|
DARPA
Homeland Security Grant:
FA8750-05-2-0197
(June 05 to May 07)
Univ.
Delaware PI: Jelena Mirkovic, Computer & Info.
Sciences Dept.
UCLA
PI: Peter Reiher , Laboratory for Advanced
Systems
Research (LASR)
This
two-year research effort is headed up by the University
of
Delaware with subcontracts to UCLA, Purdue University, and McAfee
Research. The focus of this work is to develop a common
evaluation methodology for DDoS defense systems to enable independent
evaluations and comparisons. This methodology will consist of:
- A benchmark suite that
will define all the necessary elements needed to recreate typical DDoS
attack scenarios in a testbed setting.
- A set
of performance
metrics that expresses a
defense system's effectiveness, cost and
security.
- Specification
of a
testing methodology that provides guidelines on using benchmarks
and summarizing and interpreting performance measures.
This basic
evaluation methodology will provide means of
assessing the
ability of a given DDoS defense to defend against today's threats, and
the potential damage to a given target network (with or without
defense) from these threats. The benchmark suite will be further
enriched with two additional benchmark categories: future
scenarios which will contain sophisticated attack scenarios. and
stress-test scenarios which will contain attacks targeting specific
critical network resources that are being developed in a related
effort. Further, we will provide tools to update benchmarks
as attacks and network-use patterns evolve in the real Internet.
The
specific tasks earmarked for UCLA are:
- Examine internals of
numerous networks to generate realistic topology specifications.
We will accomplish this using available tools such as SMW developed at
the
University of Washington; Internet maps and routing respositories such
as Oregon RouteViews, RIPE, CAIDA Skitter; and tools from the PREDICT
project. We will develop a NetProf
tool that engages topology-mapping and network-mapping software and
summarizes results from the software in a manner that does not
divulge the identiy and detailed internal organization of the mapped
network. We will work with universities, companies and ISPs
to apply NetProf on their
networks.
- Develop
measures to be
used in combination to evaluate DDoS defense systems. The
selection of the measures that best characterize DDoS impact on a
network and DDoS defense effectiveness will be our focus. These
can include: legitimate traffic service level, attack detection,
attack response, false positives, deployment cost, operation cost,
overall effect and security.
|