Design and Implementation of a Simulation Environment for Volumetric Multi-Vector DDoS Attacks
- chair:Network Security
- type:Bachelor-/Master Thesis
- time:immediately available
Distributed denial of service (DDoS) attacks have been a severe and constant threat to communication infrastructure around the globe for over three decades. With diminishing entry barriers in terms of cost and complexity, DDoS attacks became increasingly popular and effective, allowing threat actors to continuously disrupt service availability, conduct extortion, silence opposition or disguise sophisticated attacks. In contrast, mounting an effective defense remains a highly complex and resource intensive challenge. This is especially the case, when multiple attack vectors are combined into a single attack, making it harder to identify malicious traffic and potentially giving an attacker the upper hand.
This thesis focuses on analyzing, modelling and reproducing the dynamics of multi-vector volumetric DDoS attacks. This includes, for example, analyzing the source distribution and shape of attack traffic in different scenarios like reflector-based attacks (e.g., DNS amplification or SSDP reflection) and direct botnet attacks (e.g., via SYN-flooding). The goal is to provide a (simulative) baseline for testing and evaluation of mitigation systems in highly dynamic DDoS scenarios in order to facilitate further improvements in the defense against DDoS attacks.
The goal of this thesis is to analyze common volumetric DDoS attack vectors and to build a simulation environment capable of reproducing predominant traits like observed packet sizes, attack traffic intensity or distribution of traffic sources over the IP address space. To capture the dynamics of DDoS attack scenarios, the developed environment should be parameterizable, scalable and capable to synthesize attack traffic from multiple different attack vectors. The modular integration of a DDoS mitigation system for the purpose of testing should be pursued and the feasibility of the approach will be evaluated with a prototype implementation.
Familiarity with programming languages (e.g., Python or C++)
Familiarity with networking principles