A Tool for Visualization and Analysis of Distributed Denial-of-Service (DDoS) Attacks

A Distributed Denial-of-Service (DDoS) attack is a distributed flood of traffic to consume the bandwidth and server resources until it is flooded such that it can no longer provide the service. The hardest part about a DDoS attack is that it is not trivial to detect that an attack is occurring [1] [2], mainly because the attackers could pretend to be normal users until the server crashes. Therefore, to identify and understand an attack, a network operator should be able to recognize characteristics and attacks patterns [3]. Most of the signs and patterns identified can be used as a base to detect and find solutions to mitigate the cyber attacks, for example. In such a direction, information visualization can be a helpful tool to highlight aspects related to the behaviors of different type of DDoS attacks [4]. By extracting relevant information from logs of DDoS attacks, meaningful visualizations [5] can be constructed, for example, to provide insights about the characteristics of an attack.

The goal of this thesis is to develop a visual tool where one can define scenarios to analyze and understand the behaviors of DDoS attacks. The tool should be able to: (iv) import attack logs (e.g., pcap file) and extract information from them to create the visualizations automatically, (ii) allow users to create scenarios manually by interacting with the visual tool (e.g., drag and drop), and (iii) execute animations to demonstrate the behavior of the configured attack scenarios (e.g., sources, links, and amount of traffic). Thus, this thesis has to provide as output a visual representation of DDoS attacks that helps to understand attacks behaviors and its standards, which can benefit network operators, researchers, and activities with educational purposes (e.g., training of cybersecurity teams).

References:

[1] S. T. Zargar, J. Joshi and D. Tipper: A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks; in IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, Fourth Quarter 2013. 

[2] P. Kamboj, M. C. Trivedi, V. K. Yadav, and V. K. Singh: Detection techniques of DDoS attacks: A survey; 4th IEEE Uttar Pradesh Section International Conference on Electrical, Computer, and Electronics (UPCON), Mathura, India, 2017, pp. 675-679.

[3] A. Bhardwaj, G. V. B. Subrahmanyam, V. Avasthi, H. Sastry and S. Goundar: DDoS attacks, new DDoS taxonomy and mitigation solutions — A survey; International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES), Paralakhemundi, India, 2016, pp. 793-798.

[4] V. Pham and T. Dang: CVExplorer: Multidimensional Visualization for Common Vulnerabilities and Exposures; IEEE International Conference on Big Data (Big Data 2018), Seattle, WA, USA, January 2018, pp. 1296-1301.

[5] FireEye: Cyber Threat Map; [On-Line] https://www.fireeye.com/cyber-map/threat-map.html last visit July 2019.