Simulation Study of Flood Attacking of DDOS

Distributed denial-of-service (DDOS) attacking remains a great threat to the Internet. The literature regarding qualitative descriptions of DDOS attacking is rich. However, quantitative descriptions are rarely reported. This paper aims at providing our results of five experiments in this regard for flood attacking in the simulation environment with NS2. The results in this paper indicate that the bandwidth may be more easily flooded by UDP-type attacking than by TCP-type one. In addition, by introducing the concepts of attack time and attack intensity, we show that attack time mainly relates to attack intensity. Furthermore, we give the quantitative evidence to show that buffer size plays a role in dealing with attack traffic.

[1]  Edward Ray,et al.  The future of intrusion prevention , 2007 .

[2]  Weijia Jia,et al.  Simulation of Long-Range Dependent Traffic and a Simulator of TCP Arrival Traffic , 2001, J. Interconnect. Networks.

[3]  E. Eugene Schultz Intrusion prevention , 2004, Comput. Secur..

[4]  Ming Li,et al.  An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition , 2004, Comput. Secur..

[5]  Yong Tang,et al.  Stateful DDoS attacks and targeted filtering , 2007, J. Netw. Comput. Appl..

[6]  Kang G. Shin,et al.  Change-point monitoring for the detection of DoS attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[7]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[8]  Ming Li,et al.  Reliably Identifying Traffic Abnormality under DDOS Flood Attacks in Differentiated Services Environment Based on Traffic Constraint , 2007 .

[9]  Ming Li,et al.  A correlation-based computational model for synthesizing long-range dependent data , 2003, J. Frankl. Inst..

[10]  Vasilios Katos,et al.  Network intrusion detection: Evaluating cluster, discriminant, and logit analysis , 2007, Inf. Sci..

[11]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[12]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[13]  Ming Li,et al.  Change trend of averaged Hurst parameter of traffic under DDOS flood attacks , 2006, Comput. Secur..

[14]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[15]  Ming Li,et al.  Fractional Gaussian Noise: A Tool of Characterizing Traffic for Detection Purpose , 2004, AWCC.

[16]  G. Manimaran,et al.  Distributed packet pairing for reflector based DDoS attack mitigation , 2006, Comput. Commun..

[17]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[18]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[19]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[20]  Wei Zhao,et al.  Modeling autocorrelation functions of self-similar teletraffic in communication networks based on optimal approximation in Hilbert space , 2003 .

[21]  Symeon Papavassiliou,et al.  Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction , 2004, Journal of Network and Systems Management.

[22]  Jiannong Cao,et al.  Decision Analysis of Statistically Detecting Distributed Denial-of-Service Flooding Attacks , 2003, Int. J. Inf. Technol. Decis. Mak..

[23]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[24]  John Leach TBSE - an engineering approach to the design of accurate and reliable security systems , 2004, Comput. Secur..

[25]  Alefiya Hussain,et al.  Measurement and spectral analysis of denial of service attacks , 2005 .

[26]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[27]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[28]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[29]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[30]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[31]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[32]  Barry E. Mullins,et al.  Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion , 2006, IEEE Security & Privacy.

[33]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[34]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[35]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[36]  Sung Deok Cha,et al.  SAD: web session anomaly detection based on parameter estimation , 2004, Comput. Secur..

[37]  Riccardo Bettati,et al.  Real-time Intrusion Detection and Suppression in ATM Networks , 1999, Workshop on Intrusion Detection and Network Monitoring.

[38]  Won Suk Lee,et al.  An anomaly intrusion detection method by clustering normal user behavior , 2003, Comput. Secur..

[39]  Lee M. Rossey,et al.  Extending the DARPA off-line intrusion detection evaluations , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[40]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[41]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[42]  V. Paxson,et al.  WHERE MATHEMATICS MEETS THE INTERNET , 1998 .

[43]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[44]  Yves Deswarte,et al.  Internet Security: An Intrusion-Tolerance Approach , 2006, Proceedings of the IEEE.