DARPA: Current DDoS protection isn’t cutting it

New DARPA program looks for more revolutionary protection from DDoS attacks

Researchers with the Defense Advanced Research Projects Agency (DARPA) will next month detail a new program they hope will ratchet-up the way the military, public and private enterprise protect their networks from distributed denial-of-service DDoS attacks.

+More on network World: DARPA wants to toughen-up WAN edge networking, security+

The need for such new defenses is obvious: The number of distributed denial-of-service (DDoS) attacks in first quarter of 2015 more than doubled the number of attacks in Q1 of 2014 and attack sites are growing more dangerous, and more capable of launching attacks in excess of 100 Gbps, according to a recent Akamai Technologies State of the Internet Security report.

A clear need therefore exists for fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions, DARPA stated.

The DARPA program, called Extreme DDoS Defense (XD3) looks to :

  • thwart DDoS attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting
  • disguise the characteristics and behaviors of those assets to confuse or deceive the adversary
  • blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission‐critical servers.
DARPA says that the current art in DDoS defense generally relies on combinations of network‐based filtering, traffic diversion and ”scrubbing,” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and/or to provide diverse access for legitimate users.   In general, these existing approaches fall well short of desired capabilities in several respects because:

  • Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. In contrast, military communication often demands that disruptions be limited to minutes or less.
  • Low‐volume DDoS attacks remain exceedingly difficult to identify and block with in‐line detection techniques. Even for volumetric DDoS attacks, in‐line filtering can present daunting tradeoffs between the desire for complete blockage of malicious traffic and the need to “do no harm” to legitimate communication (i.e., maximizing true positives while minimizing false positives).
  • Mechanisms that rely on in‐line inspection of data flows may be problematic for handling encrypted tunnels, and pose scalability challenges as network bandwidths continue to increase.
  • Defensive methods must be applicable to real‐time, transactional services as well as to cloud computing. Techniques that are only useful for protecting the storage and dissemination of quasi‐static data are insufficient.
For XD3 meeting details go here.

Check out these other hot stories:

The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)

DARPA: What are the extreme challenges facing optics and imaging?

NASA touts real technologies highlighted in imminent 'The Martian' flick

DARPA wants low-power chips that handle high-impact applications

FAA: Pilots report record number of unmanned aircraft encounters

US Navy drone can fly, land on the water and swim

DARPA wants to transform vacuum electronics for superior communications, data transmissions

Join the CSO newsletter!

Error: Please check your email address.

Tags ddosDARPA

More about AdvancedAkamai TechnologiesDefense Advanced Research Projects AgencyFAANASA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place