DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform

Abstract

DDoS attacks are one of the top security problems affecting networks and disrupting services to legitimate users. The first vital step in dealing with this problem is the network's ability to detect such attacks. To that end, it is important that an intrusion detection mechanism be able to differentiate between real DDoS traffic and Flash Crowds traffic, the latter of which constitutes sudden bursts of legitimate network activity. To train and analyze detection mechanisms, researchers typically simulate the DDoS traffic in the testbed; while for Flash Crowds, most researchers replay the web server captures obtained from third parties. This paper proposes the design of a special testbed-based simulation method with Spirent Test Center hardware platform, to simulate both DDoS traffic and Flash Crowds traffic. We give empirical results, including the simulation of four kinds of DDoS traffic including UDP Flooding attack, ICMP Flooding attack, TCP SYN Flooding attack and App-DDoS attack.