Simulation and Analysis of DDoS in Active Defense Environment

Currently there is very few data that can describe the whole profile of a DDoS attack. In this paper, the active DDoS defense system deploys a number of sub-systems, such as Flexible Deterministic Packet Marking (FDPM) and Mark-Aided Distributed Filtering (MADF). In addition, two DDoS tools, TFN2K and Trinoo, are adopted and integrated into SSFNet to create virtual DDoS networks to simulate the attacks. Then, simulation experiments are used to evaluate the performance of the active DDoS defense system. At last, we set up a model to describe the interactions between DDoS attack and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. Experiment results shows that the model can precisely estimate the defense effectiveness of the system when it encounters attacks.

[1]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[2]  Wanlei Zhou,et al.  Trace IP packets by flexible deterministic packet marking (FDPM) , 2004, 2004 IEEE International Workshop on IP Operations and Management.

[3]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[4]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[5]  Wanlei Zhou,et al.  Mark-aided distributed filtering by using neural network for DDoS defense , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[6]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.