On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Why we don't know how to simulate the Internet
Proceedings of the 29th conference on Winter simulation
Self-similarity in World Wide Web traffic: evidence and possible causes
IEEE/ACM Transactions on Networking (TON)
On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
FIDRAN: A Flexible Intrusion Detection and Response Framework for Active Networks
ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
BRITE: An Approach to Universal Topology Generation
MASCOTS '01 Proceedings of the Ninth International Symposium in Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Power laws and the AS-level internet topology
IEEE/ACM Transactions on Networking (TON)
A first-principles approach to understanding the internet's router-level topology
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A first look at modern enterprise traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
TopGen - internet router-level topology generation based on technology constraints
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Realistic simulation environments for IP-based networks
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Distack -- A Framework for Anomaly-Based Large-Scale Attack Detection
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Enabling OMNeT++-based simulations on grid systems
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Large-scale evaluation of distributed attack detection
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
HttpTools: a toolkit for simulation of web hosts in OMNeT++
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Trends and differences in connection-behavior within classes of internet backbone traffic
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Simulation of internet DDoS attacks and defense
ISC'06 Proceedings of the 9th international conference on Information Security
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
| Hi-index | 0.00 |
Large-scale attacks such as distributed denial-of-service (DDoS) attacks present to be an increasing threat to the networks and business of service providers in todayâ聙聶s Internet. In order to defend against such attacks, the development and deployment of effective anomaly and attack detection mechanisms are necessary. Testbeds and real networks do, however, not provide feasible means for the large-scale evaluation of such mechanisms. In order to gain a deeper understanding of the effectiveness of distributed attack detection mechanisms, simulations are essential. Simulative evaluation of such mechanisms, however, is a challenging task that has mostly been ignored until now. In this paper, we therefore present a toolchain for the large-scale evaluation of distributed attack detection based on the network simulator OMNeT++. In particular, we focus on: (1) realistic simulation environments in terms of topology, traffic and attack generation; (2) transparent operation of attack detection mechanisms in real and simulated environments; and (3) performance measurements with respect to execution time and memory usage.