DDoS攻击流量和Flash crowd流量模拟用硬件测试中心平台

2011 World Congress on Internet Security (WorldCIS-2011) Pub Date : 2011-04-15 DOI:10.1109/WORLDCIS17046.2011.5749874

Jie Wang, R. Phan, J. Whitley, D. Parish

{"title":"DDoS攻击流量和Flash crowd流量模拟用硬件测试中心平台","authors":"Jie Wang, R. Phan, J. Whitley, D. Parish","doi":"10.1109/WORLDCIS17046.2011.5749874","DOIUrl":null,"url":null,"abstract":"DDoS attacks are one of the top security problems affecting networks and disrupting services to legitimate users. The first vital step in dealing with this problem is the network's ability to detect such attacks. To that end, it is important that an intrusion detection mechanism be able to differentiate between real DDoS traffic and Flash Crowds traffic, the latter of which constitutes sudden bursts of legitimate network activity. To train and analyze detection mechanisms, researchers typically simulate the DDoS traffic in the testbed; while for Flash Crowds, most researchers replay the web server captures obtained from third parties. This paper proposes the design of a special testbed-based simulation method with Spirent Test Center hardware platform, to simulate both DDoS traffic and Flash Crowds traffic. We give empirical results, including the simulation of four kinds of DDoS traffic including UDP Flooding attack, ICMP Flooding attack, TCP SYN Flooding attack and App-DDoS attack.","PeriodicalId":204568,"journal":{"name":"2011 World Congress on Internet Security (WorldCIS-2011)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform\",\"authors\":\"Jie Wang, R. Phan, J. Whitley, D. Parish\",\"doi\":\"10.1109/WORLDCIS17046.2011.5749874\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DDoS attacks are one of the top security problems affecting networks and disrupting services to legitimate users. The first vital step in dealing with this problem is the network's ability to detect such attacks. To that end, it is important that an intrusion detection mechanism be able to differentiate between real DDoS traffic and Flash Crowds traffic, the latter of which constitutes sudden bursts of legitimate network activity. To train and analyze detection mechanisms, researchers typically simulate the DDoS traffic in the testbed; while for Flash Crowds, most researchers replay the web server captures obtained from third parties. This paper proposes the design of a special testbed-based simulation method with Spirent Test Center hardware platform, to simulate both DDoS traffic and Flash Crowds traffic. We give empirical results, including the simulation of four kinds of DDoS traffic including UDP Flooding attack, ICMP Flooding attack, TCP SYN Flooding attack and App-DDoS attack.\",\"PeriodicalId\":204568,\"journal\":{\"name\":\"2011 World Congress on Internet Security (WorldCIS-2011)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-04-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 World Congress on Internet Security (WorldCIS-2011)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WORLDCIS17046.2011.5749874\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 World Congress on Internet Security (WorldCIS-2011)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WORLDCIS17046.2011.5749874","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

DDoS攻击是影响网络和破坏合法用户服务的首要安全问题之一。处理这个问题的第一个关键步骤是网络检测此类攻击的能力。为此，重要的是，入侵检测机制能够区分真正的DDoS流量和Flash crowd流量，后者构成合法网络活动的突然爆发。为了训练和分析检测机制，研究人员通常在测试台上模拟DDoS流量;而对于Flash crowd，大多数研究人员回放从第三方获得的web服务器捕获。本文利用思博伦测试中心硬件平台，设计了一种基于专用试验台的仿真方法，对DDoS流量和Flash crowd流量进行仿真。本文给出了实证结果，包括UDP flood攻击、ICMP flood攻击、TCP SYN flood攻击和App-DDoS攻击四种DDoS流量的仿真。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform

DDoS attacks are one of the top security problems affecting networks and disrupting services to legitimate users. The first vital step in dealing with this problem is the network's ability to detect such attacks. To that end, it is important that an intrusion detection mechanism be able to differentiate between real DDoS traffic and Flash Crowds traffic, the latter of which constitutes sudden bursts of legitimate network activity. To train and analyze detection mechanisms, researchers typically simulate the DDoS traffic in the testbed; while for Flash Crowds, most researchers replay the web server captures obtained from third parties. This paper proposes the design of a special testbed-based simulation method with Spirent Test Center hardware platform, to simulate both DDoS traffic and Flash Crowds traffic. We give empirical results, including the simulation of four kinds of DDoS traffic including UDP Flooding attack, ICMP Flooding attack, TCP SYN Flooding attack and App-DDoS attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 World Congress on Internet Security (WorldCIS-2011)

自引率

0.00%

发文量