EAGER: Collaborative: Leveraging High-Density Internet Peering Hubs to Mitigate Large-Scale DDoS Attacks

EAGER：协作：利用高密度互联网对等中心缓解大规模 DDoS 攻击

• 批准号: 1741608
• 负责人: Roberto Perdisci
• 金额: $ 17.98万
• 依托单位: University of Georgia Research Foundation Inc
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-15 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1741608&HistoricalAwards=false
• 关键词: EAGER; Collaborative; Leveraging; Density; Internet

Large-scale distributed denial of service (DDoS) attacks pose an imminent threat to the availability of critical Internet-based operations, as demonstrated by recent incidents that brought down a number of highly popular web services such as Twitter, Spotify and Reddit. While several solutions to counter DDoS attacks have been proposed by both industry and academia, most of the solutions that are currently deployed on the Internet - such as traffic scrubbing - tend to detect and mitigate DDoS attacks close to the victim edge network, once the attack has already caused damage. Creating systems for early DDoS attack detection and mitigation that can be deployed at the core of the Internet has the potential to significantly improve Internet security and reliability. This project investigates innovative machine learning-based DDoS attack detection and mitigation solutions that can be deployed at the core of the Internet, within Internet eXchange Points (IXPs). IXPs are high-density peering hubs that provide infrastructure used by autonomous systems (ASes) to interconnect, and are therefore well positioned to observe significant fractions of global Internet traffic. The project leverages IXP-based traffic monitoring to develop advanced traffic analysis and classification methods for efficient, automated early detection and mitigation of DDoS attacks. The researchers aim to first investigate methods for defending against distributed reflective DoS (DRDoS) attacks, which rely on spoofed IP traffic to amplify the attacker's available bandwidth, and to then expand the investigation to volumetric DDoS attacks that do not rely on spoofed traffic. As part of the project, the researchers aim to develop collaborations with IXPs and Internet operators around the world, to facilitate research on DDoS defenses and increase opportunities for high-impact technology transfer.

大规模的分布式拒绝服务（DDoS）攻击对关键的基于互联网的操作的可用性构成了迫在眉睫的威胁，正如最近导致Twitter、Spotify和Reddit等许多非常受欢迎的网络服务瘫痪的事件所证明的那样。虽然业界和学术界都提出了几种应对DDoS攻击的解决方案，但目前在互联网上部署的大多数解决方案（如流量清洗）往往是在攻击已经造成损害的情况下，在靠近受害者边缘网络的地方检测和减轻DDoS攻击。创建可部署在互联网核心的早期DDoS攻击检测和缓解系统，有可能显著提高互联网的安全性和可靠性。该项目研究了创新的基于机器学习的DDoS攻击检测和缓解解决方案，这些解决方案可以部署在互联网的核心，在互联网交换点（ixp）内。ixp是高密度对等中心，提供自治系统（ase）用于互连的基础设施，因此可以很好地观察全球互联网流量的很大一部分。该项目利用基于ixp的流量监测，开发先进的流量分析和分类方法，以实现高效、自动化的早期检测和缓解DDoS攻击。研究人员的目标是首先研究防御分布式反射DoS （DRDoS）攻击的方法，这种攻击依赖于欺骗的IP流量来放大攻击者的可用带宽，然后将调查扩展到不依赖于欺骗流量的容量DDoS攻击。作为该项目的一部分，研究人员旨在与世界各地的ixp和互联网运营商开展合作，以促进DDoS防御的研究，并增加高影响力技术转让的机会。

项目成果

Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs

检测和测量 IXP 上的野外 DRDoS 攻击

• DOI: 10.1007/978-3-030-80825-9_3
• 发表时间: 2021
• 期刊: and Vulnerability Assessment
• 作者: Subramani, Karthika;Perdisci, Roberto;Konte, Maria
• 通讯作者: Konte, Maria