Using teamwork to fight DDoS attacks
- By Derek Major
- Jan 19, 2016
When a distributed denial of service (DDoS) attack hits an organization, it quickly overwhelms network resources, disrupting services and making resources unavailable for users. These attacks can temporarily cripple any enterprise, but they are especially difficult for smaller organizations to manage.
In response to the need for better responses to such threats, the Department of Homeland Security recently awarded a $1.7 million contract to Galois to create a technology that will defend against large and sophisticated DDoS attacks.
Galois’ project, DDoS Defense for a Community of Peers (3DCoP), uses a peer-to-peer collaboration that allows organizations to work together to detect and mitigate the attacks.
The company has developed a traffic flow monitoring capability that observes traffic flows in and out of the network and finds patterns of interest. The DDoS traffic details are shared through peer-to-peer software, giving the teamed organizations the benefit of mutual detection and a unified defense to block attacks originating from thousands of locations, the company said.
“Current DDoS defense systems are proving ineffective because they operate in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack,” said Adam Wick, Galois' research lead for mobile security and systems software. “This delay is critical. It provides positive feedback to the attacker, who will continue to send more and more traffic at the target network.”
Galois believes it can help organizations detect and block DDoS attacks before networks are completely saturated. By cutting mitigation response time by 50 percent, 3DCoP can reduce peak traffic by 75 to 90 percent. In addition, Galois also aims to reduce the time between the start of the attack and detection time by 25 percent.
“Our solution advances the state of DDoS defense by providing new tools that allow multiple defenders to coordinate their response, resulting in earlier detection and faster DDoS mitigation,” Wick said.
Derek Major is a former reporter for GCN.