Status: Stable -- Version: 1.0
DeMONS is a DDoS mitigation solution that uses NFV concept together both a dynamic allocation and a reputation mechanisms. This repository provides a DeMONS simulator for measuring satisfaction (i.e., a QoS metric calculated by using the traffic drop rate and flows priorities) in differente traffic scenarios. In addition to the DeMONS simulator, we also provide a VGuard solution simulator [1] to be used as the baseline for comparison. This simulator was developed by using python 2.7 language.
The DeMONS simulator can be controlled by its CLI (CLI.py). This interface provides five actions as described below:
flow -> create a simulation flow summary
arguments for normal flows: file distribution
arguments for DDoS flows: file benign_distribution ddos_distribution ddos_start_moment
-- file: string (file where the data will be written)
-- distributions: N100/30-1, N100/30-2, N500/30, D500/10 (data distribution equation)
-- ddos_start_moment: integer (time when the DDoS starts)(
vguard -> execute a VGuard solution simulation
arguments: flow_file tunnel_low_cap tunnel_high_cap selective_mode
-- flow_file: string (flow file formatted as the one created by flow action)
-- tunnel_low_cap: integer (capacity of low priority tunnel in Kbps)
-- tunnel_high_cap: integer (capacity of high priority tunnel in Kbps)
-- selective_mode: float (>= 0 and <= 1) (selective mode entrance parameter)
demons -> execute a DeMONS solution simulation
arguments: flow_file tunnel_low_cap tunnel_high_cap selective_mode
-- flow_file: string (flow file formatted as the one created by flow action)
-- tunnel_low_cap: integer (capacity of low priority tunnel in Kbps)
-- tunnel_high_cap: integer (capacity of high priority tunnel in Kbps)
-- selective_mode: float (>= 0 and <= 1) (selective mode entrance parameter)
full -> execute both VGuad and DeMONS simulations
arguments: flow_file tunnel_low_cap tunnel_high_cap selective_mode
-- flow_file: string (flow file formatted as the one created by flow action)
-- tunnel_low_cap: integer (capacity of low priority tunnel in Kbps)
-- tunnel_high_cap: integer (capacity of high priority tunnel in Kbps)
-- selective_mode: float (>= 0 and <= 1) (selective mode entrance parameter)
reporting -> define how many seconds passes (in the simulation) to create a report
arguments: seconds
-- seconds: int (> 0) [standard value is 1]
filter -> define which filter to use in the low priority tunnel
arguments: filter_id
-- filter_id: int [0: Method Std; 1: Token Bucket Policer; 2: Leaky Bucket Shaper; 3/Std: Leaky Bucket Shaper + Priority Filter]
policy -> define which policy to use in filter's dropping policy [when required]
arguments: policy_id
-- policy_id: int [0: Restrictive; 1: Medium; 2/Std: Permissive]
exit -> end simulator
- Real environment deployment and testing (Click-on-OSv [2] in NIEP [3] environment).
- Dynamic setup of selective mode parameter.
Contact us towards git issues requests or by the e-mail vfulber@inf.ufsm.br.
Vinícius Fülber Garcia (vfulber@inf.ufsm.br) - UFPR, Brazil
Guilherme de Freitas Gaiardo (ggaiardo@inf.ufsm.br) - UFSM, Brazil
Raul Ceretta Nunes (ceretta@inf.ufsm.br) - UFSM, Brazil
Carlos Raniery Paula dos Santos (csantos@inf.ufsm.br) - UFSM, Brazil
V. F. Garcia et al., "Uma Solução para Mitigação de Ataques DDoS Através de Tecnologia NFV", 2018 1st Workshop de Segurança Cibernética em Dispositivos Conectados (WSCDC SBRC). Campos do Jordão, Brazil, 2018.
V. Fülber Garcia, G. de Freitas Gaiardo, L. da Cruz Marcuzzo, R. Ceretta Nunes and C. R. Paula dos Santos, "DeMONS: A DDoS Mitigation NFV Solution," 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), Krakow, 2018, pp. 769-776. doi: 10.1109/AINA.2018.00115
-> VGuard <-
[1] C. J. Fung and B. McCormick, "VGuard: A distributed denial of service attack mitigation method using network function virtualization," 2015 11th International Conference on Network and Service Management (CNSM), Barcelona, Spain, 2015, pp. 64-70. doi:10.1109/CNSM.2015.7367340
-> Click-On-OSv <-
[2] L. da Cruz Marcuzzo et al., "Click-on-OSv: A platform for running Click-based middleboxes", 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, 2017, pp. 885-886. doi: 10.23919/INM.2017.7987396
-> NIEP <-
[3] T. Tavares, L. Marcuzzo, V. Garcia, G. Venâncio, M. Franco, L. Bondan, F. De Turk, L. Granville, E. Duarte, C. Santos and A. Schaeffer-filho, "NIEP - NFV Infrastructure Emulation Platform", in 32nd IEEE AINA, Cracow, Poland, 2018.