[show abstract][hide abstract] ABSTRACT: Several popular simulation and emulation environments fail to account for realistic packet forwarding behaviors of commercial switches and routers. Such simulation or emulation inaccuracies can lead to dramatic and qualitative impacts on the results. In this paper, we present a measurement-based model for routers and other forwarding devices, which we use to simulate two different Cisco routers under varying traffic conditions. The structure of our model is device-independent, but requires device-specific parameters. We construct a profiling tool and use it to derive router parameter tables within a few hours. Our preliminary results indicate that our model can approximate the Cisco routers. The compactness of the parameter tables and simplicity of the model makes it possible to use it for high-fidelity simulations while preserving simulation scalability.
INFOCOM 2008. 27th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 13-18 April 2008, Phoenix, AZ, USA; 01/2008
[show abstract][hide abstract] ABSTRACT: In this paper, we investigate the dierences between simulation and emulation when conducting denial of service (DoS) attack experiments. As a case study, we consider low-rate TCP-targeted DoS attacks. We design constructs and tools for emulation testbeds to achieve a level of con- trol comparable to simulation tools. Through a careful sensitivity analysis, we expose diculties in obtaining meaningful measurements from the DETER, Emulab, and WAIL testbeds with de- fault system settings. We nd dramatic dierences between simulation and emulation results for DoS experiments. Our results also reveal that software routers such as Click provide a exible experimental platform, but require understanding and manipulation of the underlying network device drivers. Our experiments with commercial Cisco routers demonstrate that they are highly susceptible to the TCP-targeted attacks when ingress/egress IP lters are used.
[show abstract][hide abstract] ABSTRACT: While the DETER testbed provides a safe environment and basic tools for security experimentation, researchers face a significant challenge in assembling the testbed pieces and tools into realistic and complete experimental scenarios. In this paper, we describe our work on developing a set of sampled and comprehensive benchmark scenarios, and a workbench for experiments involving denial-of-service (DoS) attacks. The benchmark scenarios are developed by sampling features of attacks, legitimate traffic and topologies from the real Internet. We have also developed a measure of DoS impact on network services to evaluate the severity of an attack and the effectiveness of a proposed defense. The benchmarks are integrated with the testbed via the experimenter's workbench - a collection of traffic generation tools, topology and defense library, experiment control scripts and a graphical user interface. Benchmark scenarios provide inputs to the workbench, bypassing the user's selection of topology and traffic settings, and leaving her only with the task of selecting a defense, its configuration and deployment points. Jointly, the benchmarks and the experimenter's workbench provide an easy, point-and-click environment for DoS experimentation and defense testing.
Testbeds and Research Infrastructure for the Development of Networks and Communities, 2007. TridentCom 2007. 3rd International Conference on; 06/2007
[show abstract][hide abstract] ABSTRACT: Simulation, emulation, and wide-area testbeds exhibit different strengths and weaknesses with respect to fidelity, scalability, and manageability. Fidelity is a key concern since simulation or emulation inaccuracies can lead to a dramatic and qualitative impact on the results. For example, high-bandwidth denial of service attack floods of the same rates have very different impact on the different platforms, even if the experimental scenario is supposedly identical. This is because many popular simulation and emulation environments fail to account for realistic commercial router behaviors, and incorrect results have been reported based on experiments conducted in these environments. In this paper, we describe the architecture of a black-box router profiling tool which integrates the popular ns-2 simulator with the Click modular router and a modified network driver. We use this profiler to collect measurements on a Cisco router. Our preliminary results demonstrate that routers and other forwarding devices cannot be modeled as simple output port queues, even if correct rate limits are observed. We discuss our future work plans for using our data to create high-fidelity network simulation/emulation models that are not computationally prohibitive.
[show abstract][hide abstract] ABSTRACT: In this paper, we investigate the applicability of simulation and emulation for denial of service (DoS) attack experimentation. As a case study, we consider low-rate TCP-targeted DoS attacks. We design constructs and tools for emulation testbeds to achieve a level of control comparable to simulation tools. Through a careful sensitivity analysis, we expose difficulties in obtaining meaningful measurements from the DETER and Emulab testbeds with default system settings, and find dramatic differences between simulation and emulation results for DoS experiments. Our results also reveal that software routers such as Click provide a flexible experimental platform, but require understanding and manipulation of the underlying network device drivers. We compare simulation and testbed results to a simple analytical model for predicting the average size of the congestion window of a TCP flow under a low-rate TCP-targeted attack, as a function of the DoS attack frequency. We find that the analytical model and ns-2 simulations closely match in typical scenarios. Our results also illustrate that TCP-targeted attacks can be effective even when the attack frequency is not tuned to the retransmission timeout. The router type, router buffer size, attack pulse length, attack packet size, and attacker location have a significant impact on the effectiveness and stealthiness of the attack
2nd International Conference on Testbeds & Research Infrastructures for the DEvelopment of NeTworks & COMmunities (TRIDENTCOM 2006), March 1-3, 2006, Barcelona, Spain; 01/2006
[show abstract][hide abstract] ABSTRACT: Distributed virtual environments such as massive multi-player games require multiple servers to balance computational load. This paper investigates the architecture of a unified environment where the virtual online world is not partitioned according to rigid boundaries, but according to an adaptive paradigm. Since it is difficult to develop an optimal load balancing algorithm for a unified environment, we propose an optimistic scheme that quickly converges. The cost of frequent migrations is reduced by following a push/push data exchange model. We analyze the computational time costs of such a system and give simulation results to gauge its performance. The simulation results confirm that our load balancing scheme is efficient and can support large numbers of clients.
Network and Operating System Support for Digital Audio and Video, 16th International Workshop, NOSSDAV 2006, Newport, Rhode Island, USA, November 22-23, 2006, Proceedings; 01/2006
[show abstract][hide abstract] ABSTRACT: I. INTRODUCTION Experimentation with security attacks introduces additional requirements compared to traditional networking and distributed system experiments. High capacity attack flows can push sys- tems beyond their expected operational regions, and expose un- expected behaviors. Many popular simulation and emulation environments fail to account for such behaviors, and incorrect results have been reported based on experiments conducted in these environments. In addition, simulation and emulation en- vironments sometimes introduce artifacts, altering the experi- mental outcome and its interpretation. Finally, identification of systems settings that significantly impact experimental results is crucial for creating repeatable experiments. In this paper, we present the results of a careful sensi- tivity analysis we have conducted, which exposes difficulties in obtaining meaningful measurements from three emulation testbeds: DETER at http://www.isi.deterlab.net/, Emulab at http://www.emulab.net/, and Wisconsin Advanced Internet Lab- oratory (WAIL) at http://www.schooner.wail.wisc.edu with de- fault system settings. We compare these results to ns-2 sim- ulation results, and find dramatic differences between simula- tion and emulation results for Denial of Service (DoS) attack experiments. We select low-rate TCP-targeted DoS attacks as a case study, since these attacks have generated significant in- terest in the research community in the past few years. To validate our comparisons, we use a simple analytical model of TCP performance degradation, in the presence of a special case of TCP-targeted DoS attacks (those not causing timeouts), as a lower bound. Our results reveal that software routers such as Click provide a flexible experimental platform, but require understanding and manipulation of the underlying network de- vice drivers. We also discuss our future work plans for creating higher fidelity network simulation and emulation models that are not computationally prohibitive. The remainder of this paper is organized as follows. Section II summarizes related work. Section III describes the simple an- alytical model we have developed. Section IV explains the ex- perimental setup that we use. Section V summarizes our results and the problems in achieving high fidelity DoS simulation and emulation. Finally, Section VI concludes the paper.