DDoS Testbed

  • D. Schmidt
  • S. M. Shalinie


Testing for denial of service vulnerabilities, the effects of attacks and mitigation strategies all require the construction of a dedicated testbed facility. Although the tools for launching such attacks are widely available, for example the Stacheldraht, Trinoo and Phatbot tools [15, p. 87], and although the attacks themselves are well understood, the simulation on a small scale in the laboratory of a large and complex system (the Internet) is fraught with difficulty.


Virtual Machine Physical Machine Traffic Source Background Traffic Simple Network Management Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    The Swiss Education and Research Network. 2001. Default TTL values in TCP/IP. Accessed 1 Feb 2011.
  2. 2.
    The Network Simulator – ns-2. 2011. Accessed 1 Feb 2011.
  3. 3.
    Apache. 2011. Apache flood.
  4. 4.
    Benzel, T., B. Braden, T. Faber, J. Mircovic, S. Schwab, K. Sollins, and J. Wroclawski. 2009. Current developments in DETER cybersecurity testbed technology. In Proceedings of the Cybersecurity Applications and Technology Conference For Homeland Security (CATCH 2009), Washington, Mar 2009.Google Scholar
  5. 5.
    Benzel, T., R. Braden, D. Kim, C. Neuman, A. Joseph, K. Sklower, R. Ostrenga, and S. Schwab. 2007. Design, deployment, and use of the DETER testbed. In DETER Community Workshop on Cyber-Security and Test, Berkeley, Aug 2007.Google Scholar
  6. 6.
    Beverly, R. and K. Sollins. 2008. An internet protocol address clustering algorithm. In Proceedings of USENIX Tackling Computer Systems Problems with Machine Learning Techniques, San Diego, Dec 2008.Google Scholar
  7. 7.
    Blackert, W.J., D.M. Gregg, A.K. Castner, R.L. Hom, R.M. Jokerst, and E.M. Kyle. 2003. Distributed denial of service defense attack tradeoff analysis (DDOS-DATA) demonstration overview. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’03), vol. II, 66–67, Apr 2003.Google Scholar
  8. 8.
    Botta, A., A. Dainotti, and A. Pescape. 2007. Multi-protocol and multi-platform traffic generation and measurement. In INFOCOM 2007 DEMO Session, Alaska, May 2007.Google Scholar
  9. 9.
    Calvet, J., J.M. Fernandez, P.-M. Bureau, and J.-Y. Marion. 2010. Large-scale malware experiments why, how, and so what? In Proceedings of Virus Bulletin Conference, 241–247, Sept 2010.Google Scholar
  10. 10.
    Gelenbe, E., M. Gellman, and G. Loukas. 2005. An autonomic approach to denial of service defence. In Proceedings of the Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks, 537–541, 2005.Google Scholar
  11. 11.
    Huang, Y.I., J.D. Tygar, H.Y. Lin, L.Y. Yeh, H.Y. Tsai, K. Sklower, S.P. Shieh, C.C. Wu, P.H. Lu, S.Y. Chien, Z.S. Lin, L.W. Hsu, C.W. Hsu, C.T. Hsu, Y.C. Wu, and M.S. Leong. 2008. SWOON: A testbed for secure wireless overlay networks. In CSNET ’08 Workshop on Cyber Security Experimentation and Test, Berkeley, July 2008.Google Scholar
  12. 12.
    Iakobashvili, R. and M. Moser. 2007. Curl-loader. Accessed 11 Jan 2011.
  13. 13.
    Jin, C., H. Wang, and K.G. Shin. 2003. Hop-count filtering: An effective defense against spoofed traffic. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, 30–41, Oct 2003.Google Scholar
  14. 14.
    Kotenko, I.V. and A.V. Ulanov. 2006. Software testbed and experiments for exploring counteraction of attack and defense agents in the internet. In Proceedings of the International Security and Counteracting Terrorism Conference, 80–93, Lomonosov Moscow State University Intellectual Center, 2006.Google Scholar
  15. 15.
