Title :
Measuring Defense Systems Against Flooding Attacks
Author :
Bellaïche, Martine ; Grégoire, Jean-Charles
Author_Institution :
Genie Inf., Ecole Polytech. de Montreal, Montreal, QC
Abstract :
Denial of service (DoS) attacks strive to deny service access to legitimate users. A flooding attack uses massive volumes of otherwise useless traffic to occupy all the resources of a service, or the bandwidth of the network access links. There are many techniques, some implemented in commercial products, which are supposed to protect services against DDoS attacks. Our main contribution in this paper is to present a set of methods, together with their well-known related metrics, for evaluating defence systems against flooding attacks, and thus be able to compare them. We propose and justify that it is important to measure a defence system on several aspects: performance evaluation, deployment costs, degradation and robustness costs, both under and without attacks. We introduce composite metrics to measure the performance and the costs. Finally, another contribution is to proposed guidelines for a testing methodology. This methodology identifies all experiments required for collecting all the metrics and associated costs.
Keywords :
telecommunication network management; telecommunication security; composite metrics; defence systems; degradation and robustness costs; denial of service attacks; deployment costs; flooding attacks; performance evaluation; testing methodology; Bandwidth; Computer crime; Costs; Degradation; Floods; Guidelines; Protection; Robustness; Telecommunication traffic; Testing;
Conference_Titel :
Wireless Communications and Mobile Computing Conference, 2008. IWCMC '08. International
Conference_Location :
Crete Island
Print_ISBN :
978-1-4244-2201-2
Electronic_ISBN :
978-1-4244-2202-9
DOI :
10.1109/IWCMC.2008.104
