The Community for Technology Leaders
RSS Icon
Issue No.02 - April-June (2009 vol.6)
pp: 81-95
Jelena Mirkovic , University of Southern California Information Sciences Institute, Marina Del Rey
Sonia Fahmy , Purdue University, West Lafayette
Peter Reiher , UCLA, Los Angeles
Roshan K. Thomas , Sparta, Inc, Centreville
Researchers in the denial-of-service (DoS) field lack accurate, quantitative, and versatile metrics to measure service denial in simulation and testbed experiments. Without such metrics, it is impossible to measure severity of various attacks, quantify success of proposed defenses, and compare their performance. Existing DoS metrics equate service denial with slow communication, low throughput, high resource utilization, and high loss rate. These metrics are not versatile because they fail to monitor all traffic parameters that signal service degradation. They are not quantitative because they fail to specify exact ranges of parameter values that correspond to good or poor service quality. Finally, they are not accurate since they were not proven to correspond to human perception of service denial. We propose several DoS impact metrics that measure the quality of service experienced by users during an attack. Our metrics are quantitative: they map QoS requirements for several applications into measurable traffic parameters with acceptable, scientifically determined thresholds. They are versatile: they apply to a wide range of attack scenarios, which we demonstrate via testbed experiments and simulations. We also prove metrics' accuracy through testing with human users.
Network-level security and protection, communication/networking and information technology, computer systems organization, measurement techniques, performance of systems.
Jelena Mirkovic, Sonia Fahmy, Peter Reiher, Roshan K. Thomas, "Accurately Measuring Denial of Service in Simulation and Testbed Experiments", IEEE Transactions on Dependable and Secure Computing, vol.6, no. 2, pp. 81-95, April-June 2009, doi:10.1109/TDSC.2008.73
[1] A. Yaar, A. Perrig, and D. Song, “SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks,” Proc. IEEE Symp. Security and Privacy (S&P), 2004.
[2] A. Kuzmanovic and E.W. Knightly, “Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew versus the Mice and Elephants),” Proc. ACM SIGCOMM '03, Aug. 2003.
[3] M. Guirguis, A. Bestavros, and I. Matta, “Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources,” Proc. 12th IEEE Int'l Conf. Network Protocols (ICNP '04), Oct. 2004.
[4] CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, CERT CC, , 1996.
[5] S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-Sale: Surviving Organized DDoS Attacks that Mimic Flash Crowds,” Proc. Second Symp. Networked Systems Design and Implementation (NSDI), 2005.
[6] H. Jamjoom and K. Shin, “Persistent Dropping: A Efficient Control of Traffic Aggregates,” Proc. ACM SIGCOMM, 2003.
[7] X. Yang, D. Wetherall, and T. Anderson, “A DoS-Limiting Network Architecture,” Proc. ACM SIGCOMM, 2005.
[8] R. Mahajan, S.M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” ACM Computer Comm. Rev., July 2001.
[9] A. Stavrou, A.D. Keromytis, J. Nieh, V. Misra, and D. Rubenstein, “MOVE: An End-to-End Solution to Network Denial of Service,” Proc. Symp. Network and Distributed System Security (NDSS), 2005.
[10] G. Oikonomou, J. Mirkovic, P. Reiher, and M. Robinson, “A Framework for Collaborative DDoS Defense,” Proc. 11th Asia-Pacific Computer Systems Architecture Conf. (ACSAC '06), Dec. 2006.
[11] Cooperative Association for Internet Data Analysis, CAIDA Web page, http:/, 2008.
[12] MAWI Working Group Traffic Archive, WIDE Project,, 2008.
[13] “QoS Performance requirements for UMTS,” The Third Generation Partnership Project (3GPP), Nortel Networks, http://www.3gpp. org/ftp/tsg_sa/WG1_Serv/ TSGS1_03-HCourt/Docs/Docss1-99362.pdf, 2008.
[14] N. Bhatti, A. Bouch, and A. Kuchinsky, “Quality is in the Eye of the Beholder: Meeting Users' Requirements for Internet Quality of Service,” Technical Report HPL-2000-4, Hewlett Packard, 2000.
[15] L. Yamamoto and J.G. Beerends, “Impact of Network Performance Parameters on the End-to-End Perceived Speech Quality,” Proc. EXPERT ATM Traffic Symp., Sept. 1997.
