The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for denial-of-service

May 6, 2016 By AMK

Georgia Tech snags $2.9 million DARPA contract to develop defense against denial-of-service attacks

Georgia Tech researchers have been awarded a $2.9 million contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to develop a cybersecurity method that will identify and defend against low-volume distributed denial of service (DDoS) attacks.

DARPAHigh-volume DDoS attacks that overwhelm servers with large amounts of malicious traffic in order to shut down a particular website have received a significant amount of study. However, low-volume attacks have not.

Low-volume attacks — while generally receiving less attention from scholars and media outlets — account for a significant percentage of all DDoS assaults. They can take down a website and be as damaging, but may use less bandwidth, are often shorter in duration, and may be designed to distract a security team from the aftershocks of follow-on attacks. In fact, according to Neustar, Inc., around 54 percent of DDoS attacks were found to be relatively small at less than 5 Gbps, yet 43 percent leave behind malware or viruses. Neustar’s April 2016 report found that 82 percent of corporations were attacked repeatedly.

GT College of Computing“This has been a 25-year problem with no practical solution,” says Taesoo Kim, lead principal investigator for the study and assistant professor in Georgia Tech’s School of Computer Science. “Our goal is to create a precise and timely detection method that identifies attacks by how they subtly change the resource consumption of a machine. With little to no degradation of system performance, we believe we can mitigate the threat and write a new signature for it inside the hardware within approximately 10 seconds so a network interface card will recognize it again. This effectively puts an anti-virus patch into your hardware in real time.”

Under the project name ROKI, Kim and colleagues propose to first establish a baseline of resource consumption using three Intel hardware features. Next, they will develop continuous analysis algorithms to compare a packet’s effect on system performance against historical consumption under similar scenarios. A new path-reconstruction engine will then produce a sequence of instructions to nullify an attack and encode the finding into the network interface card to stop current or future attack traffic.

“ROKI has the potential to achieve both timeliness and precision,” says Wenke Lee, co-PI on the project and co-director of the Institute for Information Security & Privacy at Georgia Tech. “We don’t need to know what an attack looks like, just that it deviates from the baseline. Existing defenses against low-volume DDoS attacks lack precision and they cannot create a response in a timely manner. This will.”

The research is part of DARPA’s Extreme DDoS Defense (XD3) program (awarded under contract #HR0011-16-C-0059) and began in April. First deliverables are expected in approximately 18 months, beginning with a prototype to demonstrate the core idea. The project is expected to be complete in three years. Field exercises to mitigate previously unknown DDoS attacks will occur in 2019.

 

Source: http://www.cc.gatech.edu/news/532141/georgia-tech-dismantle-pervasive-cyberattacks-10-seconds-or-less

Filed Under: Georgia Tech News Tagged With: cybersecurity, DARPA, DDoS, denial-of-service, Georgia Tech

September 11, 2014 By AMK

GTRI’s open source intelligence gathering system aggregates threat information to warn of possible cyber attacks

Coordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information – these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning.

Gathering and understanding this cyber-intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.

GTRI logo“BlackForest is on the cutting edge of anticipating attacks that may be coming,” said Christopher Smoak, a research scientist in GTRI’s Emerging Threats and Countermeasures Division. “We gather and connect information collected from a variety of sources to draw conclusions on how people are interacting. This can drive development of a threat picture that may provide pre-attack information to organizations that may not even know they are being targeted.”

The system collects information from the public Internet, including hacker forums and other sites where malware authors and others gather. Connecting the information and relating it to past activities can let organizations know they are being targeted and help them understand the nature of the threat, allowing them to prepare for specific types of attacks. Once attacks have taken place, BlackForest can help organizations identify the source and mechanism so they can beef up their security.

Organizing distributed denial-of-service (DDoS) attacks is a good example of how the system can be helpful, Smoak noted. DDoS attacks typically involve thousands of people who use the same computer tool to flood corporate websites with so much traffic that customers can’t get through. The attacks hurt business, harm the organization’s reputation, bring down servers – and can serve as a diversion for other types of nefarious activity.

But they have to be coordinated using social media and other means to enlist supporters. BlackForest can tap into that information to provide a warning that may allow an organization to, for example, ramp up its ability to handle large volumes of traffic.

“We want to provide something that is predictive for organizations,” said Ryan Spanier, head of GTRI’s Threat Intelligence Branch. “They will know that if they see certain things happening, they may need to take action to protect their networks.”

Malware authors often post new code to advertise its availability, seek feedback from other writers and mentor others. Analyzing that code can provide advance warning of malware innovations that will need to be addressed in the future.

“If we see a tool pop up written by a person who has been an important figure in the malware community, that lets us know to begin working to mitigate the new malware that may appear down the road,” Smoak said.

Organizations also need to track what’s being made available in certain forums and websites. When a company’s intellectual property starts showing up online, that may be the first sign that a network has been compromised. Large numbers of credit card numbers, or logins and passwords, can show that a website or computer system of a retail organization has been breached.

“You have to monitor what’s out in the wild that your company or organization owns,” said Spanier. “If you have something of value, you will be attacked. Not all attacks are successful, but nearly all companies have some computers that have been compromised in one way or another. You want to find out about these as soon as possible.”

Monitoring comments on websites can also reveal what kinds of security reputations organizations may have. If the advice is to avoid a particular organization because previous attacks have failed, that can give an organization a sense that its security is good. Attackers often seek the easiest targets, Spanier noted.

Individual organizations could gather the kinds of information monitored by BlackForest, but few organizations have the resources to connect the information. GTRI customizes the system to gather information specific to each user and their industry segment.

“The average organization doesn’t have the means to crawl all of this data and put together the complex algorithms needed to identify the useful information,” Smoak explained. “Because we have the environment and the connectivity, we have what we need to obtain this information.”

By automating much of the work involved in gathering and monitoring information, BlackForest can allow human resources to be used for more challenging information security activities.

“Our goal is to have tools that will help focus the resources so that the most valuable resources are used for the more difficult issues,” said Smoak. “Right now, we tend to find all kinds of security fires the same. This will help us focus on the most important threats.”

BlackForest joins two other GTRI cyber-security systems already available. Apiary is a malware intelligence system that helps corporate and government security officials share information about the attacks they are fighting. Phalanx helps fight the spear phishing attacks that are carried out by tricking email recipients to open malware-infected attachments or follow malicious web links.

Source: http://gtri.gatech.edu/casestudy/blackforest-gtri-aggregates-cyber-threat-informati

Filed Under: Georgia Tech News Tagged With: cybersecurity, denial-of-service, Georgia Tech, GTRI, information security, intelligence gathering, malware, open source, security

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute