Post date: Jun 14, 2011 7:54:28 PM

AQM&DoS Simulation Platform

The latest platform is now on Github: https://github.com/mleoking/LeoDoS

Copyright (c) 2010-2012 Changwang Zhang (mleoking@gmail.com). All rights reserved.

This Active Queue Management and Denial-of-Service (AQM&DoS) Simulation Platform was established for the Robust Random Early Detection (RRED) algorithm [1]. If you use any part of this platform in your research, you have the responsibility to cite this platform as:

Platform Homepage: http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Cite this platform in the redistribution using the way mentioned above.

2. The above statements are kept in the redistribution.

Download | Discussion | FAQs

1. The function of the platform

The Active Queue Management and Denial-of-Service (AQM&DoS) Simulation Platform is based on the Network Simulation 2. It is able to simulate a variety of experimental scenarios related to Distributed Denial-of-Service (DDoS) attacks and Active Queue Management (AQM) algorithms.

The platform can simulate numbers of Denial-of-Service attacks:

• Denial-of-Service (DoS) attacks

• Distributed Deinal-of-Service (DDoS) attacks

• Spoofing DoS or DDoS attacks

• Low-rate Denial-of-Service (LDoS) attacks

• Distributed Low-rate Denial-of-Service (DLDoS) attacks

• Spoofing LDoS or DLDoS attacks

And a variety of Active Queue Management (AQM) algorithms:

• 1 DropTail; 2 RED; 3 RED/PD; 4 Blue; 5 SFB;

• 6 CBQ; 7 FQ; 8 SFQ; 9 DRR; 10 PI;

• 11 Vq; 12 REM; 13 GK; 14 SRR;

• 15 RED/Robust (RRED) 16 SFB/Robust (RSFB);

To analyse the impact of DoS attacks on normal TCP flows and AQM algorithms, this platform also provides mechanisms to automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks.

The experimental network has a dumbbell topology as the network experimented in the RRED algorithm [1].

2. The installation of the platform

To experiment on the AQM&DoS Simulation Platform, you should fellow these steps:

1. Unzip the package of the AQM&DoS Simulation Platform in your Linux system (the subdirectory "result" is necesary to output the simulation result, you should keep it) and run the following command in the directory "aqm-dos-sim-plat".

chmod +x leodos.sh

2. Install the ns-allinone-2.33 simulation software in your operation system.

NS-2.33: http://sourceforge.net/projects/nsnam/files/allinone/ns-allinone-2.33/ns-allinone-2.33.tar.gz/download

Note1: AQM&DoS Simulation Platform is tested on ns-2.33, but it is expected to be compatible with higher versions of ns.

Note2: AWK is also required to run the platform. But most users do not need to manually install it as it is already included in most Linux distributions. If it is not included in your Linux system, you can refer to the following link to install it.

AWK: http://www.gnu.org/software/gawk/

Or if you are using Debian or Ubuntu Linux, you can use the following two commands to install AWK:

1. sudo apt-get install gawk

2. cd /usr/bin/ && sudo ln -s gawk awk

3. Integrate RRED into your NS2 distribution.

Please follow the instruction in "ns2-integration\integration-of-rred.txt"

4. Modify simulation settings in "leodos.sh" to conduct your specified experiments.

You need to modify the parameters in the "leodos.sh" to conduct a variety of simulations.

4.1 The following line of code means to conduct a single simulation using the parameters specified in the head of "leodos.sh":

dosim 0;

4.2 The following line of code means to conduct a batch of simulations on a specified AQM algorithm x:

"task_aqm_ldos x;"

x is the number of the AQM algorithm. The mapping of x to AQM algorithms is:

1 DropTail; 2 RED; 3 RED/PD; 4 Blue; 5 SFB 6 CBQ 7 FQ; 8 SFQ; 9 DRR; 10 PI; 11 Vq; 12 REM; 13 GK; 14 SRR 15 RED/Robust 16 SFB/Robust;

If you want to experiment on a specific AQM algorithm, please remove the # before its line.

