In 2013, an online company called Spamhaus fell victim to one of the Internet’s largest-ever cyberattacks, known as a Distributed Denial of Service (DDoS) attack. Its servers were flooded with unwanted traffic from hundreds of sources, the company was temporarily forced offline, and its business was disrupted.
DDoS attacks block computers and networks from their intended users by inundating servers with data packets that are hard to distinguish from those of legitimate sources. It’s usually a DDoS attack that forces a bank, credit card company or media outlet offline. A Colorado State University research team is creating a new line of defense against such attacks.
Homeland Security grant
Supported by $2.7 million from the Department of Homeland Security, a CSU interdisciplinary team (computer science, statistics and computer information systems) is developing a defense service that can sniff out, ward off and protect against such large-scale online attacks. Their project is called NetBrane, short for Network Membrane.
“It’s ironic – DDoS is one of the easiest attacks to generate, but one of the hardest to defend against,” said Christos Papadopoulos, principal investigator and professor of computer science. “Unless you have the cooperation of the networks that are upstream of you, and you ask them to filter the attack, by the time the attack reaches your network, if it’s flooded your capacity, then there’s really not much you can do.”
Protecting Internet companies from vulnerabilities in its networks is so tipped in favor of attackers, that Homeland Security has an entire grant program dedicated to projects like this one. The Distributed Denial of Service Defense Program is headed by another CSU faculty member, Dan Massey (who did not review this proposal, to avoid conflict of interest).
A shield against attacks
NetBrane pulls together evolving cybersecurity capabilities that, together, could help them form a deployable “shield” against DDoS attacks. NetBrane is utilizing capabilities of filtering internet traffic at a blazing 100 gigabits per second (a typical link loads at 1 gigbit per second).
NetBrane will also make use of rapidly expanding cloud resources, which allow for flexibility in diverting traffic when under attack, for example, by sending traffic to virtual machines on the cloud.
Lastly, NetBrane is using what’s called Software Defined Networking (SDN) to deploy very fine control of the switches and routers across the Internet. “We can tell a particular switch, ‘If you see a packet that looks like this, drop it, or direct it into a different port,’” Papadopoulos said. “It’s like a fine comb with which we can clean out Internet traffic.”
For their part of the project, CSU co-PIs Stephen Hayne, professor of computer information systems in the College of Business, and Haonan Wang, professor of statistics in the College of Natural Sciences, are designing algorithms for anomaly detection in Internet traffic. Applying cutting-edge statistical analyses and parallel cloud-based analytics, they are crafting automated techniques to both predict and detect attacks in a matter of seconds, as opposed to minutes or hours.
“DDoS attacks are often the blunt edge of hidden scalpel-like attacks,” Hayne said. “We’re working to find computational mechanisms that will predict when an attack is imminent and detect when it starts to happen – and the response will be almost instantaneous.”
Structure of the Internet
The researchers are making use of advanced structural information about the Internet – where the network vulnerabilities are, and where to avoid sending traffic – to react proactively to attacks before they happen.
They are also working with a startup company called NoFutzNetworks, with the aim of commercializing their service and hopefully, making the Internet a safer place for all.
Co-PIs at University of California-Riverside are adding another element to the mix: Researchers there explore the dark web, infiltrating chat rooms and gleaning information about where and when insidious activity might occur.