Playing in the Sandbox: A Step Towards Sound DDoS Research Through High-Fidelity Evaluation

While volumetric distributed denial-of-service (DDoS) attacks evolve into stealthier and more disruptive threats, realworld network operators often ignore the over two decades of DDoS defense research and still rely on basic defense solutions that cannot properly defend against these advanced attacks. One likely explanation for this contradiction lies in the lack of sound empirical evaluation of a DDoS defense solution; prior to the deployment of a DDoS defense system, a network operator must understand the impact of the defense system specifically in their network. Without such knowledge, the network operator may fear poor efficacy of the defense due to known issues such as an increased false positive rate from domain shift or negative effects on legitimate traffic from coarse-grained mitigation techniques. In fact, many of the most cited academic solutions for DDoS defense often lack this crucial insight. In order to provide network operators assurance of defense efficacy in their network, we propose a DDoS emulation platform that can evaluate stateof-the-art DDoS detection and mitigation solutions in various real-world scenarios. Our platform emulates the real-world Internet topology, fine-grained application traffic from actual applications, and a user-friendly interface for network operators/researchers to implement different attacks/defenses. Moreover, we demonstrate the usefulness of our DDoS emulation platform through a comprehensive study of existing DDoS defense solutions.