Towards Understanding the Global Behavior of DDoS Attacks - A Framework for Distributed Attack Detection and Beyond

Distributed Denial-of-Service attacks pose unpredictable threats to the Internet infrastructure and Internet-based business. Therefore, many attack detection systems and anomaly detection methods were developed in the past. The development and implementation of such methods are challenging and time consuming. Furthermore, a realistic evaluation of these mechanisms and comparable results are impossible up to now. Therefore, we developed the Distack framework for attack detection which allows an easy integration of various detection methods as lightweight modules. These modules can be combined easily and arbitrarily, and therefore allow for high flexibility. Additionally, our framework can be applied in different runtime environments transparently. This enables an easy evaluation with meaningful and comparable results based on realistic large-scale scenarios, e. g. by using a network simulator. This talk gives an overview of the Distack framework and the simulation toolkit we developed for giving a base on the way towards a global understanding of DDoS attacks.