The original setting of the "leodos.sh" is to only conduct a single simulation.

You might need to understand and modify the logic of the function "task_aqm_ldos" to conduct your specified batch of simulations.

5. Run the simulations using the following command in the directory "aqm-dos-sim-plat".

./leodos.sh

The experimental results are located in the sub-directory "result", including:

1. The overall trace file "leodos.tr"

2. The TCP trace file "leodos_tcp.tr"

3. The queue monitor trace file "leodos_queue_monitor.tr"

4. The bottleneck queue trace file "leodos_queue.tr"

5. The nam trace file "leodos.nam" (To get the nam trace file, you need to change the value of "ns_of" from 2 to 3 in "leodosh.sh")

6. The log files "leodos.log" and "leodos_sh.log". "leodos.log" records the parameters of each simulation and its statistical results in a format shown in Section 4. If you run a batch of simulations using "task_aqm_ldos", these log files will be located in a sub-directory named "AQM_x" (x is the number of the AQM algorithm) under "result".

Optional steps:

o1. Integrate the ip spoofing function into your NS2 distribtuion (Do this step only if you need to simulate spoofing DDoS attacks).

Please follow the instruction in "ns2-integration\integration-of-ip-spoofing.txt"

o2. Integrate SFB/blue into your NS2 distribution (Do this step only if you need to simulate SFB).

Please follow the instruction (README) in "ns2-integration\ns2-blue.tar.gz" - the code and instruction of SFB/blue.

o3. Integrate RSFB (Resilient Stochastic Fair Blue) into your NS2 distribution (Do this step only if you need to simulate RSFB and have finished the step o2).

Please follow the instruction in "ns2-integration\integration-of-rsfb.txt"

3. The parameters of the platform

4. The output of the platform

An example of the platform output is:

The lines from "ak_spf_mx" to line "bn_qms" are detailed parameters of this simulation (please refer to Section 3 for the meaning of these parameters). The followed lines are statistical results:

• "rate_f1_normal" depicts the average throughput rate (packets/s) of normal TCP traffic through the bottleneck link when there is no DoS/LDoS attack.

• "rate_f1_attack" depicts the average throughput rate (packets/s) of normal TCP traffic through the bottleneck link when a DoS/LDoS attack is attacking (from ak_st to ak_sp).

• "nth_f1" represents the preserved ratio of normal TCP traffic throughput under a DoS/LDoS attack, which equals to rate_f1_attack/rate_f1_normal.

• "rate_f2_attack" depicts the average throughput rate (packets/s) of attack traffic through the bottleneck link when a DoS/LDoS attack is attacking (from ak_st to ak_sp).

Note1: To convert the unit of a throughput rate from packets/s to Mbps(millions of bits per second or megabits per second), you need to multiply the original value by 8*ur_ps/1024/1024 (for rate_f1_normal and rate_f1_attack) or 8*ak_ps/1024/1024 (for rate_f2_attack). ur_ps is user flows' package size and ak_ps is the packet size of attack flows. Their units are both Byte (not Bit. 1 Byte = 8 Bits). The original rate value multiplied by 8*packet-size (ur_ps or ak_ps) changes its unit from (packets/s) to (bits/s), then divided by 1024 changes its unit from (bits/s) to Kbps (Kilobits per second), and finally divided by 1024 changes its units from Kbps (Kilobits per second) to Mbps (Megabits per second).

Note2: Mbps (Megabits per second) is different from MB/s that stands for MegaBytes per second. 1 MB/s = 8 Mbps.

References

[1] Changwang Zhang, Jianping Yin, Zhiping Cai, and Weifeng Chen, "RRED: Robust RED Algorithm to Counter Low-Rate Denial-of-Service Attacks," IEEE Communications Letters, vol. 14, pp. 489-491, May 2010. [PDF | REF]

---|--|--|--|--|---