{"id":197,"date":"2023-10-30T16:23:01","date_gmt":"2023-10-30T16:23:01","guid":{"rendered":"https:\/\/www.isi.edu\/people-mirkovic\/?page_id=197"},"modified":"2023-10-30T18:33:50","modified_gmt":"2023-10-30T18:33:50","slug":"ddos-benchmarks","status":"publish","type":"page","link":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/","title":{"rendered":"DDoS Benchmarks"},"content":{"rendered":"\n\n\t<p>Many approaches have been proposed to handle DoS and DDoS attacks. These approaches address diverse aspects of these complex threats, such as attack prevention, detection or response. Still, there is not a common, comprehensive methodology to evaluate an impact of a DoS attack on a given network, or the performance of a given defense. Such a methodology is needed for the following reasons:<\/p>\n<ul>\n<li>To be able to protect systems from DDoS attacks, we need ways to characterize how dangerous the attack is, to estimate the potential damage\/cost from the attack to a specific network (with or without defense).<\/li>\n<li>Given many DDoS defenses, we need a common evaluation setting to evaluate and compare the performance of these defenses. These tests will also indicate a defense&#8217;s weak features that need improvement.<\/li>\n<\/ul>\n<p>This page describes our project on building a common methodology for DDoS defense evaluation. The project consists of: (1) DDoS benchmarks that represent a set of scenarios to be used for defense evaluation, (2) a set of performance metrics that characterize an attack&#8217;s impact and a defense&#8217;s performance and (3) A set of tools we used for benchmark development, integration of benchmarks with the DETER testbed and calculation of performance metrics from tcpdump traces collected during DDoS experimentation.<\/p>\n<section>\n    <h2>Publications<\/h2>\n<\/section>\n\t<ol>\n<li>Erinc Arikan,\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/thesis.pdf\" target=\"_blank\" rel=\"noopener\">Attack Profiling for DDoS Benchmarks<\/a>, MS Thesis, University of Delaware, August 2006.<\/li>\n<li>J. Mirkovic, B. Wilson, A. Hussain, S. Fahmy, P. Reiher, R. Thomas and S. Schwab,\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/deter-1.pdf\" target=\"_blank\" rel=\"noopener\">Automating DDoS Experimentation<\/a>, Proceedings of the DETER workshop, August 2007<\/li>\n<li>J. Mirkovic, A. Hussain, B. Wilson, S. Fahmy, P. Reiher, R. Thomas, W. Yao, and S. Schwab,\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/expcs-1.pdf\" target=\"_blank\" rel=\"noopener\">Towards User-Centric Metrics for Denial-Of-Service Measurement<\/a>, Proceedings of the Workshop on Experimental Computer Science, June 2007<\/li>\n<li>J. Mirkovic, S. Wei, A. Hussain, B. Wilson, R. Thomas, S. Schwab, S. Fahmy, R. Chertov and P. Reiher\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/tric.pdf\" target=\"_blank\" rel=\"noopener\"><i>DDoS Benchmarks and Experimenter&#8217;s Workbench for the DETER Testbed<\/i><\/a>, Proceedings of the Tridentcom 2007, May 2007.<\/li>\n<li>J. Mirkovic, A. Hussain, B. Wilson, S. Fahmy, W. Yao, P. Reiher, S. Schwab and R. Thomas\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/sigmetrics.pdf\" target=\"_blank\" rel=\"noopener\"><i>When Is Service Really Denied? A User-Centric DoS Metric<\/i><\/a>, Proceedings of the Sigmetrics 2007, June 2007<\/li>\n<li>J. Mirkovic, E. Arikan, S. Wei, S. Fahmy, R. Thomas, and P. Reiher\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/MilBench.pdf\" target=\"_blank\" rel=\"noopener\"><i>Benchmarks for DDoS Defense Evaluation<\/i><\/a>, Proceedings of the Milcom 2006, October 2006<\/li>\n<li>J. Mirkovic, P. Reiher, S. Fahmy, R. Thomas, A. Hussain, S. Schwab and C. Ko\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/qop20-mirkovic-1.pdf\" target=\"_blank\" rel=\"noopener\"><i>Measuring Denial-of-Service<\/i><\/a>, Proceedings of the 2006 Quality of Protection Workshop, October 2006<\/li>\n<li>J. Mirkovic, S. Fahmy, P. Reiher, R. Thomas, A. Hussain, S. Schwab, and C. Ko,\u00a0<a href=\"http:\/\/www.cs.purdue.edu\/homes\/fahmy\/emist\/abstracts\/metric.pdf\">Measuring Impact of DoS Attacks<\/a>, In Proceedings of the DETER Community Workshop on Cyber Security Experimentation, June 2006.<\/li>\n<li>J. Mirkovic, E. Arikan, S. Wei, S. Fahmy, R. Thomas, P. Reiher,\u00a0<a href=\"http:\/\/www.cs.purdue.edu\/homes\/fahmy\/emist\/abstracts\/benchmarks.pdf\">Benchmarks for DDoS Defense Evaluation<\/a>, In Proceedings of the DETER Community Workshop on Cyber Security Experimentation, June 2006<\/li>\n<li>R. Chertov, S. Fahmy, N. B. Shroff,\u00a0<a href=\"http:\/\/www.cs.purdue.edu\/homes\/fahmy\/emist\/abstracts\/fidelity.pdf\">High Fidelity Denial of Service (DoS) Experimentation<\/a>, In Proceedings of the DETER Community Workshop on Cyber Security Experimentation, June 2006.<\/li>\n<li>R. Chertov, S. Fahmy, P. Kumar, D. Bettis, A. Khreishah, N. B. Shroff,\u00a0<a href=\"http:\/\/www.cs.purdue.edu\/homes\/fahmy\/emist\/abstracts\/tools.pdf\">Topology Generation, Instrumentation, and Experimental Control Tools for Emulation Testbeds<\/a>, In Proceedings of the DETER Community Workshop on Cyber Security Experimentation, June 2006.<\/li>\n<li>A. Hussain, S. Schwab, R. Thomas, S. Fahmy, and J. Mirkovic,\u00a0<a href=\"http:\/\/www.cs.purdue.edu\/homes\/fahmy\/emist\/abstracts\/methodology.pdf\">DDoS Experiment Methodology<\/a>, In Proceedings of the DETER Community Workshop on Cyber Security Experimentation, June 2006.