Design and Implementation of Distributed DDoS Datasets

State: completed by Calvin Falter

DDoS attacks attempt to disrupt an online service or connected critical infrastructure by flooding requests or exploiting known vulnerabilities. A Distributed DoS operates on the same principle but relies on many sources to achieve its goal. On the one hand, due to this global dispersion, traces of a DDoS attack can be seen at multiple points across the Internet until it reaches its target. On the other hand, existing DDoS datasets typically only show the view of the target that has been flooded with requests.

This thesis involves designing and implementing a system for creating distributed DDoS datasets based on a centralized attack descriptor to fill this gap. The motivation for this work is that it is possible to evaluate how cooperative DDoS defense systems can interact (to detect and mitigate attacks) based on their traffic perception by taking a global view of an attack rather than just the victim's view. Based on an attack descriptor and operating as a reverse botnet, multiple traces of an attack will be recorded simultaneously at various Internet nodes (autonomous systems) using PCAPs.



[1] University of New Brunswick. DDoS Evaluation Dataset (CIC-DDoS2019). URL: https://www.unb.ca/cic/datasets/ddos-2019.html
[2] Rodrigues, B., Scheid, E., Killer, C., Franco, M., & Stiller, B. (2020). Blockchain signaling system (bloss): Cooperative signaling of distributed denial-of-service attacks. Journal of Network and Systems Management, 28(4), 953-989.
[3] Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). Towards Generating Real-life Datasets for Network Intrusion Detection. Int. J. Netw. Secur., 17(6), 683-701.
[4] Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86, 147-167.
[5] Alzahrani, S., & Hong, L. (2018). Generation of DDoS attack dataset for effective IDS development and evaluation. Journal of Information Security, 9(4), 225-241.



30% Design, 50% Implementation, 20% Documentation
Networking basic knowledge

Supervisors: Dr. Bruno Rodrigues

back to the main page