[16] T. Beigbeder, R. Coughlan, C. Lusher, J. Plunkett, E. Agu, and M. Claypool, “The Effects of Loss and Latency on User Performance in Unreal Tournament 2003,” Proc. ACM Network and System Support for Games Workshop (NetGames), 2004.
[17] N. Sheldon, E. Girard, S. Borg, M. Claypool, and E. Agu, “The Effect of Latency on User Performance in Warcraft III,” Proc. ACM Network and System Support for Games Workshop (NetGames), 2003.
[18] B.N. Chun and D.E. Culler, “User-Centric Performance Analysis of Market-Based Cluster Batch Schedulers,” Proc. Second IEEE Int'l Symp. Cluster Computing and the GridProc. Second IEEE/ACM Int'l Conf. Cluster Computing and the Grid (CCGRID '02), May 2002.
[19] J. Ash, M. Dolly, C. Dvorak, A. Morton, P. Taraporte, and Y.E. Mghazli, Y.1541-QOSM—Y.1541 QoS Model for Networks Using Y.1541 QoS Classes, NSIS Working Group, Internet Draft, work in progress, May 2006.
[20] J. Mirkovic, A. Hussain, B. Wilson, S. Fahmy, P. Reiher, R. Thomas, W. Yao, and S. Schwab, “Towards User-Centric Metrics for Denial-of-Service Measurement,” Proc. Workshop Experimental Computer Science (ExpCS '07), June 2007.
[21] T. Benzel, R. Braden, D. Kim, C. Neuman, A. Joseph, K. Sklower, R. Ostrenga, and S. Schwab, “Experiences with DETER: A Testbed for Security Research,” Proc. Second Int'l IEEE/Create-Net Conf. Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCOM '06), Mar. 2006.
[22] D.J. Bernstein, TCP 22 Syncookies, http://cr.yp.tosyncookies. html, 2008.
[23] NS-2 Web page, The Network Simulator ns 2,, 2008.
[24] R. Chertov, S. Fahmy, and N. Shroff, “Emulation versus Simulation: A Case Study of TCP-Targeted Denial of Service Attacks,” Proc. Second Int'l IEEE/Create-Net Conf. Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCOM '06), Feb. 2006.
[25] Wikipedia, the Free Encyclopedia, http:/, 2008.
[26] Emulab Testbed, Univ. of Utah, http:/, 2008.
[27] E. Kohler, R. Morris, B. Chen, J. Jannotti, and M.F. Kaashoek, “The Click Modular Router,” ACM Trans. Computer Systems, vol. 18, no. 3, pp. 263-297, Aug. 2000.
[28] Transaction Processing Performance Council, TPC Benchmarks, , 2008.
[29] SPEC Benchmarks and Published Results, Standard Performance Evaluation Corp., http://www.spec.orgbenchmarks.html, 2008.
[30] The Third Generation Partnership Project (3GPP), 3GPP, 2008.
[31] M.W. Garrett, “Service Architecture for ATM: From Applications to Scheduling,” IEEE Network, vol. 10, no. 3, pp. 6-14, May/June 1996.
[32] The Transport Modeling Research Group's Web Page, IRTF TMRG Group, http://www.icir.orgtmrg/, 2008.
[33] K.C. Lan, A. Hussain, and D. Dutta, “The Effect of Malicious Traffic on the Network,” Proc. Passive and Active Measurement Workshop (PAM '03), Apr. 2003.
[34] K.-T. Chen, C.-Y. Huang, P. Huang, and C.-L. Lei, “Quantifying Skype User Satisfaction,” Proc. ACM SIGCOMM '06, Sept. 2006.
[35] J. Nieh, S.J. Yang, and N. Novik, “Measuring Thin-Client Performance Using Slow-Motion Benchmarking,” ACM Trans. Computer Systems, vol. 21, no. 1, Feb. 2003.
[36] J. Mirkovic, S. Wei, A. Hussain, B. Wilson, R. Thomas, S. Schwab, S. Fahmy, R. Chertov, and P. Reiher, “DDoS Benchmarks and Experimenter's Workbench for the DETER Testbed,” Proc. Third Int'l IEEE/Create-Net Conf. Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCOM), 2007.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool