A Realistic Testbed for Replicating Large-scale Botnet DDoS Attacks

Thursday Sep 21 11:30-12:30 WWH 335

DDoSim, a simulation testbed for mimicking real-world, large-scale botnet DDoS attacks, is presented. DDoSim offers various capabilities, including running user-specified software, testing botnet recruitment exploits, and measuring the severity of resulting DDoS attacks. DDoSim leverages the integration of Docker and NS-3 to load Docker containers with actual binaries and connect them over a simulated NS-3 network. In addition, DDoSim is improved by integrating QEMU (an open-source machine emulator and virtualizer that supports a variety of architecture) into this testbed, supporting full system emulations for more realistic setups.

This work focuses on the results of an experiment series concerning deploying a memory error botnet on IoT devices. Unlike the Mirai attack, which relies on default credentials, these experiments exploit memory error vulnerabilities to access IoT devices remotely. DDoSim also implements realistic IoT churn, reflecting dynamic network conditions in real-world IoT environments. The results reveal that memory error vulnerabilities enable botnet recruitment, while network conditions, attack size, and duration all have a proportional impact on target servers. DDoSim is publicly available for researchers’ use.

Islam Obaidat is a Ph.D. candidate in Computing & Information Systems at UNC Charlotte.