Large-scale Internet attacks such as worms and Distributed Denial-of-Service (DDoS) attacks are increasing in scale and sophistication, and are posing an escalating threat to our society, government, economy, and critical infrastructures. Designing defenses against worm and DDoS attacks is thus one of the most urgent research challenges. This research proposes novel approaches and techniques to defend against these large scale Internet attacks.
First, this research proposes a new approach for automatic defense against worms. By designing novel automatic methods to detect software exploit attacks quickly and accurately, and to generate and disseminate accurate filters/signatures, this approach aims to protect vulnerable hosts and provide an easy-to-deploy and effective defense against devastating new worm outbreaks, including zero-day exploit attacks.
Second, this research proposes to design a DDoS-resilient Internet infrastructure. This research will investigate the design characteristics and security mechanisms necessary to prevent DDoS attacks not only in the current Internet, but more importantly, in the next generation Internet.
This project will provide fundamental new techniques for defending against large-scale Internet attacks, and will have broad impact in providing foundations for building an attack-resilient communication infrastructure.