Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3).
The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program.
The UPenn project is developing defenses against distributed denial of service attacks that target specific protocols and their logic. These attacks are often difficult to diagnose and stop because the total volume of malicious traffic may be very low. The UPenn project attempts to pinpoint the specific protocol component that is under attack and then massively replicate that component to blunt the effects of the attack, DARPA stated.
+More on Network World: What network technology is going to shake up your WAN?+
“The nature of DDoS attacks can span a wide range. Botnet-induced volumetric attacks, which can generate hundreds of gigabits per second of malicious traffic, are perhaps the best-known form of DDoS. However, low-volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint. Such attacks target specific applications, protocols or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques,” DARPA said.
The current art in DDoS defense generally relies on combinations of network-based filtering, traffic diversion and ”scrubbing” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and/or to provide diverse access for legitimate users.
In general, these existing approaches fall well short of desired capabilities in terms of response times, the ability to identify and to thwart low-volume DDoS, the ability to stop DDoS within encrypted traffic and the need to defend real-time transactional services such as those associated with cloud computing and military command and control, according to DARPA.
+More on network World: DARPA wants to toughen-up WAN edge networking, security+
Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. A clear need exists for fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions, DARPA stated.
DARPA says the XD3 program looks to develop technologies that:
- Thwart DDoS attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting
- Disguise the characteristics and behaviors of those assets to confuse or deceive the adversary
- Blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission‐critical servers.
Check out these other hot stories: