The increasing use of the Internet for critical services makes flooding distributed denial-of-service (DDoS) a top security threat. The three main defense functionalities — attack detection, rate limiting and traffic differentiation — are most effective when performed at the victim-end, core and source-end respectively.

DefCOM harvest the strengths of existing defenses by organizing them into a collaborative overlay, and loading them with communication and collaboration functionalities. Nodes collaborate during the attack to spread alerts and recognize and protect legitimate traffic, while rate limiting the attack. DefCOM can accommodate a large variety of existing defenses, provide synergistic response to attacks and naturally lead to Internet-wide response to DDoS threat.

Contributors

• Jelena Mirkovic
• George Oikonomou
• Peter Reiher
• Max Robinson

This work has been supported by the National Science Foundation, under the grant number 0430228.