DDoS Experiment Methodology

The main objectives of the EMIST DDoS group is to advance the state of the art in rigorous evaluation of distributed denial of service attack-defense scenarios in the Internet. Over the last three years, we have developed an evaluation methodology using a combination of simulation, emulation, modeling, and analysis techniques that allows independent comparison of different DDoS defense systems. We have identified five high-level dimensions that the experimenter needs to carefully design in order to conduct an effective evaluation: (1) attack mechanism, (2) background traffic, (3) network topology (4) defense mechanism, (5) measurements and metrics. The methodology provides a sequence of well defined steps that guide the experimenter in defining and conducting the evaluation. In this paper, we briefly discuss the current state of art in each of these five dimensions of attack-defense evaluation and provide references for in-depth information. Section 2 discusses the distribution and activities of hosts involved in a DDoS attack for both current and future attacks. Section 3 discusses legitimate traffic workload creation using various types of background traffic generators. Section 4 discusses topological characteristics of the Internet and how they impact DDoS attack-defense evaluation. Section 5 discusses various types of defense technologies that can be evaluated using the methodology framework and lastly Section 6 discusses the necessary and sufficient set of measurements and metrics for evalu-