Cloud-based Security Research Testbed:
A DDoS Use Case
• DDoS Attacks - easy to detect, hard to defend
• Tedbed needed - Cybernetic Proving Ground
• DDoS type - TCP SYN flood
• Based on - DDoS attack on Czech important web servers in March, 2013
• Botnet - commanded by IRC and irssi
• Attacking tool - Low orbit ion cannon (LOIC)
DDoS Simulation
• Simulation of a large network,
systems, services and applications
• Cloud environment for repeatable
investigation of cyber threats
• Monitoring of network behavior,
detection and mitigation of anomalies
and attacks
• Automated gathering and processing
of data generated during security
scenarios
• Creating database of malicious code
• Visualization of significant aspects of
the scenarios
• Detailed architecture description in [1]
Features
•Web based interface using Liferay
Portal
• Interconnected, synchronized
portlets displaying various
characteristics
• Network topology and traffic
visualization
Visualization
[1] D. Kouřil, T. Rebok, T. Jirsík, J. Čegan,
M. Drašar, M. Vizváry J. Vykopal. Cloudbased
Testbed for Simulation of Cyber
Attacks. In Proceedings of NOMS, 2014.
References
Abstract — We present a cloud-based research testbed designed to aid
network security managers. The testbed enables operators to emulate
various network topologies, services, and to analyze attacks threatening
these systems. A possibility to test results of network management
measures is desired, since testing these measures in a production
environment is always not possible. We demonstrate a testbed use case,
which aids to scrutinize network behavior under attack. Our use case is
based on a large DDoS attack which targeted network infrastructure and
web servers in Czech Republic in March, 2013.
DDoS Scenario Timeline
3D sequenced time-ordered
radar chart
2D ordinary radar chart
Line chart of individual
characteristics
1
2
3
1:00
2:00
6:30
8:30
11:00
Bot master configures bots
0:00 Start scenario
Bot groups 1-4 attack victim
DDoS at full strength
End of DDoS
Stop scenario
This work has been supported by
the project “Cybernetic Proving
Ground” (VG20132015103) funded
by the Ministry of the Interior of
the Czech Republic.
Acknowledgements
Tomáš Jirsík
Institute of Computer Science
Masaryk University
Brno, Czech Republic
Pavel Čeleda
Institute of Computer Science
Masaryk University
Brno, Czech Republic
Martin Husák
Institute of Computer Science
Masaryk University
Brno, Czech Republic
Zdenek Eichler
Faculty of Informatics
Masaryk University
Brno, Czech Republic
jirsik@ics.muni.cz celeda@ics.muni.czhusakm@ics.muni.cz zdenek.eichler@mail.muni.cz
1
2
3
www.muni.cz/ics/kypo