2006 USENIX Annual Technical Conference Abstract
Pp. 157170 of the Proceedings
Reval: A Tool for Real-time Evaluation of DDoS Mitigation Strategies
Rangarajan Vasudevan and Z. Morley Mao, University of Michigan; Oliver Spatscheck and Jacobus van der Merwe, AT&T LabsResearch
Abstract
There is a growing number of DDoS attacks on the Internet,
resulting in significant impact on
users. Network operators today have little access to scientific means to effectively deal
with these attacks in real time. The need of the hour is a tool to accurately
assess the impact of attacks and more importantly identify feasible
mitigation responses enabling real-time decision making.
We designed and implemented Reval, a tool that reports DDoS
attack impact in real time, scaling to large networks. This is
achieved by modeling resource constraints of network elements and
incorporating routing information.
We demonstrate the usefulness of the tool on two real network
topologies using empirical traffic data and examining real attack
scenarios. Using data from a tier-1 ISP network (core, access and customer
router network) of size in excess of 60000 nodes, Reval models
network conditions with close
to 0.4 million traffic flows in about 11 seconds, and evaluates a
given mitigation deployment chosen from a sample set in about 35
seconds. Besides real-time decision support, we show how the
simulator can also be used in longer term network planning to identify
where and how to upgrade the network to improve network
resilience. The tool is applicable for networks of any size
and can be used to analyze other network anomalies like flash
crowds.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until June 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|