommendations