Work by DACS PhD candidate Leandro Bertholdo, together with colleagues ASM Rizvi (shared first author) and John Heidemann from USC/ISI and João Ceron from SIDN Labs was recently presented at the USENIX Security Symposium ’22 in Boston. This work introduces a novel approach to combat DDoS attacks against so-called anycast networks. IP anycast is used for services such as DNS and Content Delivery Networks (CDN) to bring content closer to users, improving the user experience.
Their work, entitled "Anycast Agility: Network Playbooks to Fight DDoS" (https://www.usenix.org/conference/usenixsecurity22/presentation/rizvi), makes anycast networks more dynamic and smarter, enabling them to react when a denial of service (DDoS) attack takes place.
This short teaser video demonstrates the main contributions of the work. When an attack is strong enough to overload an anycast site (AMS in the demo video) the system proposed in the papers estimates the exceeding attack rate, and makes use of a catalog of pre-computed network changes (called “playbooks” in the paper) to rebalance traffic. The system supports manual operation or automated action (auto-mitigation), for those times the security team needs a rest.
Anygility is part of the PAADDOS project (https://paaddos.nl). All software related to the paper is publicly available and has been evaluated as Available, Functional and Reproducible by the USENIX Artefact Evaluation Committee (https://ant.isi.edu/software/anygility/).