|
Award Abstract #0430228
Collaborative Research: DefCOM - Distributed Defense against DDoS Attacks
| NSF Org: |
CNS
Division of Computer and Network Systems
|
|
|
| Initial Amendment Date: |
September 2, 2004 |
|
| Latest Amendment Date: |
June 24, 2008 |
|
| Award Number: |
0430228 |
|
| Award Instrument: |
Standard Grant |
|
| Program Manager: |
Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
|
|
| Start Date: |
September 1, 2004 |
|
| Expires: |
February 28, 2009 (Estimated) |
|
| Awarded Amount to Date: |
$185130 |
|
| Investigator(s): |
B. David Saunders saunders@udel.edu (Principal Investigator)
Jelena Mirkovic (Former Principal Investigator)
|
|
| Sponsor: |
University of Delaware
210 Hullihen Hall
Newark, DE 19716 302/831-2136
|
|
| NSF Program(s): |
CYBER TRUST
|
|
| Field Application(s): |
0000912 Computer Science
|
|
| Program Reference Code(s): |
HPCC,9251,9218,9215,9150,7254
|
|
| Program Element Code(s): |
7371
|
ABSTRACT
Collaborative Research: DefCOM - Distributed Defense against DDoS
Jelena Mirkovic, University of Delaware
Peter Reiher, UCLA
Award 0430228
Abstract
This project investigates a distributed cooperative solution to the problem of distributed denial-of-service attacks. The proposed defense system, DefCOM, combines the advantages of victim-end defenses (accurate attack detection) and source-end defenses (efficient response and precise separation of the legitimate traffic from the attack traffic). It also enlists the help of backbone routers to control attack traffic in partial deployment scenarios where many potential sources do not deploy a source-end defense.
DefCOM nodes will be deployed in source, victim and core networks, and will cooperate via an overlay to detect and stop attacks. Overlay communication will ensure effective operation even if DefCOM nodes are sparsely and non-contiguously deployed. DefCOM's response to attacks is twofold: defense nodes reduce the attack traffic, freeing the victim's resources; and they also cooperate to detect legitimate traffic within the suspicious stream and ensure its correct delivery to the victim. Because networks deploying defense nodes directly benefit from their operation, DefCOM has a workable economic model to spur its deployment. DefCOM further offers a framework for existing security systems to join the overlay and cooperate in the defense. These features create excellent motivation for wide deployment, and the possibility of a large impact on the DDoS threat.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
(Showing: 1 - 3 of 3).
G. Oikonomou, J. Mirkovic, P. Reiher and M. Robinson.
"A Framework for Collaborative DDoS Defense,"
Proceedings of ACSAC,
2006,
p. 33.
M. Mehta, K. Thapar, G. Oikonomou and J. Mirkovic.
"Combining Speak-up with DefCOM for Improved DDoS Defense,"
Proceedings of ICC,
2008,
M. Natu and J. Mirkovic.
"Fine-Grained Capabilities for Flooding DDoS Defense Using Client Reputations,"
Proceedings of the Large-Scale Attack and Defense Workshop,
2007,
(Showing: 1 - 3 of 3).
Please report errors in award information by writing to: awardsearch@nsf.gov.
|
