Distributed Pulse-Wave Simulator for DDoS Dataset Generation
Karim Khamaisi, Pascal Kiechl, Katharina Müller, Burkhard Stiller, Bruno Rodrigues
TL;DR
Pulse-wave DDoS attacks exhibit rapid bursts that challenge single-domain defenses. The authors present DPWS, an open-source, ns-3 based, MPI-enabled simulator that generates synchronized, multi-domain DDoS datasets with DOTS, FlowSpec, and RTBH artifacts via a YAML configuration, enabling cross-domain defense research. DPWS supports a Central Network topology with multiple ASes, an OnOffRetarget traffic model, and an attack scheduler with a cycle length $C=\sum_{v\in\mathcal{V}}(|\mathcal{T}|\,b_v+(|\mathcal{T}|-1)\,s_v)$, plus capture and logging for reproducible experiments. The results demonstrate realistic pulse dynamics and the utility of distributed observability for benchmarking inter-domain defenses, with future work on adaptive traffic shaping and integration of inter-domain signaling for coordinated mitigation.
Abstract
Pulse-wave Distributed Denial-of-Service (DDoS) attacks generate short, synchronized bursts of traffic that circumvent pattern-based detection and quickly exhaust traditional defense systems. This transient and spatially distributed behavior makes analysis extremely challenging, as no public datasets capture how such attacks evolve across multiple network domains. Since each domain observes only a partial viewpoint of the attack, a correlated, multi-vantage view is essential for comprehensive analysis, early detection, and attribution. This paper presents DPWS, an open-source simulator for generating distributed pulse-wave DDoS datasets. DPWS models multi-AS topologies and produces synchronized packet captures at multiple autonomous systems, showing the distributed structure of coordinated bursts. It enables fine-grained control of traffic parameters through a lightweight YAML interface. DPWS reproduces pulse-wave dynamics across multiple vantage points, exhibits natural fingerprint variability at equal aggregate rates, and scales with MPI in ns-3, providing a reproducible basis for studying pulse-wave behaviour and benchmarking distributed DDoS defenses, while sharing practical insights on ns-3 scalability and synchronization gained during development.