A Measure for Assessing the Adequacy of DDOS Defenses

This research proposes a measure for assessing the adequacy of DDOS detection systems. DDOS attacks pose serious threats to businesses around the globe. The best defense incorporates a plurality of detection methods. To increase the likelihood that malicious traffic can be effectively identified, multiple detection tests should be used. However, the complexity and quantity of contemporary tests makes selection difficult. This research proposes a metric developed to assist in making such determinations. The measure was developed in three stages: first, a review of contemporary detection algorithms was conducted in order to identify specific tactics. Second, the results were clustered into logical groupings which were improved over multiple iterations. Finally, a Delphi group provided recommendations and feedback via two rounds of revision. The result is a formative measure consisting of 28 separate tests organized into 10 categories. It can be used to assess in-place defenses or guide development of new detection systems.