Project Description
Attack Analyses

Student Theses

Cluster "Scylla"



Interested in a student thesis? Check out our DDoSVax 2005 thesis offerings.
13.8.2003: Traffic Analysis for the W32.Blaster Worm
19.8.2003: Traffic Analysis for the Sobig.F Worm
22.1.2004: Inauguration of our new 22 node "Scylla" cluster (Athlon 2.8 MHz, 1 GB RAM; Debian)
26.1.2004: Traffic Analysis for the Novarg/MyDoom Worm
9.5.2004: Traffic Analysis for the Sasser Worm
19.5.2004: GPL Release of UPFrame
22.6.2005: "Erfolg in der Früherkennung von Würmern", Artikel in Netzguide
5.12.2005: "Wenn der Wurm rein will", Artikel in ETHlife

Subject of this research project

Distributed Denial of Service (DDoS) attacks are a threat to Internet services ever since the widely published attacks on ebay.com and amazon.com in 2000. ETH itself was the target of such an attack six months before these commercial sites where hit. ETH suffered repeated complete loss of Internet connectivity ranging from minutes to hours in duration. Massive distributed DDoS attacks have the potential to cause major disruption of Internet functionality up to and including severely decreasing backbone availability.


This project has the following objectives:

  • Detection of infection phases while infection takes place
  • Detection and analysis of massive DDoS attacks when they start in near real-time.
  • Provision of methods and tools that support countermeasures during both phases.

Our hypothesis is that both attack phases exhibit distinct traffic patterns that allow detection and distinction from other massive network events like flash-crowds. We will test this hypothesis with measurements of real network traffic and with simulations.

The practical components are aimed at prototypical implementations of these methods and possible deployment in a real backbone network. Close cooperation with SWITCH has been established to this end, and in fact SWITCH provides a significant part of the project funding.

Student Thesis

If you are looking for a student thesis related to this project, please consult our student theses web page and contact a member of the DDoSVax research team.

(c) 2003-2005  DDoSVax at TIK CSG ETH Zurich, Thomas Dübendorfer, Arno Wagner, last change: Dec 6th, 2005