Fidelity of network simulation and emulation

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks

Full text

Pdf (619 KB)

Source

ACM Transactions on Modeling and Computer Simulation (TOMACS) archive
Volume 19 , Issue 1 (December 2008) table of contents

Article No. 4

Year of Publication: 2008

ISSN:1049-3301

Authors

Roman Chertov	Purdue University, West Lafayette, IN
Sonia Fahmy	Purdue University, West Lafayette, IN
Ness B. Shroff	Ohio State University, Columbus, OH

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 227, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456645.1456649 What is a DOI?

ABSTRACT

In this article, we investigate the differences between simulation and emulation when conducting denial of service (DoS) attack experiments. As a case study, we consider low-rate TCP-targeted DoS attacks. We design constructs and tools for emulation testbeds to achieve a level of control comparable to simulation tools. Through a careful sensitivity analysis, we expose difficulties in obtaining meaningful measurements from the DETER, Emulab, and WAIL testbeds with default system settings. We find dramatic differences between simulation and emulation results for DoS experiments. Our results also reveal that software routers such as Click provide a flexible experimental platform, but require understanding and manipulation of the underlying network device drivers. Our experiments with commercial Cisco routers demonstrate that they are highly susceptible to the TCP-targeted attacks when ingress/egress IP filters are used.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Shilpi Agarwal , Joel Sommers , Paul Barford, Scalable Network Path Emulation, Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, p.219-228, September 27-29, 2005 [doi>10.1109/MASCOT.2005.61]
	2	M. Allman , V. Paxson , W. Stevens, TCP Congestion Control, RFC Editor, 1999
	3	David G. Andersen, Mayday: distributed filtering for internet services, Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems, p.3-3, March 26-28, 2003, Seattle, WA
	4	R. Bajcsy , T. Benzel , M. Bishop , B. Braden , C. Brodley , S. Fahmy , S. Floyd , W. Hardaker , A. Joseph , G. Kesidis , K. Levitt , B. Lindell , P. Liu , D. Miller , R. Mundy , C. Neuman , R. Ostrenga , V. Paxson , P. Porras , C. Rosenberg , J. D. Tygar , S. Sastry , D. Sterne , S. F. Wu, Cyber defense technology networking and evaluation, Communications of the ACM, v.47 n.3, March 2004 [doi>10.1145/971617.971646]
	5	Bianco, A., Birke, R., Bolognesi, D., Finochietto, J., Galante, G., Mellia, M., Prashant, M., and Neri, F. 2005. Click vs. linux: Two efficient open-source IP network stacks for software routers. In IEEE Workshop on High Performance Switching and Routing.
	6	Chen, Y., Hwang, K., and Kwok, Y.-K. 2005. Collaborative defense against periodic shrew DDoS attacks in frequency domain. http://gridsec.usc.edu/files/TR/ACMTISSEC-LowRateAttack-May3-05.pdf.
	7	Chertov, R. 2005. Performance of a software link monitor. http://www.cs.purdue.edu/homes/rchertov/reports/click.pdf.
	8	Chertov, R., Fahmy, S., and Shroff, N. B. 2006. Emulation versus simulation: A case study of TCP-targeted denial of service attacks. In Proceedings of the 2nd International IEEE CreateNet Conference on Tesbeds and Research Infrastructures (TridentCom).
	9	Cisco Systems. 2006a. Cisco 3600 series router architecture. http://www.cisco.com/en/US/products/hw/routers/ps274/products_tech_no%te09186a00801e1155.shtml.
	10	Cisco Systems. 2006b. Cisco 7200 series router architecture. http://www.cisco.com/en/US/products/hw/routers/ps341/products_tech_no%te09186a0080094ea3.shtml.
	11	Cisco Systems. 2006c. Cisco routers. http://www.cisco.com/warp/public/cc/pd/rt/index.shtml.
	12	Cisco Systems. 2006d. How to choose the best router switching path for your network. http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper0%9186a00800a62d9.shtml.
	13	Cyclades Corporation. 2000. Cyclades-PC300: The Router Killer. http://www.cyclades.com/resources/?wp=6.
	14	Peter Druschel , Larry L. Peterson , Bruce S. Davie, Experiences with a high-speed network adaptor: a software perspective, Proceedings of the conference on Communications architectures, protocols and applications, p.2-13, August 31-September 02, 1994, London, United Kingdom
	15	S. Floyd , T. Henderson, The NewReno Modification to TCP's Fast Recovery Algorithm, RFC Editor, 1999
