This project investigates a distributed cooperative solution to the problem of distributed denial-of-service attacks. The proposed defense system, DefCOM, combines the advantages of victim-end defenses (accurate attack detection) and source-end defenses (efficient response and precise separation of the legitimate traffic from the attack traffic). It also enlists the help of backbone routers to control attack traffic in partial deployment scenarios where many potential sources do not deploy a source-end defense.

DefCOM nodes will be deployed in source, victim and core networks, and will cooperate via an overlay to detect and stop attacks. Overlay communication will ensure effective operation even if DefCOM nodes are sparsely and non-contiguously deployed. DefCOM's response to attacks is twofold: defense nodes reduce the attack traffic, freeing the victim's resources; and they also cooperate to detect legitimate traffic within the suspicious stream and ensure its correct delivery to the victim. Because networks deploying defense nodes directly benefit from their operation, DefCOM has a workable economic model to spur its deployment. DefCOM further offers a framework for existing security systems to join the overlay and cooperate in the defense. These features create excellent motivation for wide deployment, and the possibility of a large impact on the DDoS threat.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0430228
Program Officer
Carl Landwehr
Project Start
Project End
Budget Start
2004-09-01
Budget End
2009-02-28
Support Year
Fiscal Year
2004
Total Cost
$185,130
Indirect Cost
Name
University of Delaware
Department
Type
DUNS #
City
Newark
State
DE
Country
United States
Zip Code
19716