Visible to the public TWC: Option: Small: FRADE: Model Human Behavior for Flash cRowd Attack DEfenseConflict Detection Enabled

Project Details

Performance Period

Oct 01, 2013 - Dec 31, 2016


University of Southern California

Award Number

Outcomes Report URL

Application-level, aka ``flash-DDoS'' attacks are the most challenging form of distributed denial of service (DDoS). They flood the victim with legitimate-like service requests generated from numerous bots. There is no defense today that is even remotely effective against flash-DDoS attacks, thus such attacks are today a serious and unmitigated threat to any server.

Our project works on developing defenses against flash-DDoS attacks that can pinpoint traffic sent by automated bots and differentiate it from human-generated traffic. Bot IPs are then blacklisted and their traffic filtered protecting the server under attack without any damage to legitimate users. Our project develops novel technologies called ASTUTE (pASsive TUring TEsts) to distinguish bots from human users, by modeling three aspects of human user behavior: (1) dynamics of human-server interaction, (2) human preference for server content, and (3) human processing of visual and textual cues. IP addresses of detected bots will be blacklisted and their traffic will be dropped during server overload. ASTUTE technologies model human behavior without conscious human participation, thus performing Turing tests (human vs machine differentiation) transparently to humans.

We will implement all our code as extensions of popular open-source server platforms, such as Apache (for Web) and bind (for DNS). At the end of this work we will deliver working prototypes of these extensions, thus our research will directly transition into practice for any interested party at no cost to them. All our code will be released as open-source under the GNU GPL v3 license.