A user-centric metric for denial-of-service measurement

  • Authors:

  • Jelena Mirkovic;Alefiya Hussain;Brett Wilson;Sonia Fahmy;Peter Reiher;Roshan Thomas;Wei-Min Yao;Stephen Schwab

  • Affiliations:

  • University of Delaware;SPARTA, Inc.;SPARTA, Inc.;Purdue University;UCLA;SPARTA, Inc.;Purdue University;SPARTA, Inc.

  • Venue:
  • ecs'07 Experimental computer science on Experimental computer science
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

The exclusive goal of a Denial of Service (DoS) attack is to significantly degrade a network's service quality by introducing large or variable delays, excessive losses, and service interruptions. Conversely, the aim of any DoS defense is to neutralize this effect, and to quickly and fully restore service quality to levels acceptable to the users. DoS attacks and defenses have typically been studied by researchers via network simulation and live experiments in isolated testbeds. To objectively evaluate an attack's impact on network services, its severity and the effectiveness of a potential defense, we need a precise, quantitative and comprehensive DoS impact metrics that are applicable to any test scenario. Current evaluation approaches do not meet these goals. They commonly measure one or a few traffic parameters and determine attack's impact by comparing parameter value distributions in different tests. These approaches are customized to a particular test scenario, and they fail to monitor all traffic parameters that signal service degradation for diverse applications. Further, they are imprecise because they fail to map application quality-of-service (QoS) requirements into specific parameter thresholds. We propose a series of DoS impact metrics that measure the QoS experienced by end users during an attack. Our measurements and metrics are ideal for testbed experimentation. They are easily reproducible and the relevant traffic parameters are extracted from packet traces gathered at the source and the destination networks during an experiment. The proposed metrics consider QoS requirements for a range of applications and map them into measurable traffic parameters. We then specify thresholds for each relevant parameter that, when breached, indicate poor service quality. Service quality is derived by comparing measured parameter values with corresponding thresholds, and aggregated into a series of appropriate DoS impact metrics. We illustrate the proposed metrics using extensive live experiments, with a wide range of background traffic and attack variants. We successfully demonstrate that our metrics capture the DoS impact more precisely than the measures used in the past.