For Immediate Release
DHS Science & Technology Press Office
Contact: John Verrico, (202) 254-2385
WASHINGTON – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today awarded a contract to the University of California San Diego (UCSD) to create technology to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks. The $1.3 million project titled “Surveying Spoofing Susceptibility in Software Systems” was awarded through Broad Agency Announcement HSHQDC-14-R- B00017 and will become part of the DHS S&T Cyber Security Division’s larger Distributed Denial of Service Defenses (DDoSD) program.
DDoS attacks are used to render key resources unavailable. A typical DDoS attack might disrupt an organization’s website and temporarily block a consumer’s ability to access the site. A more strategic attack makes a key resource inaccessible during a critical period. Prominent DDoS attacks have been conducted against financial institutions, news organizations, providers of internet security resources, and government agencies. Any organization that relies on network resources is considered a potential target, and the current cyber environment offers many advantages to the attacker.
S&T's Cyber Security Division is partnering with the United Kingdom's Centre for the Protection of National Infrastructure and the Defence Science and Technology Laboratory on this effort.
“Ensuring that our nation’s networks are secure from DDoS attacks is an S&T priority,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “The DDoSD program will develop innovative technology solutions to combat current and emerging threats.”
The UCSD effort aims to measure and improve the use of source address validation (SAV) in the Internet. In many cases, an attacker can send Internet packets using a false source address. In other words, the attacker falsely reports the packets are coming from a company, organization, or government agency when in fact the packets are coming from the attacker. A number of denial of service attacks rely on the use of forged source addresses, and forged addresses make tracing the real source of attacks more difficult. SAV techniques could prevent this behavior if they are more broadly deployed and measured. The UCSD team proposes to research, develop, test, and demonstrate new tools and methodologies to monitor and promote SAV. If successful, the effort will increase the deployment of SAV across the Internet, making some attacks no longer possible and making many other attacks easier to defend against.
“The effort by UCSD focuses on industry-developed best practices that have wide general support, but have yet to see wide scale adoption in practice,” said Dr. Dan Massey, Cyber Security Division DDoSD Program Manager. “The DHS S&T Cyber Security Division is helping to promote established best practices that, if widely adopted, will make the Internet more secure for everyone.”
With the success of launching this R&D project, S&T looks forward to securing the nation’s networks by anticipating and defending against DDoS attacks.