{"532141":{"#nid":"532141","#data":{"type":"news","title":"Georgia Tech to Dismantle Pervasive Cyberattacks in 10 Seconds or Less","body":[{"value":"\u003Cp\u003EGeorgia Tech researchers have been awarded a $2.9 million contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to develop a cybersecurity method that will identify and defend against low-volume distributed denial of service (DDoS) attacks.\u003C\/p\u003E\u003Cp\u003EHigh-volume DDoS attacks that overwhelm servers with large amounts of malicious traffic in order to shut down a particular website have received a significant amount of study. However, low-volume attacks have not.\u003C\/p\u003E\u003Cp\u003ELow-volume attacks\u2014while generally receiving less attention from scholars and media outlets\u2014account for a significant percentage of all DDoS assaults. They can take down a website and be as damaging, but may use less bandwidth, are often shorter in duration, and may be designed to distract a security team from the aftershocks of follow-on attacks. In fact, according to Neustar, Inc., around 54 percent of DDoS attacks were found to be relatively small at less than 5 Gbps, yet 43 percent leave behind malware or viruses. Neustar\u2019s \u003Ca href=\u0022https:\/\/www.neustar.biz\/about-us\/news-room\/press-releases\/2016\/neustartwentysixteenaprddos\u0022\u003EApril 2016\u003C\/a\u003E report found that 82 percent of corporations were attacked repeatedly.\u003C\/p\u003E\u003Cp\u003E\u201cThis has been a 25-year problem with no practical solution,\u201d says \u003Ca href=\u0022http:\/\/www.cc.gatech.edu\/people\/taesoo-kim\u0022\u003ETaesoo Kim\u003C\/a\u003E, lead principal investigator for the study and assistant professor in Georgia Tech\u2019s School of Computer Science. \u201cOur goal is to create a precise and timely detection method that identifies attacks by how they subtly change the resource consumption of a machine. With little to no degradation of system performance, we believe we can mitigate the threat and write a new signature for it inside the hardware within approximately 10 seconds so a network interface card will recognize it again. This effectively puts an anti-virus patch into your hardware in real time.\u201d\u003C\/p\u003E\u003Cp\u003EUnder the project name ROKI, Kim and colleagues propose to first establish a baseline of resource consumption using three Intel hardware features. Next, they will develop continuous analysis algorithms to compare a packet\u2019s effect on system performance against historical consumption under similar scenarios. A new path-reconstruction engine will then produce a sequence of instructions to nullify an attack and encode the finding into the network interface card to stop current or future attack traffic.\u003C\/p\u003E\u003Cp\u003E\u201cROKI has the potential to achieve both timeliness and precision,\u201d says \u003Ca href=\u0022http:\/\/www.iisp.gatech.edu\/wenke-lee\u0022\u003EWenke Lee\u003C\/a\u003E, co-PI on the project and co-director of the \u003Ca href=\u0022http:\/\/iisp.gatech.edu\/\u0022\u003EInstitute for Information Security \u0026amp; Privacy\u003C\/a\u003E at Georgia Tech. \u201cWe don\u2019t need to know what an attack looks like, just that it deviates from the baseline. Existing defenses against low-volume DDoS attacks lack precision and they cannot create a response in a timely manner. This will.\u201d\u003C\/p\u003E\u003Cp\u003EThe research is part of DARPA\u2019s \u003Ca href=\u0022http:\/\/www.darpa.mil\/program\/extreme-ddos-defense\u0022\u003EExtreme DDoS Defense\u003C\/a\u003E (XD3) program (awarded under contract #HR0011-16-C-0059) and began in April. First deliverables are expected in approximately 18 months, beginning with a prototype to demonstrate the core idea. The project is expected to be complete in three years. Field exercises to mitigate previously unknown DDoS attacks will occur in 2019.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EAbout the Researchers\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ETaesoo Kim\u003C\/strong\u003E, \u003Cem\u003Eassistant professor, School of Computer Science, College of Computing \u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003EHe received his Ph.D. in Computer Science from the Massachusetts Institute of Technology in 2014 and since has taught at Georgia Tech, attracting nearly $6 million in research awards to the university, inclusive of this announcement. He leads and co-leads projects on large-scale analytics, scalable manycore operating systems, defense mechanisms to harden software, and tag-tracking. His thesis work focused on the design of an intrusion recovery method for operating systems, web applications, distributed web services, and web frameworks that is today the foundation of a company called Nerati.