This project investigates a distributed cooperative solution to the problem of distributed denial-of-service attacks. The proposed defense system, DefCOM, combines the advantages of victim-end defenses (accurate attack detection) and source-end defenses (efficient response and precise separation of the legitimate traffic from the attack traffic). It also enlists the help of backbone routers to control attack traffic in partial deployment scenarios where many potential sources do not deploy a source-end defense.
DefCOM nodes will be deployed in source, victim and core networks, and will cooperate via an overlay to detect and stop attacks. Overlay communication will ensure effective operation even if DefCOM nodes are sparsely and non-contiguously deployed. DefCOM's response to attacks is twofold: defense nodes reduce the attack traffic, freeing the victim's resources; and they also cooperate to detect legitimate traffic within the suspicious stream and ensure its correct delivery to the victim. Because networks deploying defense nodes directly benefit from their operation, DefCOM has a workable economic model to spur its deployment. DefCOM further offers a framework for existing security systems to join the overlay and cooperate in the defense. These features create excellent motivation for wide deployment, and the possibility of a large impact on the DDoS threat.