Visible to the public EAGER: Collaborative: Leveraging High-Density Internet Peering Hubs to Mitigate Large-Scale DDoS AttacksConflict Detection Enabled

Project Details

Lead PI

Performance Period

Aug 15, 2017 - Jul 31, 2019


Georgia Institute of Technology

Award Number

Large-scale distributed denial of service (DDoS) attacks pose an imminent threat to the availability of critical Internet-based operations, as demonstrated by recent incidents that brought down a number of highly popular web services such as Twitter, Spotify and Reddit. While several solutions to counter DDoS attacks have been proposed by both industry and academia, most of the solutions that are currently deployed on the Internet - such as traffic scrubbing - tend to detect and mitigate DDoS attacks close to the victim edge network, once the attack has already caused damage. Creating systems for early DDoS attack detection and mitigation that can be deployed at the core of the Internet has the potential to significantly improve Internet security and reliability.

This project investigates innovative machine learning-based DDoS attack detection and mitigation solutions that can be deployed at the core of the Internet, within Internet eXchange Points (IXPs). IXPs are high-density peering hubs that provide infrastructure used by autonomous systems (ASes) to interconnect, and are therefore well positioned to observe significant fractions of global Internet traffic. The project leverages IXP-based traffic monitoring to develop advanced traffic analysis and classification methods for efficient, automated early detection and mitigation of DDoS attacks. The researchers aim to first investigate methods for defending against distributed reflective DoS (DRDoS) attacks, which rely on spoofed IP traffic to amplify the attacker's available bandwidth, and to then expand the investigation to volumetric DDoS attacks that do not rely on spoofed traffic. As part of the project, the researchers aim to develop collaborations with IXPs and Internet operators around the world, to facilitate research on DDoS defenses and increase opportunities for high-impact technology transfer.