Project Managers: Prof. dr. ir. Aiko Pras / Dr. Anna Sperotto
Faculty of Electrical Engineering, Mathematics and Computer Science
Tel.: +31-53-4893778 / +31-53-4892812
Email: firstname.lastname@example.org / email@example.com
The goal of this project is to develop an architecture to detect and mitigate Distributed Denial of Service (DDoS) attacks on public organizations, e.g., schools. Since summer 2013 the number of such attacks has increased rapidly, primarily due to availability of booters, i.e., web-based facilities that offer “DDoS-as-a-service”. Booters find their origins within the Internet gaming community, and can be used for a few euros by people without any technical skills. Since booters use general Internet services such as DNS and NTP to amplify their attacks, they can operate without an underlying botnet.
Although DDoS attacks are well-known in literature, it took the Wikileaks “operation payback” (2010) until the general audience understood the potential power of such attacks. Since then we’ve witnessed attacks on banks and crucial Internet services; some of these attacks even reached traffic peaks of 400 Gbps. Since summer 2013 the Dutch Research Network provider (SURFNet) sees a trend that students use booters to attack schools, often at times of exams. Also other public organizations and services, e.g., tax offices, DigiD, municipalities, hospitals are increasingly being targeted.
The novel approach of this project is to detect DDoS attacks at an early stage, within the core network. The scientific contribution is in two areas. First, Software Defined Networking (SDN) principles (OpenFlow) will be applied to re-route at an early stage attack traffic towards filtering systems that employ sophisticated anomaly detection mechanisms (e.g., HMM and SVM). Second, business modeling will be an integral part of the research, including economic, regulatory and ethical aspects.
Project duration: 2014-2018
Project budget: 622.8 k-€ / 480 k-€ funding
Number of person/months: 2.6 fte
Involved groups: Design and Analysis of Communication Systems (DACS) / Industrial Engineering and Business Information Systems (IEBIS)
CTIT Research Centre: Centre for Safety and Security in Smart Societies (C.S4)