Methodologies and metrics for the testing and analysis of distributed denial of service attacks and defenses

In this paper, we describe our ongoing efforts to develop methodologies and metrics for the testing and analysis of distributed denial of service (DDoS) attacks and defenses as part of the Evaluation Methods for Internet Security Technologies (EMIST) project funded by the Department of Homeland Security (DHS) and the National Science Foundation (NSF). The EMIST project in turn makes use of the Cyber Defense technology Experimental Research (DETER) network. DETER is an experimental network test bed built to support national-scale experimentation of security research and technologies. Our objective is to advance the state of the art in the testing, analysis and assessment of DDoS attacks and defenses. To enable this, we are designing a canonical experimentation methodology to guide an experimenter in systematically defining and conducting evaluations. We are also developing a metrics framework to go hand-in-hand with the canonical experimentation methodology. We also describe the results and lessons learnt from initial DDoS experiments using our floodwatch defense technology.