	16	Sally Floyd , Eddie Kohler, Internet research needs better models, ACM SIGCOMM Computer Communication Review, v.33 n.1, p.29-34, January 2003 [doi>10.1145/774763.774767]
	17	Mina Guirguis , Azer Bestavros , Ibrahim Matta, Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources, Proceedings of the 12th IEEE International Conference on Network Protocols, p.184-195, October 05-08, 2004
	18	Hubert, B. 2002. Linux Advanced Routing & Traffic Control HOWTO. http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.qdisc.classful.html.
	19	ImageStream Internet Solutions, Inc. 2006. ImageStream and Cisco comparison. http://www.imagestream.com/Cisco_Comparison.html.
	20	Ioannidis, J. and Bellovin, S. M. 2002. Implementing pushback: router-based defense against DDoS attacks. In NDSS.
	21	V. Jacobson, Congestion avoidance and control, Symposium proceedings on Communications architectures and protocols, p.314-329, August 16-18, 1988, Stanford, California, United States
	22	Cheng Jin , Haining Wang , Kang G. Shin, Hop-count filtering: an effective defense against spoofed DDoS traffic, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948116]
	23	Eddie Kohler , Robert Morris , Benjie Chen , John Jannotti , M. Frans Kaashoek, The click modular router, ACM Transactions on Computer Systems (TOCS), v.18 n.3, p.263-297, Aug. 2000 [doi>10.1145/354871.354874]
	24	James F. Kurose , Keith Ross, Computer Networking: A Top-Down Approach Featuring the Internet, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
	25	Aleksandar Kuzmanovic , Edward W. Knightly, Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany [doi>10.1145/863955.863966]
	26	Luo, X. and Chang, R. K. C. 2005. On a new class of pulsing denial-of-service attacks and the defense. In Network and Distributed System Security Symposium (NDSS).
	27	M. Mathis , J. Mahdavi , S. Floyd , A. Romanow, TCP Selective Acknowledgement Options, RFC Editor, 1996
	28	Mathis, M. and Reddy, R. 2006. Enabling high performance data transfers. http://www.psc.edu/networking/projects/tcptune/.
	29	Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004 [doi>10.1145/997150.997156]
	30	Jeffrey C. Mogul , K. K. Ramakrishnan, Eliminating receive livelock in an interrupt-driven kernel, ACM Transactions on Computer Systems (TOCS), v.15 n.3, p.217-252, Aug. 1997 [doi>10.1145/263326.263335]
	31	David Moore , Geoffrey M. Voelker , Stefan Savage, Inferring internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, p.2-2, August 13-17, 2001, Washington, D.C.
	32	MOSES Project. 2005. iSSF and iSSFNet network simulators. http://www.linklings.net/MOSES/?page=software.
	33	Jitendra Padhye , Victor Firoiu , Don Towsley , Jim Kurose, Modeling TCP throughput: a simple model and its empirical validation, Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication, p.303-314, August 31-September 04, 1998, Vancouver, British Columbia, Canada
	34	Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
	35	Rizzo, L. 2000. DummyNet. http://info.iet.unipi.it/~luigi/ip_dummynet/.
	36	Sangoma Technologies Corp. 2006. http://www.sangoma.com.
	37	Pasi Sarolahti , Alexey Kuznetsov, Congestion Control in Linux TCP, Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference, p.49-62, June 10-15, 2002
	38	Sirius Corporation. 2004. OSS network routers. http://www.siriusit.co.uk/index.php/documentation/internet_connectivity/routing.
	39	Haibin Sun , John C. S. Lui , David K. Y. Yau, Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection, Proceedings of the 12th IEEE International Conference on Network Protocols, p.196-205, October 05-08, 2004
	40	Tirumala, A. and et al. 2005. Iperf—the tcp/udp bandwidth measurement tool. http://dast.nlanr.net/Projects/Iperf/.
	41	UCB/LBNL/VINT Groups. 2005. UCB/LBNL/VINT Network Simulator. http://www.isi.edu/nsnam/ns/.
	42	David X. Wei , Pei Cao, NS-2 TCP-Linux: an NS-2 TCP implementation with congestion control algorithms from Linux, Proceeding from the 2006 workshop on ns-2: the IP network simulator, October 10-10, 2006, Pisa, Italy [doi>10.1145/1190455.1190463]
	43	Brian White , Jay Lepreau , Leigh Stoller , Robert Ricci , Shashi Guruprasad , Mac Newbold , Mike Hibler , Chad Barb , Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts [doi>10.1145/1060289.1060313]
	44	Yaar, A., Perrig, A., and Song, D. 2004. SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks. In Proceedings of IEEE Symposium on Security and Privacy.