A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events

详细信息    查看全文

• 作者：Sajal Bhatia ; Desmond Schmidt ; George Mohay ; Alan Tickle
• 关键词：Synthetic traffic generation ; DDoS attacks ; Flash Events ; IP-aliasing ; Testbed framework
• 刊名：Computers and Security
• 出版年：February, 2014
• 年：2014
• 卷：40
• 期：Complete
• 页码：95-107
• 全文大小：1424 K

文摘

An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, 鈥楤otloader鈥? is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.