Simulation of Internet DDoS Attacks and Defense

The paper considers the software simulation tool DDoSSim which has been developed for comprehensive investigation of Internet DDoS attacks and defense mechanisms. This tool can be characterized by three main peculiarities: agent-oriented approach to simulation, packet-based imitation of network security processes, and open library of different DDoS attacks and defense mechanisms. DDoSSim allows deeply investigating various attacks and defense methods and generating valuable recommendations on choosing the best defense. In the paper the agent-oriented approach suggested is considered. The taxonomy of input and output parameters for simulation is outlined. The main DDoSSim components are specified. One of the experiments on protection against DDoS attacks demonstrates some DDoSSim possibilities. We consider different phases of defense operations – learning, decision making and protection, including adaptation to the actions of malefactors.

[1]  Ramesh Govindan,et al.  Cossack: coordinated suppression of simultaneous attacks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[2]  Milind Tambe,et al.  Towards Heterogeneous Agent Teams , 2001, EASSS.

[3]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[4]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[5]  Riccardo Bettati,et al.  A Gateway-based Defense System for Distributed DoS Attacks in High-Speed Networks , 2001 .

[6]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[7]  Helena Sandström,et al.  An Evaluation of Different IP Traceback Approaches , 2002, ICICS.

[8]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[9]  Jelena Mirkovic,et al.  Distributed Defense Against DDoS Attacks , 2004 .

[10]  R. Pastor-Satorras,et al.  Generation of uncorrelated random scale-free networks. , 2004, Physical review. E, Statistical, nonlinear, and soft matter physics.

[11]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[12]  Wanlei Zhou,et al.  An Active Distributed Defense System to Protect Web Applications from DDOS Attacks , 2004, iiWAS.

[13]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[14]  Priya Mahadevan,et al.  Lessons from Three Views of the Internet Topology , 2005, ArXiv.

[15]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[16]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[17]  Shigang Chen,et al.  Perimeter-based defense against high bandwidth DDoS attacks , 2005, IEEE Transactions on Parallel and Distributed Systems.

[18]  John Yen,et al.  Modeling and simulating human teamwork behaviors using intelligent agents , 2004 .

[19]  Michael Luck,et al.  Multi-Agent Systems and Applications , 2001, Lecture Notes in Computer Science.

[20]  Sergey N. Dorogovtsev,et al.  The shortest path to complex networks , 2004, ArXiv.

[21]  Domenico Cotroneo,et al.  Programming routers to improve network secu-rity , 2001 .

[22]  Jiannong Cao,et al.  Decision Analysis of Statistically Detecting Distributed Denial-of-Service Flooding Attacks , 2003, Int. J. Inf. Technol. Decis. Mak..

[23]  Milind Tambe,et al.  Towards Flexible Teamwork , 1997, J. Artif. Intell. Res..

[24]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.