Abstract
In this paper, we investigate the applicability of simulation and
emulation for denial of service (DoS) attack experimentation. As a case
study, we consider low-rate TCP-targeted DoS attacks. We design con-
structs and tools for emulation testbeds to achieve a level of control com-
parable to simulation tools. Through a careful sensitivity analysis, we ex-
pose difficulties in obtaining meaningful measurements from the DETER
and Emulab testbeds with default system settings, and find dramatic differ-
ences between simulation and emulation results for DoS experiments. Our
results also reveal that software routers such as Click provide a flexible ex-
perimental platform, but require understanding and manipulation of the
underlying network device drivers. We compare simulation and testbed re-
sults to a simple analytical model for predicting the average size of the con-
gestion window of a TCP flow under a low-rate TCP-targeted attack, as a
function of the DoS attack frequency. We find that the analytical model and
ns-2 simulations closely match in typical scenarios. Our results also illus-
trate that TCP-targeted attacks can be effective even when the attack fre-
quency is not tuned to the retransmission timeout. The router type, router
buffer size, attack pulse length, attack packet size, and attacker location
have a significant impact on the effectiveness and stealthiness of the attack.