Penn's Distributed Systems Lab Receives $3.5 Million for Developing Innovative Defenses

(L to R: Andreas Haeberelen, Boon Thau Loo
and Linh Thi Xuan Phan

Penn's Distributed Systems Lab has received a three-year, $3.5 million grant from the Defense Advanced Research Project Agency (DARPA), under the DARPA XD3 program, to develop fundamentally new defenses against distributed denial-of-service (DDoS) attacks that can provide far greater resilience to these attacks than existing solutions.

A DDoS attack uses a network of computers to flood the target with an overwhelming number of requests, preventing legitimate users from accessing it.

"The platform that we are planning to develop is called DeDOS, which stands for Declarative Dispersion-Oriented Software," said Boon Thau Loo, Associate Professor in Computer and Information Science (CIS) and the principal investigator of the project.

"Today's responses to DDoS attacks largely rely on old-school network-based filtering or scrubbing techniques, which are slow, require human input, and cannot handle new attacks. DeDOS takes a radically different approach that combines techniques from declarative programming, program analysis, and real-time resource allocation in the cloud."

Other members of the DeDOS team include CIS faculty members Andreas Haeberlen, Raj and Neera Singh Assistant Professor, and Linh Thi Xuan Phan, Research Assistant Professor, and professors Micah Sherr, Clay Shields, and Wenchao Zhou from Georgetown University.

"Rather than making small improvements to traditional mitigation techniques, we are planning to develop an entirely new software architecture that will make it a lot harder for an attacker to bring down the system," said Haeberlen. "For instance, one way to mitigate denial-of-service attacks today is to create lots of copies of the service that is being attacked. This helps because the attacker is essentially trying to overload the system, and the extra copies increase the available capacity."

In addition to its functionality, Phan spoke to the relevance and purpose that the DeDOS project will serve to as a benefit for the defense community.

"One important use for DeDOS is time-sensitive applications, such as situational awareness and multimedia session control," said Phan. "These applications are particularly challenging because they have strict service-level agreements that they need to meet. We are going to use state-of-the-art resource allocation algorithms and a special type of real-time cloud platform to provably guarantee that these applications can deliver the required performance, even when they are under attack."

DeDOS is one of two projects at Penn that are part of the XD3 program. The other project was awarded to Jonathan M. Smith, Olga and Alberico Pompa Professor in Computer and Information Science. The project, "LOOKOUT: Low-Overhead Observations Keeping Operational Under Threats," is led by defense contractor Vencore. Smith will focus on supporting the overall LOOKOUT architecture development, and will provide guidance and insight from prior cyber programs to support the LOOKOUT research.

To learn more about DARPA XD3 program, visit their website.

Return to News Features