You are here

Enhanced Distributed Denial of Service Defense


OBJECTIVE: Develop tools, techniques, and polices that mitigate the impact of distributed denial of service (DDoS) attacks.

DESCRIPTION: Distributed Denial of Service (DDoS) attacks are used to render key resources unavailable. For example, a classic DDoS attack might disturb a financial institution’s website, and temporarily block a consumer’s ability to conduct online banking. A more strategic attack makes a key resource inaccessible during a critical period. Some examples of this type of attack may include rendering a florist’s website unavailable on Valentine’s Day, slowing or blocking access to tax documents in mid-April, disrupting communication during a critical trading window, etc. Prominent DDoS attacks have been conducted against financial institutions, news organizations, providers of internet security resources, and government agencies. Any organization that relies on network resources is considered a potential target.
The current environment provides several advantages to the attacker, considering that the resource acquisition cost for attackers is relatively low. An attacker often relies on a large number of compromised computers to conduct the attack. Further, as the network bandwidth and computational power increases, the attacker benefits from the increased resources, providing the capability to conduct more powerful attacks. Organizations that make use of network services must invest in resources that keep pace with the increasing significance of the attacks; while organizations that fail to do so run the risk of being compromised. In addition, organizations that deploy resources carelessly may simply provide the attacker with easily compromised resources that can then be used in future attacks. Even businesses with global scale reach, including those providing security related services, have faced challenges in keeping pace with vast DDoS attacks.
This effort seeks tools, techniques, and policies that would help mitigate the attack impact of a 1 Tbps attack originating from over 1,000 locations while shifting the overall advantage from the attacker to defender. The target of the attack may be a hypothetical regional bank that does not have capacity to absorb a 1 Tbps attack. Some collaborative effort will be needed to mitigate the attack. The collaborative effort must make reasonable assumptions on business relationships between the victim and other ISPs, content providers, and other organizations that may be relevant to mitigating the attack. In addition to tools that address today’s attacks, this effort also encourages an approach that looks forward to new DDoS attack vectors, and propose solutions for attacks that are likely to occur in the future. Many of today’s defenses are reactive and designed to address attack patterns that have already been observed. The network infrastructure continues to evolve, therefore enabling the potential for both new types of DDoS attacks and new defenses. For example, attackers are now adapting to growth in smart devices, cyber physical systems, and cloud computing, and are developing new types of DDoS attacks that exploit the unique characteristics of these systems. These same device characteristics may also be used to develop new defenses. Proposals that look forward to network changes and exploit these changes for defense are encouraged.

PHASE I: Phase I proposals should describe a specific tool or technique that can be applied in DDoS defense in the current network, and/or show how the tool or technique would address network changes that might occur in the next 3-5 years. The result is expected to include both an analysis that demonstrates the potential of the approach and proof of concept software.

PHASE II: A prototype device or software capable of deployment in medium scale organization or government agency is desired. The developed component will be delivered to DHS for piloting. The component should leverage applicable and operational best practices for the intended environment. Assertions of security should be verified by independent 3rd parties.

PHASE III: COMMERCIAL OR GOVERNMENT APPLICATIONS: Refine components from Phase II, and work with operating systems and application developers to leverage the functions the module provides. Ensure that the component meets the standards necessary for the deployment in a federal government agency or department.

US Flag An Official Website of the United States Government