Plannning for Anycast as Anti-DDoS (PAADDoS)

Project Description

The PAADDoS project’s goal is to defend against large-scale DDoS attacks by making anycast-based capacity more effective than it is today. Anycast use Internet routing to associate users with geographically close sites of a replicated service. During DDoS, anycast sites can provide capacity to absorb an attack, and they can be used to isolate the attack to part of the network.

We will work toward our goal of improving anycast use during DDoS by (1) developing tools to map anycast catchments and baseline load, (2) develop methods to plan changes and their effects on catchments, (3) develop tools to estimate attack load and assist anycast reconfiguration during an attack. and (4) evaluate and integration of these tools with traditional DoS defenses.

We expect these innovations to improve service resilience in the face of DDoS attacks. Our tools will improve anycast agility during an attack, allowing capacity to be used effectively.

PAADDoS is a joint effort of the ANT Lab involving USC/ISI (PI: John Heidemann) and the Design and Analysis of Communication Systems group at the University of Twente (PI: Aiko Pras).

Support

PAADDoS is supported by the DHS HSARPA Cyber Security Division via contract number HSHQDC-17-R-B0004-TTA.02-0006-I, and by NWO.

People

  • Lan Wei, PhD student (USC CS Dept. and ISI)

Publications

    For related publications, please see the ANT publications web page.

    Software

    See also the see the ANT distribution web page.

    Datasets

    We make all datasets and specifically our network outage datasets public through the LACANIC project.

    Related Links: