Design And Implementation Of DDoS Attack And Defense Testbed

DDoS (Distributed Denial of Service) attack is one of the most serious threatens to the Internet. It uses many widely distributed zombies to perform coordinated attacks, disrupting legitimate users' communication.Much research has been done on DDoS, including almost every side of DDoS: early prevention, attack detection, attack defense, and traceback after attack. Researchers have published many papers on DDoS defense measures, such as Traceback, Pi, PacketScore, etc. There are also many commercial systems, such as Cisco Guide XT, Mazu Enforce, DefCOM, Collapsar, etc. But for different DDoS attacks, there aren't systematic criterions to evaluate their damage; for different DDoS defense measures and systems, it's hard to evaluate their defense effectiveness.In order to set up a DDoS attack and defense test bed, this paper proposes the design of a DDoS test bed, which is comprised of 6 modules: background traffic generation module, attack traffic generation module, data acquisition module, evaluation and display module, network topology configuration module, and control module. Background and attack traffic generation module can produce prolific background and attack traffic, which gives supports for DDoS experiments; Data acquisition module provides data acquisition and data process. Evaluation and display module displays experiment results. Network topology configuration module configures the network of experiment, and control module configures experiment setting. These two modules make the test bed convenient and controllable. The test bed provides hardware and software environment for DDoS experiment. Based on this test bed, we can start various DDoS attacks and defense experiments, do in-depth research with DDoS.Two experiments have been finished on the test bed: TCP synflood and syncookie experiment, and DDoS defense based on statistical analysis experiment. These experiments show that the test bed can be configured for various DDoS attack and defense experiments, and it provides good functional support for experiments.