DARPA has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs and this week to the University of Pennsylvania Credit: Reuters Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3). The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program. The UPenn project is developing defenses against distributed denial of service attacks that target specific protocols and their logic. These attacks are often difficult to diagnose and stop because the total volume of malicious traffic may be very low. The UPenn project attempts to pinpoint the specific protocol component that is under attack and then massively replicate that component to blunt the effects of the attack, DARPA stated. +More on Network World: What network technology is going to shake up your WAN?+ “The nature of DDoS attacks can span a wide range. Botnet-induced volumetric attacks, which can generate hundreds of gigabits per second of malicious traffic, are perhaps the best-known form of DDoS. However, low-volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint. Such attacks target specific applications, protocols or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques,” DARPA said. The current art in DDoS defense generally relies on combinations of network-based filtering, traffic diversion and ”scrubbing” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and/or to provide diverse access for legitimate users. In general, these existing approaches fall well short of desired capabilities in terms of response times, the ability to identify and to thwart low-volume DDoS, the ability to stop DDoS within encrypted traffic and the need to defend real-time transactional services such as those associated with cloud computing and military command and control, according to DARPA. +More on network World: DARPA wants to toughen-up WAN edge networking, security+ Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. A clear need exists for fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions, DARPA stated. DARPA says the XD3 program looks to develop technologies that: Thwart DDoS attacks by dispersing cyber assets (physically and/or logically) to complicate adversarial targeting Disguise the characteristics and behaviors of those assets to confuse or deceive the adversary Blunt the effects of attacks that succeed in penetrating other defensive measures by using adaptive mitigation techniques on endpoints such as mission‐critical servers. Check out these other hot stories: The Martian author Andy Weir calls for massive new space station to prep humans for Mars trip 911 emergency services ripped by HBO’s John Oliver DHS Inspector General lambasts TSA’s IT security flaws Smartphone tracking apps raise security, privacy and legality questions Sabotage? Rash of fiber cuts dog Verizon NASA’s planet hunter spots record 1,284 new planets, 9 in a habitable zone DHS moves to bolster intrusion/detection for federal networks FTC orders Apple, Google, Microsoft, Blackberry, Samsung to divulge mobile security practices Ethernet: Are there worlds left to conquer? Interop: NBase-T makes “low-speed” Ethernet splash Related content news analysis FBI/IC3: Vile $5B business e-mail scam continues to breed FBI/IC3 reports over 40,000 worldwide victims and $5 billion in the latest reckoning By Michael Cooney May 08, 2017 5 mins Security news analysis Ultimate geek dream? NASA challenges you to jump on the FORTRAN bandwagon! NASA opens High Performance Fast Computing Challenge By Michael Cooney May 05, 2017 4 mins Government Open Source Enterprise Applications news analysis Fragmented, disorganized IT systems thwart feds ability to track visas DHS OIG says ineffective IT process has contributed to a backlog of more than 1.2 million visa overstay cases. By Michael Cooney May 04, 2017 5 mins Analytics Data Center Security news analysis TSA: “As you can imagine, live anti-tank rounds are strictly prohibited altogether.” TSA finds live anti-tank round in carry-on bag By Michael Cooney Apr 28, 2017 2 mins Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe