Packet Level Simulation of Cooperative Distributed Defense against Internet Attacks

Nowadays we see an increasing number of global network attacks. These attacks are realized due to joint efforts of many distributed malicious software components (bots). It is very hard to investigate the effectiveness and efficiency of defense mechanisms against such attacks in practice. However these mechanisms might be simulated with the necessary fidelity. The paper outlines a framework and software tool intended for simulation of the Internet attacks and defense mechanisms against them. They are based on packet-level simulation and agent-oriented approach and intended to evaluate and compare different cooperative distributed defense mechanisms. The paper describes the simulation framework and software tool developed and their usage to analyze cooperative defense mechanisms against DDoS (distributed denial of service) attacks. We investigate as mechanisms based on partial cooperation of distributed defense components, including DefCOM (defensive cooperative overlay mesh) and COSSACK (coordinated suppression of simultaneous attacks) as well as the approach based on full cooperation.