Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks

Authors:
Roman Chertov;Sonia Fahmy;Ness B. Shroff
Affiliations:
Purdue University, West Lafayette, IN;Purdue University, West Lafayette, IN;Ohio State University, Columbus, OH
Venue:
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Year:
2009

Citing 20
Cited 7

Congestion avoidance and control

SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Experiences with a high-speed network adaptor: a software perspective

SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
Eliminating receive livelock in an interrupt-driven kernel

ACM Transactions on Computer Systems (TOCS)
Modeling TCP throughput: a simple model and its empirical validation

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
The click modular router

ACM Transactions on Computer Systems (TOCS)
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Computer Networking: A Top-Down Approach Featuring the Internet

Computer Networking: A Top-Down Approach Featuring the Internet
Congestion Control in Linux TCP

Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Internet research needs better models

ACM SIGCOMM Computer Communication Review
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Hop-count filtering: an effective defense against spoofed DDoS traffic

Proceedings of the 10th ACM conference on Computer and communications security
Cyber defense technology networking and evaluation

Communications of the ACM - Homeland security
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
An integrated experimental environment for distributed systems and networks

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Scalable Network Path Emulation

MASCOTS '05 Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
NS-2 TCP-Linux: an NS-2 TCP implementation with congestion control algorithms from Linux

WNS2 '06 Proceeding from the 2006 workshop on ns-2: the IP network simulator
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mayday: distributed filtering for internet services

USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4

Qualitative comparison of link shaping techniques

International Journal of Communication Networks and Distributed Systems
Forwarding devices: From measurements to simulations

ACM Transactions on Modeling and Computer Simulation (TOMACS)
Beyond simulation: large-scale distributed emulation of P2P protocols

CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Towards an experimental testbed facility for cyber-physical security research

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Characterizing DDoS attack distributions from emulation based experiments on DETER testbed

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Experimentation made easy with the AMazING panel

Proceedings of the seventh ACM international workshop on Wireless network testbeds, experimental evaluation and characterization
A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this article, we investigate the differences between simulation and emulation when conducting denial of service (DoS) attack experiments. As a case study, we consider low-rate TCP-targeted DoS attacks. We design constructs and tools for emulation testbeds to achieve a level of control comparable to simulation tools. Through a careful sensitivity analysis, we expose difficulties in obtaining meaningful measurements from the DETER, Emulab, and WAIL testbeds with default system settings. We find dramatic differences between simulation and emulation results for DoS experiments. Our results also reveal that software routers such as Click provide a flexible experimental platform, but require understanding and manipulation of the underlying network device drivers. Our experiments with commercial Cisco routers demonstrate that they are highly susceptible to the TCP-targeted attacks when ingress/egress IP filters are used.