DDoS presents a serious threat to the Internet since its inception, where lots of controlled hosts flood the victim site with massive packets. Moreover, in Distributed Reflection DoS (DRDoS), attackers fool innocent servers (reflectors) into flushing packets to the victim. But most of current DRDoS detection mechanisms are associated with specific protocols and cannot be used for unknown protocols. It is found that because of being stimulated by the same attacking flow, the responsive flows from reflectors have inherent relations: the packet rate of one converged responsive flow may have linear relationships with another. Based on this observation, the Rank Correlation based Detection (RCD) algorithm is proposed. The preliminary simulations indicate that RCD can differentiate reflection flows from legitimate ones efficiently and effectively, thus can be used as a useable indicator for DRDoS.
NS2 can be used to simulate a DDos attack. This is how you can detect DDos attack in NS2.
1. Create a topology. Depending on how many source input you want.
2. For the source node, set the bandwidth of normal traffic(the regular traffic) to constant.
3. To create the attack, generate many packets of CBR UDP randomly.
1. create a topology make sure there are normal source and also source node for the attacker.
2. For normal source create normal traffic.
3. For attacker source create the randomly generated DDOS attack.
(the number of normal source node, and attacker node depend on your requirement)
By doing this, you will have a normal traffic and random generated traffic (the attack).