Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation

作     者：Sabah Alzahrani Liang Hong 

作者机构：Department of Electrical & Computer Engineering Tennessee State University Nashville TN USA 

出 版 物：《Journal of Information Security》 (信息安全（英文）)

年 卷 期：2018年第9卷第4期

页      面：225-241页

学科分类：1002[医学-临床医学] 100214[医学-肿瘤学] 10[医学] 

主　　题：DDoS IDS Signature Anomaly Cloud Machine Learning Big Data DataSet Simulation Traffic Generator 

摘      要：Distributed Denial of Service (DDoS) attacks are performed from multiple agents towards a single victim. Essentially, all attacking agents generate multiple packets towards the victim to overwhelm it with requests, thereby overloading the resources of the victim. Since it is very complex and expensive to conduct a real DDoS attack, most organizations and researchers result in using simulations to mimic an actual attack. The researchers come up with diverse algorithms and mechanisms for attack detection and prevention. Further, simulation is good practice for determining the efficacy of an intrusive detective measure against DDoS attacks. However, some mechanisms are ineffective and thus not applied in real life attacks. Nowadays, DDoS attack has become more complex and modern for most IDS to detect. Adjustable and configurable traffic generator is becoming more and more important. This paper first details the available datasets that scholars use for DDoS attack detection. The paper further depicts the a few tools that exist freely and commercially for use in the simulation programs of DDoS attacks. In addition, a traffic generator for normal and different types of DDoS attack has been developed. The aim of the paper is to simulate a cloud environment by OMNET++ simulation tool, with different DDoS attack types. Generation normal and attack traffic can be useful to evaluate developing IDS for DDoS attacks detection. Moreover, the result traffic can be useful to test an effective algorithm, techniques and procedures of DDoS attacks.