Homeland Security Grant:
(June 05 to May 07)
Delaware PI: Jelena Mirkovic, Computer & Info.
PI: Peter Reiher , Laboratory for Advanced
two-year research effort is headed up by the University
Delaware with subcontracts to UCLA, Purdue University, and McAfee
Research. The focus of this work is to develop a common
evaluation methodology for DDoS defense systems to enable independent
evaluations and comparisons. This methodology will consist of:
- A benchmark suite that
will define all the necessary elements needed to recreate typical DDoS
attack scenarios in a testbed setting.
- A set
metrics that expresses a
defense system's effectiveness, cost and
evaluation methodology will provide means of
ability of a given DDoS defense to defend against today's threats, and
the potential damage to a given target network (with or without
defense) from these threats. The benchmark suite will be further
enriched with two additional benchmark categories: future
scenarios which will contain sophisticated attack scenarios. and
stress-test scenarios which will contain attacks targeting specific
critical network resources that are being developed in a related
effort. Further, we will provide tools to update benchmarks
as attacks and network-use patterns evolve in the real Internet.
testing methodology that provides guidelines on using benchmarks
and summarizing and interpreting performance measures.
specific tasks earmarked for UCLA are:
- Examine internals of
numerous networks to generate realistic topology specifications.
We will accomplish this using available tools such as SMW developed at
University of Washington; Internet maps and routing respositories such
as Oregon RouteViews, RIPE, CAIDA Skitter; and tools from the PREDICT
project. We will develop a NetProf
tool that engages topology-mapping and network-mapping software and
summarizes results from the software in a manner that does not
divulge the identiy and detailed internal organization of the mapped
network. We will work with universities, companies and ISPs
to apply NetProf on their
measures to be
used in combination to evaluate DDoS defense systems. The
selection of the measures that best characterize DDoS impact on a
network and DDoS defense effectiveness will be our focus. These
can include: legitimate traffic service level, attack detection,
attack response, false positives, deployment cost, operation cost,
overall effect and security.