Simulation and Analysis of DDoS in Active Defense Environment

  • Zhongwen Li
  • Yang Xiang
  • Dongsheng He
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4456)


Currently there is very few data that can describe the whole profile of a DDoS attack. In this paper, the active DDoS defense system deploys a number of sub-systems, such as Flexible Deterministic Packet Marking (FDPM) and Mark-Aided Distributed Filtering (MADF). In addition, two DDoS tools, TFN2K and Trinoo, are adopted and integrated into SSFNet to create virtual DDoS networks to simulate the attacks. Then, simulation experiments are used to evaluate the performance of the active DDoS defense system. At last, we set up a model to describe the interactions between DDoS attack and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Experiment results shows that the model can precisely estimate the defense effectiveness of the system when it encounters attacks.


Attack Rate Strength Function Defense Parti Attack Traffic Attack Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mirkovic, J., Reiher, P.: A Source-End Defense against Flooding Denial-of-Service Attacks. IEEE Transactions on Dependable and Secure Computing 2(3), 216–232 (2005)CrossRefGoogle Scholar
  2. 2.
    Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: An Architecture for Mitigating DDoS Attacks. IEEE Journal on Selected Areas in Communications 22(1), 176–188 (2004)CrossRefGoogle Scholar
  3. 3.
    Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defence Mechanisms against DDoS Attacks, Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia (2004)Google Scholar
  4. 4.
    SSFNet, Scalable Simulation Framework (2005),
  5. 5.
    Chen, R.C., Shi, W., Zhou, W.: Simulation of Distributed Denial of ServiceAttacks (Technical Report). In: TR C04/09, School of Information Technology, Deakin University, Australia (2004)Google Scholar
  6. 6.
    Xiang, Y., Zhou, W.: Mark-Aided Distributed Filtering by Using Neural Network for DDoS Defense. In: IEEE Global Telecommunications Conference 2005 (IEEE GLOBECOM 2005), IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  7. 7.
    Dittrich, D.: Distributed Denial of Service (DDoS) Attacks/tools (2005),
  8. 8.
    Skitter project, Cooperative Association for Internet Data Analysis (CAIDA),
  9. 9.
    Xiang, Y., Zhou, W., Rough, J.: Trace IP Packets by Flexible Deterministic Packet Marking (FDPM) In: Proceedings of IEEE International Workshop on IP Operations & Management IPOM, pp. 246–252 (2004)Google Scholar
  10. 10.
    Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: 2003 IEEE Symposium on Security and Privacy, pp. 93–107 (2003)Google Scholar
  11. 11.
    Sung, M., Xu, J.: IP Traceback-based Intelligent Packet Filtering: A Novel Technique for Defending Against Internet DDoS Attacks. IEEE Transactions on Parallel and Distributed Systems 14(9), 861–872 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Zhongwen Li
    • 1
  • Yang Xiang
    • 2
  • Dongsheng He
    • 3
  1. 1.Information Science and Technology College, Xiamen University, Xiamen 361005China
  2. 2.School of Management and Information Systems, Faculty of Business and Informatics Central, Queensland University, Rockhampton, Queensland 4702Australia
  3. 3.School of Architecture Engineering, Southwest Petroleum University, Xindu 610500China

Personalised recommendations