DDoS Defense in Depth for DNS (DDIDD)
John Heidemann, Wes Hardaker, Jelena Mirkovic, ASM Rizvi and Robert Story
USC/Information Sciences Institute
Citation
John Heidemann, Wes Hardaker, Jelena Mirkovic, ASM Rizvi and Robert Story. DDoS Defense in Depth for DNS (DDIDD). Invited talk at the Trusted CI Webinar. [PDF] [alt PDF]
Abstract
he DDIDD Project (DDoS Defense in Depth for DNS) is applying existing and developing new defenses against Distributed-Denial-of-Service attacks for operational DNS infrastructure. We are building a defense-in-depth approach to mitigate Distributed Denial-of-Service attacks for DNS servers, with approaches to filter spoofed traffic, identify known-good traffic when possible, and employ cloud-based scaling to handle the largest attacks. We are working with USC’s B-Root team to test our approaches as a case study, and are making approaches open source as they become available. This talk will summarize the project and our overall approach, provide details about some of our early filters and filter selection, and describe where we plan to go in the remaining year.Bibtex Citation
@misc{Heidemann19a, author = {Heidemann, John and Hardaker, Wes and Mirkovic, Jelena and Rizvi, ASM and Story, Robert}, title = {{DDoS} Defense in Depth for {DNS} (DDIDD)}, howpublished = {Invited talk at the Trusted CI Webinar}, month = dec, year = {2019}, sortdate = {2019-12-09}, project = {ant, ddidd, paaddos, diiner}, jsubject = {topology_modeling}, jlocation = {johnh: pafile}, keywords = {anti-DDoS, network security, B-Root, invited talks}, url = {https://ant.isi.edu/%7ejohnh/PAPERS/Heidemann19a.html}, pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Heidemann19a.pdf}, videourl = {https://youtu.be/g_IivqPLdQM}, myorganization = {USC/Information Sciences Institute}, copyrightholder = {authors} }