ISSN 1000-1239 CN 11-1777/TP

• Paper •

### Artificial-Neural-Network-Based DDoS Defense Effectiveness Evaluation

Huang Liang1,2, Feng Dengguo1, Lian Yifeng1, and Chen Kai1

1. 1(Trusted Computing and Information Assurance Laboratory (Institute of Software, Chinese Academy of Sciences), Beijing 100190) 2(Key Laboratory of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security), Shanghai 201204)
• Online:2013-10-15

Abstract: In the world facing severe threat of DDoS, finding the best countermeasure will raise the chance of survival. Defense effectiveness evaluation could help determining the best, thus it is an important part of countermeasure selecting. Current existing defense effectiveness evaluation works through comparing the attack effect before and after the deployment of defensive measures. Consequently, if the measure to be evaluated has been deployed, it needs to be removed, and then to be deployed again during the evaluation process. As a result, the cost of defense effectiveness evaluation is high. The cost can be reduced if the evaluation don't have to remove the defensive measure. In this paper, a defense effectiveness evaluation method without removing the defensive measure is proposed. Firstly, the DEM (defense effectiveness model) model is presented. It chooses indices in the perspective of normal user, which reduces the number of indices and the difficulty of measuring. Then, joined with artificial neural network, the DEM model is able to predict the attack effect before the deployment of countermeasures while the countermeasure has bean already deployed. After that, SSFNet, a network simulator, is incorporated to simulate a typical DDoS attack scenario. The result of the simulation not only validates the predictive ability of artificial neural network in DEM model, but also proves the proposed method to be correct.