LANDER:DoS DDiDD Experiments-20230111 From Predict Jump to navigation Jump to search The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead. README version: 13525, last modified: 2022-12-12. This file describes the trace dataset "DoS_DDiDD_Experiments-20230111" provided by the LANDER project. The most recent version of this file can be found on-line at https://wiki.isi.edu/predict/index.php?title=LANDER:DoS_DDiDD_Experiments-20230111. [ ] Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 Dataset explanation • 3.1 Trained (learned) data • 3.2 Additional data needed • 3.3 Additional software needed • 3.4 Instructions to reproduce paper results • 4 Citation • 5 User Annotations LANDER Metadata (https://wiki.isi.edu/predict/index.php?title=LANDER:DoS_DDiDD_Experiments-20230111/landermeta) ┌───────────────────────────┬────────────────────────────────────────────────────────────────────────────────────┐ │ dataSetName │ DoS_DDiDD_Experiments-20230111 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ status │ usc-web-and-predict │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ shortDesc │ DDiDD experiment data and scripts │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ longDesc │ Experiments measuring DDiDD performance on a series of B_Root_Anomaly events │ │ │ representing flash-crowd DDoS attacks │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ datasetClass │ Quasi-Restricted │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ commercialAllowed │ true │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ requestReviewRequired │ true │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ productReviewRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ ongoingMeasurement │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ submissionMethod │ Upload │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartDate │ 2015-11-30 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionStartTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndDate │ 2021-05-28 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ collectionEndTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartDate │ 2022-12-03 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityStartTime │ 15:36:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndDate │ 2030-01-01 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ availabilityEndTime │ 00:00:00 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ anonymization │ cryptopan/host │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ archivingAllowed │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ keywords │ category:synthetically-generated-data, subcategory:experimental-data, │ │ │ domain-names, DNS requests │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ format │ text │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ access │ https │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ hostName │ USC-LANDER │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ providerName │ USC │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingId │ │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ groupingSummaryFlag │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ retrievalInstructions │ download │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ byteSize │ 1895825408 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ expirationDays │ 14 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ uncompressedSize │ 11279224 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ impactDoi │ │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ useAgreement │ dua-ni-160816 │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ irbRequired │ false │ ├───────────────────────────┼────────────────────────────────────────────────────────────────────────────────────┤ │ privateAccessInstructions │ See http://www.isi.edu/ant/traces/index.html#getting_datasets for information on │ │ │ obtaining this dataset. │ │ │ See │ │ │ https://wiki.isi.edu/predict/index.php?title=LANDER:DoS_DDiDD_Experiments-20230111 │ │ │ for details on this dataset. │ └───────────────────────────┴────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents This dataset contains the DDiDD experiments for the paper "Defending Root DNS Servers Against DDoS Using Layered Defenses" (Methodologies are explained in detail in the "Dataset explanation" section). All data and scripts are in the top directory. These datasets are all created from anonymized B_Root_Anomaly-xxx datasets. They contain no real IP addresses and so their contents have no privacy concerns. Dataset explanation Trained (learned) data Trained (learned) data for various filters is in the following files: * ur.trained.xxx - for UR filter * hcf.trained.xxx - for HCF filter * wr.trained.xxx - for WR filter * fq.trained - for FQ filter (data is pretty stable so we learn it once and use for all datasets) * at.xxx - ground truth for attacker IPs * 20151130.correct - ground truth for two specific seconds of attack in 20151130 dataset Additional data needed Reproducing all paper results also requires the direct captures of B-root Events. These are the list of events used in the DDiDD paper. They can be requested through http://www.isi.edu/ant/traces/index.html#getting_datasets. * B_Root_Anomaly-20151130 * B_Root_Anomaly-20160625 * B_Root_Anomaly-20170221 * B_Root_Anomaly-20170306 * B_Root_Anomaly-20170425 * B_Root_Anomaly-20190907 * B_Root_Anomaly-20200213 * B_Root_Anomaly-20201024 * B_Root_Anomaly-20210528 Additional software needed To reproduce paper results you wll need to download ddidd software from https://ant.isi.edu/software/ddidd/index.html. Instructions to reproduce paper results Please set your DATADIR environment variable to the location where you store all your datasets, e.g., for bash you would do "export DATADIR=/path/to/datasets" Set your PATH to point to the folder where ddidd and loadpcap binaries reside, e.g., for bash you would do "export PATH=/path/to/ddidd-binary:$PATH" You should run gunzip on all .gz files first. Trained (learned) data for various filters is in the following files: - ur.trained.xxx - for UR filter - hcf.trained.xxx - for HCF filter - wr.trained.xxx - for WR filter - fq.trained - for FQ filter (data is pretty stable so we learn it once and use for all datasets) - at.xxx - ground truth for attacker IPs - 20151130.correct - ground truth for two specific seconds of attack in 20151130 dataset You can reproduce the table II in our paper by running: * fq.sh for FQ column * ur.sh for UR column * hcf.sh for HC column * wr.sh for WR column * ddidd-full.sh for DDiDD_F column * ddidd-part.sh for DDiDD_P column After you have the results, please run corresponding onemean and dperf scripts to obtain cd and con column values, respectively. cd is "Good filtered" output of onemean and con is "controlled" output of dperf. * fq-onemean.sh and fq-dperf.sh * ur-onemean.sh and ur-dperf.sh * hcf-onemean.sh and hcf-dperf.sh * wr-onemean.sh and wr-dperf.sh * ddidd-full-onemean.sh and ddidd-full-dperf.sh * ddidd-part-onemean.sh and ddidd-part-dperf.sh Collateral damage (con) for 20151130 will not immediately match, because this attack event had a few seconds of spoofed traffic, using existing resolver addresses. This means that the ground-truth attacker set was dynamic during this event. To address this dynamism and recalculate collateral damage, while taking into account dynamic attacks, please set CORRECT flag to 1 in hcf.cc (DDiDD software), recompile and rerun. Citation If you use this trace to conduct additional research, please cite it as: A S M Rizvi, Jelena Mirkovic, John Heidemann and Wes Hardaker and Robert Story 2023. Defending Root DNS Servers Against DDoS Using Layered Defenses. Proceedings of the IEEE International Conference on Communications Systems and Networks (COMSNETS). User Annotations Suggestion: Edit the annotations at https://wiki.isi.edu/predict/index.php?title=LANDERNOTES:DoS_DDiDD_Experiments-20230111&action=edit Currently no annotations. Retrieved from "https://wiki.isi.edu/predict/index.php?title=LANDER:DoS_DDiDD_Experiments-20230111&oldid=13525" Categories: • LANDER • LANDER:Datasets • Datasets Navigation menu Personal tools • Wikiexport • Talk • Preferences • Watchlist • Contributions • Log out Namespaces • LANDER • Discussion [ ] English Views • Read • Edit • View history • Watch [ ] More • Move _____________________ [ Search ] [ Go ] Navigation • Main page • Providers • Datasets • Results • Categories • Recent changes • Random page • Help Tools • What links here • Related changes • Upload file • Special pages • Permanent link • Page information • This page was last edited on 12 December 2022, at 13:48. • Content is available under Attribution-Share Alike 3.0 Unported unless otherwise noted. • Privacy policy • About Predict • Disclaimers • Attribution-Share Alike 3.0 Unported • Powered by MediaWiki