Large-scale Internet attacks such as worms and Distributed Denial-of-Service (DDoS) attacks are increasing in scale and sophistication, and are posing an escalating threat to our society, government, economy, and critical infrastructures. Designing defenses against worm and DDoS attacks is thus one of the most urgent research challenges. This research proposes novel approaches and techniques to defend against these large scale Internet attacks.

First, this research proposes a new approach for automatic defense against worms. By designing novel automatic methods to detect software exploit attacks quickly and accurately, and to generate and disseminate accurate filters/signatures, this approach aims to protect vulnerable hosts and provide an easy-to-deploy and effective defense against devastating new worm outbreaks, including zero-day exploit attacks.

Second, this research proposes to design a DDoS-resilient Internet infrastructure. This research will investigate the design characteristics and security mechanisms necessary to prevent DDoS attacks not only in the current Internet, but more importantly, in the next generation Internet.

This project will provide fundamental new techniques for defending against large-scale Internet attacks, and will have broad impact in providing foundations for building an attack-resilient communication infrastructure.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Application #
0842694
Program Officer
Carl Landwehr
Project Start
Project End
Budget Start
2008-06-01
Budget End
2011-06-30
Support Year
Fiscal Year
2008
Total Cost
$419,706
Indirect Cost
Name
University of California Berkeley
Department
Type
DUNS #
City
Berkeley
State
CA
Country
United States
Zip Code
94704