Open Access  Subscription or Fee Access

In this paper, we propose a novel, user-centric approach to DoS impact measurement. Our key insight is that DoS always causes degradation of service quality, and a metric that holistically captures a human user’s QoS perception will be applicable to all test scenarios. For each popular application, we specify its QoS requirements, consisting of relevant traffic measurements and corresponding thresholds that define good service ranges. We observe traffic as a collection of high-level tasks, called “transactions”. Each legitimate transaction is evaluated against its application’s QoS requirements; transactions that do not meet all the requirements are considered “failed.” We aggregate information about transaction failure into several intuitive qualitative and quantitative composite metrics to expose the precise interaction of the DoS attack with the legitimate traffic. 

Network-Level Security and Protection, Communication/Networking and Information Technology, Computer Systems Organization, Measurement Techniques, Performance of Systems.

Jelena Mirkovic, Member, IEEE, Alefiya Hussain, Sonia Fahmy, Senior Member, IEEE, Peter Reiher, Member, IEEE, and Roshan K. Thomas “] Accurately Measuring Denial of Service in Simulation and Testbed Experiments” ,IEEE transactions on Dependable and secure commuting,June-2009.

Yaar, A. Perrig, and D. Song, “SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks,” Proc. IEEE Symp.Security and Privacy (S&P), 2004.

Kuzmanovic and E.W. Knightly, “Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew versus the Mice and Elephants),” Proc. ACM SIGCOMM ’03, Aug. 2003.

M. Guirguis, A. Bestavros, and I. Matta, “Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources,” Proc. 12th IEEE Int’l Conf. Network Protocols (ICNP ’04), Oct. 2004.

CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, CERT CC, http://www.cert.org/ advisories/ CA-1996- 21.html, 1996.

S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-Sale: Surviving Organized DDoS Attacks that Mimic Flash Crowds,” Proc. Second Symp. Networked Systems Design and Implementation(NSDI), 2005.

H. Jamjoom and K. Shin, “Persistent Dropping: A Efficient Control of Traffic Aggregates,” Proc. ACM SIGCOMM, 2003.

X. Yang, D. Wetherall, and T. Anderson, “A DoS-Limiting Network Architecture,” Proc. ACM SIGCOMM, 2005.

R. Mahajan, S.M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” ACM Computer Comm. Rev., July 2001.

Stavrou, A.D. Keromytis, J. Nieh, V. Misra, and D. Rubenstein, “MOVE: An End-to-End Solution to Network Denial of Service,”Proc. Symp. Network and Distributed System Security (NDSS), 2005.

G. Oikonomou, J. Mirkovic, P. Reiher, and M. Robinson, “A Framework for Collaborative DDoS Defense,” Proc. 11th Asia- Pacific Computer Systems Architecture Conf. (ACSAC ’06), Dec. 2006.

Cooperative Association for Internet Data Analysis, CAIDA Web page, http://www.caida.org, 2008.

MAWI Working Group Traffic Archive, WIDE Project, http:// tracer.csl.sony.co.jp/mawi/, 2008.

“QoS Performance requirements for UMTS,” The Third Generation Partnership Project (3GPP), Nortel Networks,http://www.3gpp.org/ftp/tsg_sa/ WG1_Serv/ TSGS1_03-HCourt/Docs/Docs/s1- 99362.pdf, 2008.

N. Bhatti, A. Bouch, and A. Kuchinsky, “Quality is in the Eye of the Beholder: Meeting Users’ Requirements for Internet Quality of Service,” Technical Report HPL-2000-4, Hewlett Packard, 2000.

L. Yamamoto and J.G. Beerends, “Impact of Network Performance Parameters on the End-to-End Perceived Speech Quality,” Proc. EXPERT ATM Traffic Symp., Sept. 1997.

T. Beigbeder, R. Coughlan, C. Lusher, J. Plunkett, E. Agu, and M. Claypool, “The Effects of Loss and Latency on User Performance in Unreal Tournament 2003,” Proc. ACM Network and System Support for Games Workshop (NetGames), 2004.

N. Sheldon, E. Girard, S. Borg, M. Claypool, and E. Agu, “The Effect of Latency on User Performance in Warcraft III,” Proc. ACM Network and System Support for Games Workshop (NetGames), 2003.

B.N. Chun and D.E. Culler, “User-Centric Performance Analysis of Market-Based Cluster Batch Schedulers,” Proc. Second IEEE Int’l Symp. Cluster Computing and the GridProc. Second IEEE/ACM Int’l Conf. Cluster Computing and the Grid (CCGRID ’02), May 2002.

J. Ash, M. Dolly, C. Dvorak, A. Morton, P. Taraporte, and Y.E. Mghazli, Y.1541-QOSM—Y.1541 QoS Model for Networks Using Y.1541 QoS Classes, NSIS Working Group, Internet Draft, work in progress, May 2006.

www.opnet.com

The Transport Modeling Research Group’s Web Page, IRTF TMRG Group, http://www.icir.org/tmrg/, 2008.

Transaction Processing Performance Council, TPC Benchmarks, http://www.tpc.org/information/benchmarks.asp, 2008.

Wikipedia, the Free Encyclopedia, http://www.wikipedia.com,2008.

The Third Generation Partnership Project (3GPP), 3GPP, 2008.