
			THE STATIC DPF SIMULATOR

This document describes the basic procedure for installing and running the 
Static DPF Simulator. For a quick view of how to run the simulator, see
the c-shell script at examples/example.csh.


CONTENTS
--------
Abstract
1. Overview
3. Contents of this package
3. Installation
4. Using the simulator
  4.1. Preparing the input
  4.2. Running the simulator
  4.3. Evaluating the output


1. OVERVIEW

The Static DPF Simulator is a tool for evaluating the performance of the
Distributed Packet Filtering (DPF) protocol [1, 2] in a static network
environment where the nodes and edges do not change. Given a network
topology with a list of nodes and edges, and also given the list of the
filter nodes in the network, the DPF simulator computes which nodes are
able to launch an attack on other nodes using spoofed addresses if the DPF
protocol is being run on the network.


2. CONTENTS OF THIS PACKAGE

This package consists of the following parts:

- dpf/  This is the directory that includes the main simulator code.

- vc/  This directory includes an auxiliary tool of the package
to compute a vertex cover on a given graph. Vertex cover provides 
an effective filter placement [1, 2].

- measure/  This directory also includes an auxiliary part of the
simulator package.  It provides the programs to compute the two main
performance measures of the DPF tool, phi2 and psi1, as discussed in
[1, 2].

- examples/  This directory includes a sample set of the simulator's
input and output files, discussed in Section 4, with <ID> = 19971108.
The data are based on the Route Views Project's BGP dump file for
November 8, 1997, ASmap.19971108.879009857.gz at
http://moat.nlanr.net/Routing/rawdata/ .

- get_ASgraph.pl, get_ASpaths.pl, get_AStrans.pl
These are the perl script files for creating the simulator input 
from a raw BGP dump file. Their usage is discussed in Section 4.1.

- doc/  This directory includes a detailed documentation of the 
simulator package.


3. INSTALLATION

Running "make" at the simulator's home directory will generate all the
executables for the simulator as well as for the auxiliary tools.

One point that needs extra care is the path information on the first line 
of the perl script files. The paths for perl (or csh) may differ from system 
to system, and it is the user's responsibility to make sure that the path
information at the beginning of the script files is updated according to
the host system. 
(Alternatively, the scripts can be run without modifying the files by 
preceeding the call to these commands with "perl".)

To date, the package have been installed and tested on Intel x86 
machines running Linux 2.4 and Sun Ultra-2 machines running Solaris 2.6.


4. USING THE SIMULATOR

4.1. PREPARING THE INPUT

The DPF simulator takes three files as input:  One file specifying the AS
graph topology in an adjacency list representation, one file listing the
filter nodes, and a third file listing the transit nodes in the network.
The following four-step procedure describes a basic way of preparing these
input files. These steps are not an integral part of the DPF tool and can
be skipped if the input files are obtained by other means.

Before executing the following procedure, a BGP dump table in the format
of the Oregon Route Views Project's dump tables must be present in the
simulator's home directory. The name of this file must be in the form of
"ASmap.<ID>", where <ID> is the identifier of the data, usually the date
of the dump, such as 19990101.


Step 1: Extracting the AS paths from the BGP dump file
  Command: get_ASpaths.pl <ID> 
  Product: ASpaths.<ID>

Step 2: Deducing the graph topology from the AS paths
  Command: get_ASgraph.pl <ID> 
  Product: ASgraph.<ID>

Step 3: Identifying the transit nodes 
  Command: get_AStrans.pl <ID> 
  Product: AStrans.<ID>

Step 4: Computing a vertex cover for the filter placement 
  Command: vc/vc.trans ASgraph.<ID> AStrans.<ID> > ASfilter.<ID>
  Product: ASfilter.<ID> 


4.2. RUNNING THE SIMULATOR

The basic command to run the simulator with the input files <graph>, 
<filter>, and <trans>, which are respectively the files that include 
the graph topology, the list of filter nodes, and the list of transit 
nodes, is

% dpf/dpf <graph> <filter> <trans> 0 1 0 0

Each of the numeric arguments 0, 1, 0, 0 is the typical value of a
command-line option, which are explained in detail in the dpf_doc.ps
document in this directory.

The output of this simulation run would be two files, <graph>.Sta and
<graph>.Cts. These files list the cardinality of the S_at and C_st sets
which are discussed in the dpf_doc.ps document and further in [1, 2].
Another useful file <graph>.Sat can be derived as,

% measure/transpose <graph>.Sta <graph>.Sat


4.3. EVALUATING THE OUTPUT

There are numerous ways to measure the effectiveness of the filtering
protocol. We provide the tools for calculating four of the important
measures discussed by Park and Lee [1, 2]: Phi1, Phi2, Phi3, and Psi1. 
The call structure for these functions is

% measure/<function> <x> <graph>

where <function> is one of phi1, phi2, phi3, psi1, <x> is the value of the
function to be computed, and <graph> is the name of the graph file whose
output is to be used. For example, to compute Phi2(1) on the simulation
output of <graph>, the command is

% measure/phi2 1 <graph>

and the command for computing $\Psi_1(5)$ is

% measure/psi1 5 <graph>


REFERENCES

1. Kihong Park and Heejo Lee.  A proactive approach to distributed DoS
attack prevention using route-based packet filtering.  Technical Report
CSD-TR 00-017, Department of Computer Science, Purdue University, December
2000.

2. Kihong Park and Heejo Lee.  On the effectiveness of route-based packet
filtering for distributed DoS attack prevention in power-law internets. 
In SIGCOMM'01. August 2001.


