Simulation and Analysis of DDoS in Active Defense Environment
Currently there is very few data that can describe the whole profile of a DDoS attack. In this paper, the active DDoS defense system deploys a number of sub-systems, such as Flexible Deterministic Packet Marking (FDPM) and Mark-Aided Distributed Filtering (MADF). In addition, two DDoS tools, TFN2K and Trinoo, are adopted and integrated into SSFNet to create virtual DDoS networks to simulate the attacks. Then, simulation experiments are used to evaluate the performance of the active DDoS defense system. At last, we set up a model to describe the interactions between DDoS attack and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Experiment results shows that the model can precisely estimate the defense effectiveness of the system when it encounters attacks.
KeywordsAttack Rate Strength Function Defense Parti Attack Traffic Attack Packet
Unable to display preview. Download preview PDF.
- 3.Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defence Mechanisms against DDoS Attacks, Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia (2004)Google Scholar
- 4.SSFNet, Scalable Simulation Framework (2005), http://www.ssfnet.org
- 5.Chen, R.C., Shi, W., Zhou, W.: Simulation of Distributed Denial of ServiceAttacks (Technical Report). In: TR C04/09, School of Information Technology, Deakin University, Australia (2004)Google Scholar
- 6.Xiang, Y., Zhou, W.: Mark-Aided Distributed Filtering by Using Neural Network for DDoS Defense. In: IEEE Global Telecommunications Conference 2005 (IEEE GLOBECOM 2005), IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
- 7.Dittrich, D.: Distributed Denial of Service (DDoS) Attacks/tools (2005), http://staff.washington.edu/dittrich/misc/ddos/
- 8.Skitter project, Cooperative Association for Internet Data Analysis (CAIDA), http://www.caida.org/tools/measurement/skitter/
- 9.Xiang, Y., Zhou, W., Rough, J.: Trace IP Packets by Flexible Deterministic Packet Marking (FDPM) In: Proceedings of IEEE International Workshop on IP Operations & Management IPOM, pp. 246–252 (2004)Google Scholar
- 10.Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: 2003 IEEE Symposium on Security and Privacy, pp. 93–107 (2003)Google Scholar