Emulation versus simulation: a case study of TCP-targeted denial of service attacks
- 1 January 2006
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 10 pp.-325
- https://doi.org/10.1109/tridnt.2006.1649164
Abstract
In this paper, we investigate the applicability of simulation and emulation for denial of service (DoS) attack experimentation. As a case study, we consider low-rate TCP-targeted DoS attacks. We design constructs and tools for emulation testbeds to achieve a level of control comparable to simulation tools. Through a careful sensitivity analysis, we expose difficulties in obtaining meaningful measurements from the DETER and Emulab testbeds with default system settings, and find dramatic differences between simulation and emulation results for DoS experiments. Our results also reveal that software routers such as Click provide a flexible experimental platform, but require understanding and manipulation of the underlying network device drivers. We compare simulation and testbed results to a simple analytical model for predicting the average size of the congestion window of a TCP flow under a low-rate TCP-targeted attack, as a function of the DoS attack frequency. We find that the analytical model and ns-2 simulations closely match in typical scenarios. Our results also illustrate that TCP-targeted attacks can be effective even when the attack frequency is not tuned to the retransmission timeout. The router type, router buffer size, attack pulse length, attack packet size, and attacker location have a significant impact on the effectiveness and stealthiness of the attackKeywords
This publication has 24 references indexed in Scilit:
- Exploiting the transients of adaptation for roq attacks on internet resourcesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- SIFF: a stateless internet flow filter to mitigate DDoS flooding attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Cyber defense technology networking and evaluationCommunications of the ACM, 2004
- A framework for classifying denial of service attacksPublished by Association for Computing Machinery (ACM) ,2003
- Internet research needs better modelsACM SIGCOMM Computer Communication Review, 2003
- An integrated experimental environment for distributed systems and networksPublished by Association for Computing Machinery (ACM) ,2002
- On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internetsPublished by Association for Computing Machinery (ACM) ,2001
- DummynetACM SIGCOMM Computer Communication Review, 1997
- Experiences with a high-speed network adaptorPublished by Association for Computing Machinery (ACM) ,1994
- Congestion avoidance and controlACM SIGCOMM Computer Communication Review, 1988