Simulative evaluation of distributed attack detection in large-scale realistic environments

Abstract

Large-scale attacks such as distributed denial-of-service (DDoS) attacks present to be an increasing threat to the networks and business of service providers in today’s Internet. In order to defend against such attacks, the development and deployment of effective anomaly and attack detection mechanisms are necessary. Testbeds and real networks do, however, not provide feasible means for the large-scale evaluation of such mechanisms. In order to gain a deeper understanding of the effectiveness of distributed attack detection mechanisms, simulations are essential. Simulative evaluation of such mechanisms, however, is a challenging task that has mostly been ignored until now. In this paper, we therefore present a toolchain for the large-scale evaluation of distributed attack detection based on the network simulator OMNeT++. In particular, we focus on: (1) realistic simulation environments in terms of topology, traffic and attack generation; (2) transparent operation of attack detection mechanisms in real and simulated environments; and (3) performance measurements with respect to execution time and memory usage.