ACM Transactions on Computer Systems (TOCS)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Persistent dropping: an efficient control of traffic aggregates
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
User-Centric Performance Analysis of Market-Based Cluster Batch Schedulers
CCGRID '02 Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid
The effect of latency on user performance in Warcraft III
NetGames '03 Proceedings of the 2nd workshop on Network and system support for games
The effects of loss and latency on user performance in unreal tournament 2003®
Proceedings of 3rd ACM SIGCOMM workshop on Network and system support for games
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Modeling Networking Protocols to Test Intrusion Detection Systems
LCN '04 Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Quantifying Skype user satisfaction
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A Framework for a Collaborative DDoS Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
A service architecture for ATM: from applications to scheduling
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
The exclusive goal of a Denial of Service (DoS) attack is to significantly degrade a network's service quality by introducing large or variable delays, excessive losses, and service interruptions. Conversely, the aim of any DoS defense is to neutralize this effect, and to quickly and fully restore service quality to levels acceptable to the users. DoS attacks and defenses have typically been studied by researchers via network simulation and live experiments in isolated testbeds. To objectively evaluate an attack's impact on network services, its severity and the effectiveness of a potential defense, we need a precise, quantitative and comprehensive DoS impact metrics that are applicable to any test scenario. Current evaluation approaches do not meet these goals. They commonly measure one or a few traffic parameters and determine attack's impact by comparing parameter value distributions in different tests. These approaches are customized to a particular test scenario, and they fail to monitor all traffic parameters that signal service degradation for diverse applications. Further, they are imprecise because they fail to map application quality-of-service (QoS) requirements into specific parameter thresholds. We propose a series of DoS impact metrics that measure the QoS experienced by end users during an attack. Our measurements and metrics are ideal for testbed experimentation. They are easily reproducible and the relevant traffic parameters are extracted from packet traces gathered at the source and the destination networks during an experiment. The proposed metrics consider QoS requirements for a range of applications and map them into measurable traffic parameters. We then specify thresholds for each relevant parameter that, when breached, indicate poor service quality. Service quality is derived by comparing measured parameter values with corresponding thresholds, and aggregated into a series of appropriate DoS impact metrics. We illustrate the proposed metrics using extensive live experiments, with a wide range of background traffic and attack variants. We successfully demonstrate that our metrics capture the DoS impact more precisely than the measures used in the past.