Bridging Missing Gaps in Evaluating DDoS Research

While distributed denial-of-service (DDoS) attacks become stealthier and more disruptive, real-world network operators often ignore academic DDoS defense research and instead rely on basic defense techniques that cannot adequately defend them. In fact, prior to the deployment of a DDoS defense solution, a network operator must understand its impact specifically on their network. However, without a sound empirical analysis of the solution, which is often the case even for the most cited academic work, the network operator may fear its poor defense efficacy or its adverse effects on legitimate traffic. In this work, we elaborate on the critical missing gaps in DDoS defense evaluation and propose a new evaluation platform to help produce the missing defense analytics. To identify the impact of a defense solution in realistic network settings, our platform offers to emulate a mini Internet topology with realistic IP address space allocation and generate representational, closed-loop background traffic specific to particular networks. As such, our platform fulfills the prominent missing gaps in current DDoS research. In the end, we conduct some experiments to demonstrate the correctness and efficiency of our platform.