Colorado State UniversityIn 2013, an online company called Spamhaus fell victim to one of the Internet's largest-ever cyberattacks, known as a Distributed Denial of Service (DDoS) attack.
Its servers were flooded with unwanted traffic from
hundreds of sources, the company was temporarily forced offline, and its
business was disrupted.
DDoS attacks block computers and networks from their intended
users by inundating servers with data packets that are hard to distinguish from
those of legitimate sources.
It's usually a DDoS attack that forces a bank,
credit card company or media outlet offline. A Colorado State University
research team is creating a new line of defense against such attacks.
Supported by $2.7 million from the Department of Homeland
Security, a CSU interdisciplinary team (computer science, statistics and
computer information systems) is developing a defense service that can sniff
out, ward off and protect against such large-scale online attacks. Their
project is called NetBrane, short for Network Membrane.
"It's ironic -- DDoS is one of the easiest attacks to generate, but one of the hardest to defend against," said Christos Papadopoulos, principal investigator and professor of computer science.
"Unless you have the cooperation of the networks that are upstream of you,
and you ask them to filter the attack, by the time the attack reaches your
network, if it's flooded your capacity, then there's really not much you can
do."
Protecting Internet companies from vulnerabilities in its
networks is so tipped in favor of attackers, that Homeland Security has an
entire grant program dedicated to projects like this one.
The Distributed
Denial of Service Defense Program is headed by another CSU faculty member, Dan
Massey (who did not review this proposal, to avoid conflict of interest).
NetBrane pulls together evolving cybersecurity capabilities
that, together, could help them form a deployable "shield" against
DDoS attacks. NetBrane is utilizing capabilities of filtering internet traffic
at a blazing 100 gigabits per second (a typical link loads at 1 gigbit per
second).
NetBrane will also make use of rapidly expanding cloud
resources, which allow for flexibility in diverting traffic when under attack,
for example, by sending traffic to virtual machines on the cloud.
Lastly, NetBrane is using what's called Software Defined
Networking (SDN) to deploy very fine control of the switches and routers across
the Internet.
"We can tell a particular switch, 'If you see a packet that
looks like this, drop it, or direct it into a different port,'"
Papadopoulos said. "It's like a fine comb with which we can clean out
Internet traffic."
For their part of the project, CSU co-PIs Stephen Hayne, professor
of computer information systems in the College of Business, and Haonan Wang,
professor of statistics in the College of Natural Sciences, are designing
algorithms for anomaly detection in Internet traffic.
Applying cutting-edge
statistical analyses and parallel cloud-based analytics, they are crafting
automated techniques to both predict and detect attacks in a matter of seconds,
as opposed to minutes or hours.
"DDoS attacks are often the blunt edge of hidden
scalpel-like attacks," Hayne said. "We're working to find
computational mechanisms that will predict when an attack is imminent and
detect when it starts to happen -- and the response will be almost
instantaneous."
The researchers are making use of advanced structural
information about the Internet -- where the network vulnerabilities are, and
where to avoid sending traffic -- to react proactively to attacks before they
happen.
They are also working with a startup company called
NoFutzNetworks, with the aim of commercializing their service and hopefully,
making the Internet a safer place for all.
Co-PIs at University of California-Riverside are adding another
element to the mix: Researchers there explore the dark web, infiltrating chat
rooms and gleaning information about where and when insidious activity might
occur.
