A framework for generating realistic traffic for distributed denial-of-service attacks and flash events

Bhatia, Sajal, Schmidt, Desmond, Mohay, George, & Tickle, Alan (2014) A framework for generating realistic traffic for distributed denial-of-service attacks and flash events. Computers and Security, 40, pp. 95-107.

View at publisher


An intrinsic challenge associated with evaluating proposed techniques for detecting Distributed Denial-of-Service (DDoS) attacks and distinguishing them from Flash Events (FEs) is the extreme scarcity of publicly available real-word traffic traces. Those available are either heavily anonymised or too old to accurately reflect the current trends in DDoS attacks and FEs. This paper proposes a traffic generation and testbed framework for synthetically generating different types of realistic DDoS attacks, FEs and other benign traffic traces, and monitoring their effects on the target. Using only modest hardware resources, the proposed framework, consisting of a customised software traffic generator, ‘Botloader’, is capable of generating a configurable mix of two-way traffic, for emulating either large-scale DDoS attacks, FEs or benign traffic traces that are experimentally reproducible. Botloader uses IP-aliasing, a well-known technique available on most computing platforms, to create thousands of interactive UDP/TCP endpoints on a single computer, each bound to a unique IP-address, to emulate large numbers of simultaneous attackers or benign clients.

Impact and interest:

12 citations in Scopus
Search Google Scholar™
5 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 88692
Item Type: Journal Article
Refereed: Yes
Keywords: Synthetic traffic generation; DDoS attacks; Flash Events; IP-aliasing; Testbed framework
DOI: 10.1016/j.cose.2013.11.005
ISSN: 0167-4048
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Deposited On: 03 Nov 2015 22:46
Last Modified: 04 Nov 2015 01:34

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page