In recent years, a number of solutions have been proposed for the detection of Denial of Service (DoS) attacks. Most of them have been tuned and tested by means of publicly available labelled datasets, which can be conveniently used to overcome the scarceness of real-life data gathered under incidents and attacks from production environments. Notwithstanding the high detection rates of existing algorithms, there is little concern about the representativeness of public traffic data and the impact on continuity of operation of the victim services. This paper presents a starting step towards a framework for replaying and assessing DoS attacks. The framework aims to improve experiments on DoS attacks by allowing to replay previously-recorded attack network traffic. It features a number of components, such as a victim and a load generator, that allow to conduct experiments in a controlled and configurable environment. Overall, this makes it possible to assess DoS traffic itself and contextualize the effect on the service under assessment and potential countermeasures. The framework is tested by means of direct DoS emulation and traffic replay.
Towards a framework for improving experiments on dos attacks
Catillo M.;Pecchia A.;Villano U.
2020-01-01
Abstract
In recent years, a number of solutions have been proposed for the detection of Denial of Service (DoS) attacks. Most of them have been tuned and tested by means of publicly available labelled datasets, which can be conveniently used to overcome the scarceness of real-life data gathered under incidents and attacks from production environments. Notwithstanding the high detection rates of existing algorithms, there is little concern about the representativeness of public traffic data and the impact on continuity of operation of the victim services. This paper presents a starting step towards a framework for replaying and assessing DoS attacks. The framework aims to improve experiments on DoS attacks by allowing to replay previously-recorded attack network traffic. It features a number of components, such as a victim and a load generator, that allow to conduct experiments in a controlled and configurable environment. Overall, this makes it possible to assess DoS traffic itself and contextualize the effect on the service under assessment and potential countermeasures. The framework is tested by means of direct DoS emulation and traffic replay.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.