Back
 JIS  Vol.9 No.4 , October 2018
Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation
Abstract: Distributed Denial of Service (DDoS) attacks are performed from multiple agents towards a single victim. Essentially, all attacking agents generate multiple packets towards the victim to overwhelm it with requests, thereby overloading the resources of the victim. Since it is very complex and expensive to conduct a real DDoS attack, most organizations and researchers result in using simulations to mimic an actual attack. The researchers come up with diverse algorithms and mechanisms for attack detection and prevention. Further, simulation is good practice for determining the efficacy of an intrusive detective measure against DDoS attacks. However, some mechanisms are ineffective and thus not applied in real life attacks. Nowadays, DDoS attack has become more complex and modern for most IDS to detect. Adjustable and configurable traffic generator is becoming more and more important. This paper first details the available datasets that scholars use for DDoS attack detection. The paper further depicts the a few tools that exist freely and commercially for use in the simulation programs of DDoS attacks. In addition, a traffic generator for normal and different types of DDoS attack has been developed. The aim of the paper is to simulate a cloud environment by OMNET++ simulation tool, with different DDoS attack types. Generation normal and attack traffic can be useful to evaluate developing IDS for DDoS attacks detection. Moreover, the result traffic can be useful to test an effective algorithm, techniques and procedures of DDoS attacks.
Cite this paper: Alzahrani, S. and Hong, L. (2018) Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation. Journal of Information Security, 9, 225-241. doi: 10.4236/jis.2018.94016.
References

[1]   Singh, J., Kumar, K., Sachdeva, M. and Sidhu, N. (2012) DDoS Attack’s Simulation Using Legitimate and Attack Real Data Sets. International Journal of Scientific & Engineering Research, 3, No. 6.

[2]   Kotenko, I. and Ulanov, A. (2006) Simulation of Internet DDoS Attacks and Defense. International Science of Journal Computing, 4176, 327-342.
https://doi.org/10.1007/11836810_24

[3]   Mukkavilli, S.K., Shetty, S. and Hong, L. (2016) Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers. Journal of Information Security, 7, 172-184. https://doi.org/10.4236/jis.2016.73013

[4]   Wagholi, P. (2014) Detection of DDoS Attacks Based on Network Traffic Prediction and Chaos Theory.

[5]   Wang, J., et al. (2011) Advanced DDoS Attacks Traffic Simulation with a Test Center Platform. International Journal for Information Security Research, 1, 168.

[6]   Mukkavilli, S.K., Shetty, S. and Hong, L. (2016) Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers. Journal of Information Security, 7, 172-184. https://doi.org/10.4236/jis.2016.73013

[7]   Csubak, D., Szuks, K., Voros, P. and Kiss, A. (2016) Big Data Testbed for Network Attack Detection. Acta Polytechnica Hungarica, 13, 47-57.

[8]   Ozgur, A. and Erdem, H. (2016) A Review of KDD99 Dataset Usage in Intrusion Detection and Machine Learning between 2010 and 2015.

[9]   The CAIDA UCSD “DDoS Attack 2007” Dataset.
http://www.caida.org/data/passive/ddos-20070804_dataset.xml

[10]   Dhanabal, L. and Shantharajah, S.P. (2015) A Study of NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms. International Journal of Advanced Research in Computer and Communication Engineering, 4, 446-452.

[11]   Shiravi, A., Shiravi, H., Tavallaee, M. and Ghorbani, A.A. (2012) Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security, 31, 357-374.

[12]   University of Southern California-Information Sciences Institute. (2012) DoS_80-20110715 (07/15/2011 to 07/15/2011) [Data Set]. IMPACT.

[13]   Umarani, S. and Sharmila, D. (2014) Predicting Application Layer DDOS Attacks Using Machine Language Algorithms. International Journal of Computer and Systems Engineering, 8, 1912-1917.

[14]   Alkasassbeh, M., Hassanat, A.B.A., Al-Naymat, G. and Almseidin, M. (2016) Detecting Distributed Denial of Service Attacks Using Data Mining Techniques. International Journal of Advanced Science Applications, 7, 436-445.

[15]   Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K. and Kalita, J.K. (2012) Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Direction. The Computer Journal, 57, 551.

[16]   Berkes, J. (2017) Simulating DDoS Attacks with Ddosflowgen. Network Security.
https://galois.com/blog/2017/04/simulating-ddos-attacks-ddosflowgen/

[17]   Jonsson, V. (2009) HttpTools: A Toolkit for Simulation of Web Hosts in OMNeT++. Proceedings of the Second International ICST Conference on Simulation Tools and Techniques, Rome, 2 March 2009, 70. https://doi.org/10.4108/ICST.SIMUTOOLS2009.5589

[18]   Shinde, P. and Parvat, T.J. (2016) DDoS Attack Analyzer: Using JPCAP and WinCap. Procedia Computer Science, 79, 781-784.https://doi.org/10.1016/j.procs.2016.03.103

 
 
Top