The U.S. Defense Advanced Research Projects Agency (DARPA) is spending heavily to automate the cyber defense responses of the U.S. military to counter distributed denial-of-service (DDoS) attacks that are widely expected to precede a limited armed conflict or a full-scale war with another nation.
DARPA’s answer to this deadly threat is Extreme DDoS Defense or XD3. This program will alter the way the military protects its networks from high- and low-speed DDoS attacks. The general public and private business firms will also benefit from this program.
A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system such as the Pentagon’s using one or more web servers. These attacks are difficult to thwart since multiple machines are used to overwhelm a target. It’s also difficult to deal with since responses to DDoS attacks are usually delayed and manually driven.
Over the past seven months, DARPA has awarded seven XD3 multi-million dollar contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs and the University of Pennsylvania.
DARPA said the nature of DDoS attacks span a wide range. Botnet-induced volumetric attacks, which can generate hundreds of gigabits per second of malicious traffic, are perhaps the best-known form of DDoS.
“However, low-volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint. Such attacks target specific applications, protocols or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques.”
DARPA noted the current art in DDoS defense generally relies on combinations of network-based filtering, traffic diversion and “scrubbing” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and provide diverse access for legitimate users.
It said these approaches fall well short of desired capabilities in terms of response times and the ability to identify and to thwart low-volume DDoS. Current methods also don’t have the ability to stop DDoS within encrypted traffic. There is also the need to defend real-time transactional services such as those associated with and military command and control.
DARPA laments that responses to DDoS attacks are too slow and manually driven.
Diagnosis and formulation of filtering rules often take hours to formulate and execute. This means a clear need exists for fundamentally new DDoS defenses with far greater resilience to DDoS attacks across a broader range of contexts, than existing approaches or evolutionary extensions.