    Mirkovic, J., S. Dietrich, D. Dittrich, and P. Reiher. 2005. Internet denial of service attack and defense mechanisms. Upper Saddle River: Prentice Hall.Google Scholar
  16. 16.
    Mirkovic, J., S. Fahmy, P. Reiher, and R.K. Thomas. 2009. How to test DoS defenses. In Cybersecurity Applications and Technology Conference for Homeland Security, 103–117, Washington, 2009.Google Scholar
  17. 17.
    Mirkovic, J., A. Hussain, B. Wilson, S. Fahmy, P. Reiher, R. Thomas, W.-M. Yao, and S. Schwab. 2007. Towards user-centric metrics for denial-of-service measurement. In Proceedings of the 2007 Workshop on Experimental Computer Science, San Diego, Jun 2007.Google Scholar
  18. 18.
    Mirkovic, J., B. Wilson, A. Hussain, S. Fahmy, P. Reiher, R. Thomas, and S. Schwab. 2007. Automating DDoS experimentation. In Deter Community Workshop on Cyber Security Experimentation and Testing, Jul 2007.Google Scholar
  19. 19.
    Mosberger, D. and T. Jin. 1998. httperf: A tool for measuring web server performance. Performance Evaluation Review 26(3): 31–37.CrossRefGoogle Scholar
  20. 20.
    Rajab, M.A., J. Zarfoss, F. Monrose, and A. Terzis. 2007. My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In HotBots’07 Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, Apr 2007.Google Scholar
  21. 21.
    Salah, K., K. El-Badawi, and F. Haidari. 2007. Performance analysis and comparison of interrupt-handling schemes in gigabit networks. Computer Communications 30: 3425–3441.CrossRefGoogle Scholar
  22. 22.
    Schmidt, D., S. Suriadi, A. Tickle, A. Clark, G. Mohay, E. Ahmed, and J. Mackie. 2010. A distributed denial of service testbed. In What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience. Proceedings of 1st IFIP TC 11 International Conference, CIP 2010 Held as Part of WCC 2010, eds. Australia, J. Berleur, M.D. Hercheui, and L.M. Hilty, 338–349, Sept 2010.Google Scholar
  23. 23.
    Schwab, S., B. Wilson, C. Ko, and A. Hussain. 2007. SEER: A security experimentation enviRonment for DETER. Accessed 16 Feb 2011.
  24. 24.
    Sommers, J. and P. Barford. 2004. Self-configuring network traffic generation. In Proceedings of ACM Internet Measurement Conference, Sicily, Oct 2004.Google Scholar
  25. 25.
    Stone-Gross, B. 2009. Your botnet is my botnet: Analysis of a botnet takeover. In Proceedings of the ACM CCS, 635–647, Chicago, 9–13 Nov 2009.Google Scholar
  26. 26.
    Swain, B.R. and B. Sahoo. 2009. Mitigating DDOS attack and saving computational time using a probabilistic approach and HCF method. In IEEE International Advanced Computing Conference (IACC2009), 1170–1172, 6–7 Mar 2009.Google Scholar
  27. 27.
    Ting, Y.A., D. Ma, and K. Levitt. 2005. NTGC: A tool for network traffic generation control and coordination. Accessed 16 Feb 2011.
  28. 28.
    Wang, H., C. Jin, and K.G. Shin. 2007. Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Transactions on Networking 15(1): 40–53.CrossRefGoogle Scholar
  29. 29.
    White, B., J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar. 2002. An integrated experimental environment for distributed systems and networks. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, 255–270, New York, Dec 2002.Google Scholar
  30. 30.
    Wu, Z. and Z. Chen. 2006. A three-layer defense mechanism based on web servers against distributed denial of service attacks. In First International Conference on Communications and Networking in China, 1–5, 2006.Google Scholar

Copyright information

© Springer India Pvt. Ltd. 2011

Authors and Affiliations

  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia
  2. 2.Thiagarajar College of EngineeringMaduraiIndia

Personalised recommendations