Using teamwork to fight DDoS attacks

Using teamwork to fight DDoS attacks

When a distributed denial of service (DDoS) attack hits an organization, it quickly overwhelms network resources, disrupting services and making resources unavailable for users. These attacks can temporarily cripple any enterprise, but they are especially difficult for smaller organizations to manage. 

In response to the need for better responses to such threats, the Department of Homeland Security recently awarded a $1.7 million contract to Galois to create a technology that will defend against large and sophisticated DDoS attacks.

Galois’ project, DDoS Defense for a Community of Peers (3DCoP), uses a peer-to-peer collaboration that allows organizations to work together to detect and mitigate the attacks. 

The company has developed a traffic flow monitoring capability that observes traffic flows in and out of the network and finds patterns of interest. The DDoS traffic details are shared through peer-to-peer software, giving the teamed organizations the benefit of mutual detection and a unified defense to block attacks originating from thousands of locations, the company said.

“Current DDoS defense systems are proving ineffective because they operate in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack,” said Adam Wick, Galois' research lead for mobile security and systems software. “This delay is critical. It provides positive feedback to the attacker, who will continue to send more and more traffic at the target network.”

Galois believes it can help organizations detect and block DDoS attacks before networks are completely saturated.  By cutting mitigation response time by 50 percent, 3DCoP can reduce peak traffic by 75 to 90 percent. In addition, Galois also aims to reduce the time between the start of the attack and detection time by 25 percent.

“Our solution advances the state of DDoS defense by providing new tools that allow multiple defenders to coordinate their response, resulting in earlier detection and faster DDoS mitigation,” Wick said.

About the Author

Derek Major is a former reporter for GCN.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected