FloCon 2017 has ended
Back To Schedule
Tuesday, January 10 • 1:30pm - 2:00pm
DDoS Defense with a Community of Peers (3DCoP)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Distributed Denial of Service (DDoS) attacks have grown dramatically in size over the last few years. Modern amplification attacks can easily generate over 500 Gbps of traffic, threatening companies, ISPs and cloud infrastructure. To help defend against these advanced threats, Galois is developing 3DCoP: a peer-to-peer (P2P) system that uses collaboration between networks to detect and mitigate malicious traffic. 3DCoP analyzes traffic and shares information about suspicious patterns, allowing the community of peers to detect and respond to threats before their networks are overwhelmed with traffic. Our simulations show that 3DCoP may be able to detect spoofed IP addresses and suppress
amplification-based DDoS attacks.

In our system, each network runs a 3DCoP node that monitors the traffic crossing their boundaries. The nodes are connected to each other over a decentralized P2P network, allowing messages to be exchanged out-of-band over various transport mechanisms as needed, giving resilience and flexibility under attack conditions.

With 3DCoP, different networks can exchange messages about their flows, effectively letting them talk about their traffic. This innovation leads to many interesting possibilities, and in this project we are focusing on using this flow-sharing to achieve DDoS defense. Even with a minimal deployment of 3DCoP nodes, it may be possible to mitigate DDoS attacks closer to their sources. This innovative system potentially gives small and medium sized networks the ability to defend themselves against even the largest scale DDoS attacks.

This project is the result of funding provided by the Science and Technology Directorate of the United States Department of Homeland Security under contract number D15PC00185. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security, or the U.S. Government.

avatar for Jem Berkes

Jem Berkes

Galois, Inc.
Mr. Berkes has 15 years of experience developing software to defend against Internet-based threats, particularly malware, remote exploits, and spam. At Galois, Mr. Berkes is the Research Lead for DDoS Defense and previously worked on experimental operating system defenses and probabilistic... Read More →

Tuesday January 10, 2017 1:30pm - 2:00pm PST
Great Room V-VIII 7450 Hazard Center Dr.