<\/li>\n<li>S. Wei, J. Mirkovic and E. Kissel,\u00a0<a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/DMI8155.pdf\" target=\"_blank\" rel=\"noopener\">Profiling and Clustering Internet Hosts<\/a>, Proceedings of the 2006 International Conference on Data Mining, June 2006<\/li>\n<\/ol>\n<section>\n    <h2>Tools and Reports<\/h2>\n<\/section>\n\t<ul>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/ddos-attack-list\/\">DDoS attack list<\/a><\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/ddos-attack-categorization\/\">DDoS attack categorization<\/a><\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/ddos-attack-tools\/\">DDoS attack tools<\/a><\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/ddos-defense-list-non-exhaustive\/\">DDoS defense list (non-exhaustive)<\/a><\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/aprof.tar.gz\">AProf<\/a>\u00a0tool for attack traffic sampling from tcpdump traces <\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/ltprof.tar.gz\">LTProf<\/a>\u00a0tool for legitimate traffic sampling from tcpdump traces <\/li>\n<li><a href=\"https:\/\/www.cs.purdue.edu\/homes\/fahmy\/software\/rf2ns\/index.html\" target=\"_blank\" rel=\"noopener\">NetProf<\/a>\u00a0tools for topology sample collection<\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/dosmetric.tar.gz\">Dosmetric<\/a>\u00a0tool for DoS impact measurement from tcpdump traces <\/li>\n<li><a href=\"https:\/\/www.isi.edu\/people-mirkovic\/wp-content\/uploads\/sites\/52\/2023\/10\/SB.tar.gz\">SEER<\/a>\u00a0GUI integrated with benchmarks <\/li>\n<\/ul>\n\n","protected":false},"excerpt":{"rendered":"<p>Many approaches have been proposed to handle DoS and DDoS attacks. These approaches address diverse aspects of these complex threats, such as attack prevention, detection or response. Still, there is not a common, comprehensive methodology to evaluate an impact of a DoS attack on a given network, or the performance of a given defense. Such&hellip;<\/p>\n","protected":false},"author":421,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"news_source":"","news_author":"","external_news_link":"","footnotes":""},"class_list":["post-197","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DDoS Benchmarks - Jelena Mirkovic<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DDoS Benchmarks - Jelena Mirkovic\" \/>\n<meta property=\"og:description\" content=\"Many approaches have been proposed to handle DoS and DDoS attacks. These approaches address diverse aspects of these complex threats, such as attack prevention, detection or response. Still, there is not a common, comprehensive methodology to evaluate an impact of a DoS attack on a given network, or the performance of a given defense. Such&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/\" \/>\n<meta property=\"og:site_name\" content=\"Jelena Mirkovic\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-30T18:33:50+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/ddos-benchmarks\\\/\",\"url\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/ddos-benchmarks\\\/\",\"name\":\"DDoS Benchmarks - Jelena Mirkovic\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/#website\"},\"datePublished\":\"2023-10-30T16:23:01+00:00\",\"dateModified\":\"2023-10-30T18:33:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/ddos-benchmarks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/ddos-benchmarks\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/ddos-benchmarks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DDoS Benchmarks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/#website\",\"url\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/\",\"name\":\"Jelena Mirkovic\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.isi.edu\\\/people-mirkovic\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DDoS Benchmarks - Jelena Mirkovic","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/","og_locale":"en_US","og_type":"article","og_title":"DDoS Benchmarks - Jelena Mirkovic","og_description":"Many approaches have been proposed to handle DoS and DDoS attacks. These approaches address diverse aspects of these complex threats, such as attack prevention, detection or response. Still, there is not a common, comprehensive methodology to evaluate an impact of a DoS attack on a given network, or the performance of a given defense. Such&hellip;","og_url":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/","og_site_name":"Jelena Mirkovic","article_modified_time":"2023-10-30T18:33:50+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/","url":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/","name":"DDoS Benchmarks - Jelena Mirkovic","isPartOf":{"@id":"https:\/\/www.isi.edu\/people-mirkovic\/#website"},"datePublished":"2023-10-30T16:23:01+00:00","dateModified":"2023-10-30T18:33:50+00:00","breadcrumb":{"@id":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.isi.edu\/people-mirkovic\/ddos-benchmarks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.isi.edu\/people-mirkovic\/"},{"@type":"ListItem","position":2,"name":"DDoS Benchmarks"}]},{"@type":"WebSite","@id":"https:\/\/www.isi.edu\/people-mirkovic\/#website","url":"https:\/\/www.isi.edu\/people-mirkovic\/","name":"Jelena Mirkovic","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.isi.edu\/people-mirkovic\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/pages\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":0,"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/pages\/197\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.isi.edu\/people-mirkovic\/wp-json\/wp\/v2\/media?parent=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}