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EWilliam Harris\u003C\/strong\u003E, \u003Cem\u003Eassistant professor, School of Computer Science, College of Computing\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003EHe studies program synthesis, analysis and verification and has developed tools that generate programs to help operating systems meet specified security requirements even if the underlying components may not be trusted.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EWenke Lee\u003C\/strong\u003E, \u003Cem\u003Ethe John P. Imlay Jr. Professor, School of Computer Science, and co-director of the Institute for Information Security \u0026amp; Privacy at Georgia Tech\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003EDr. Lee has worked on large-scale network monitoring, botnet detection, and malware analysis for more than 10 years. His research interests also include systems and network security, applied cryptography, and data mining.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EClifton (Trent) Brunson\u003C\/strong\u003E, \u003Cem\u003Eresearch scientist, Georgia Tech Research Institute\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003EIn his prior academic studies and work, he has performed multiple projects for the Air Force Research Laboratory and DARPA in the areas of cryptography, insider threats, programming languages, cyber battle damage assessment, agentless network monitoring, and IPv6.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EAbout Georgia Tech\u2019s College of Computing\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EThe Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 9th nationally by \u003Cem\u003EU.S. News and World Report\u003C\/em\u003E, the College\u2019s unconventional approach to education is expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit \u003Ca href=\u0022http:\/\/www.cc.gatech.edu\u0022\u003Ewww.cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":[{"value":"Researchers Earn $2.9M DARPA Contract to Fight Low-Volume DDoS Attacks"}],"field_summary":[{"value":"\u003Cp\u003EGeorgia Tech researchers have been awarded a $2.9 million contract from the U.S. Defense Advanced Research Projects Agency (DARPA) to develop a cybersecurity method that will identify and defend against low-volume distributed denial of service (DDoS) attacks.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Georgia Tech researchers have earned a DARPA contract to determine ways of defeating low-volume denial of service attacks on websites."}],"uid":"32045","created_gmt":"2016-05-03 13:27:56","changed_gmt":"2016-10-08 03:21:32","author":"Ben Snedeker","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2016-05-03T00:00:00-04:00","iso_date":"2016-05-03T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"532171":{"id":"532171","type":"image","title":"Taesoo Kim","body":null,"created":"1462377601","gmt_created":"2016-05-04 16:00:01","changed":"1475895314","gmt_changed":"2016-10-08 02:55:14","alt":"Taesoo Kim","file":{"fid":"214991","name":"taesoo_kim_-_klaus_atrium.jpeg","image_path":"\/sites\/default\/files\/images\/taesoo_kim_-_klaus_atrium.jpeg","image_full_path":"http:\/\/tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/taesoo_kim_-_klaus_atrium.jpeg","mime":"image\/jpeg","size":1053934,"path_740":"http:\/\/tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/taesoo_kim_-_klaus_atrium.jpeg?itok=WfpLlalj"}}},"media_ids":["532171"],"groups":[{"id":"47223","name":"College of Computing"}],"categories":[{"id":"135","name":"Research"}],"keywords":[{"id":"1404","name":"Cybersecurity"},{"id":"13253","name":"DARPA grant"},{"id":"170216","name":"DDoS"},{"id":"171994","name":"denial of service attack"},{"id":"171995","name":"malicious traffic"},{"id":"171996","name":"Taesoo"}],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[{"id":"71881","name":"Science and Technology"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EBen Snedeker, News \u0026amp; Media Relations Manager, Georgia Tech College of Computing. 404-894-7253, \u003Ca href=\u0022mailto:albert.snedeker@cc.gatech.edu\u0022 target=\u0022_blank\u0022\u003Ealbert.snedeker@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E","format":"limited_html"}],"email":["albert.snedeker@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}