This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-0791
ddosflowgen
External Dataset
Galois, Inc.
Galois, Inc.
09/01/2017
Unknown
50 (lowest rank is 50)

Category & Restrictions

Traffic Flow Data
traffic flow data, denial of service
Unrestricted
true

Description


ddosflowgen is a tool that models a DDoS attack and generates synthetic traffic datasets from multiple views. You can define the number of attacking networks and adjust parameters such as the attack vectors present, the amplification factor, and the number of attack sources per network.

ddosflowgen is a tool that models a DDoS attack and generates synthetic traffic datasets from multiple views. You can define the number of attacking networks and adjust parameters such as the attack vectors present, the amplification factor, and the number of attack sources per network. Our tool includes non-attack traffic in the output by rewriting IP addresses from a reference noise dataset.

Unlike packet-based simulations, which are not feasible at terabit scales, ddosflowgen simulates traffic using a "flow" representation. This format (implemented with SiLK) uses summaries of IP headers to describe traffic in a compact form. Flow representation makes it possible to simulate extremely high packet and bit rates, and we're currently experimenting with 1.2 Tbps attack scenarios.

ddosflowgen simulates a variety of threats:

* amplifiers/reflectors, such as DNS and NTP servers * flooders within a botnet, like Mirai in attack mode * probes from a botnet, like Mirai scanning for IoT

ddosflowgen is open source, and is available on Github. We are releasing this primarily as an aid to other researchers, and to start a discussion about how best to generate repeatable test cases for defenses against massive attacks. Please enjoy, and we're happy to consider updates, but understand that we intend this tool largely as reference material rather than as a long-running software project.

https://github.com/GaloisInc/ddosflowgen

This project is the result of funding provided by the Science and Technology Directorate of the United States Department of Homeland Security under contract number D15PC00186. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security, or the U.S. Government.

Additional Details

N/A
true
false
cybercrime, server, spamming, packet switching, bot, iot malware, cryptographic protocol, communication protocol, dos, ddosflowgen, application layer protocols, packets, 791, mirai, transport layer security, galois, inc., servers, history of the internet, domain name system, internet protocol, network packet, internet governance, software project management, uniform resource identifier, github, malware, hypertext transfer protocol, internet security, denial of service attack, cyberwarfare, secure communication, history of computing, management, cyberattack, botnet, internet relay chat, exploit