One if by land, two if by internet

This story was originally published in the April 25 issue of Fourth Estate.

How Mason researchers are leading the charge in preventing digital attacks

(Megan Zendek/Fourth Estate)

(Megan Zendek/Fourth Estate)

Two weeks ago on Friday, April 15, a team of Mason researchers and students were awarded a grant by the Defense Advanced Research Projects Agency (DARPA) for their work in creating a new technique for fighting distributed denial-of-service (DDoS) attacks.

Daniel Fleck, Ph.D., is a research associate professor at the Center for Assurance Research and Engineering (CARE) within the Volgenau School of Engineering and one of the three co-authors of the research that led to the DARPA grant. According to Fleck, DDoS attacks are designed “to take [an online computer] system offline to make it unavailable for other people to use,” which can bring down vital internet services.

These attacks are incredibly common and can be targeted at “the IT industry, cloud services, media companies, entertainment companies, the financial sector, the public sector or anybody,” Fleck explained.

DDoS attacks are difficult to defend against, and they are only increasing in frequency, which makes stopping them a priority for both the private and public sectors.

In “On the Move: Evading Distributed Denial-of-Service Attacks,” Fleck, along with fellow CARE Center researchers Angelos Stavrou, Ph.D., and Constantinos Kolias, Ph.D., proposed a different approach to fighting DDoS attacks. Rather than attempting to win a war of attrition through sheer scale, Stavrou, Fleck and Kolias proposed using MOTAG, an approach that employs a system they call the “shuffle” or “moving target” defense.

A lot of complicated computer science work goes into planning DDoS attacks, but they are remarkably simple in concept: the goal is to overload the servers of any given service or computer system, causing the service to crash. While cybersecurity engineers scramble to bring the service back online, hackers are able to steal valuable information such as credit card numbers, email addresses, personal information or corporate data.

According to Fleck, hacker groups, terrorist groups or foreign governments perform DDoS attacks “by taking over lots of other people’s computers … and then [using] those computers to launch an attack that takes another server offline. Essentially, how it works is to send lots and lots and lots of traffic and data to the server, and the server just can’t handle all of it.”

By hijacking other computers and networking them into “botnets,” hackers are able to input more data into the server than it can handle, causing it to shut down.

Typically, cybersecurity operations defend against DDoS attacks by trying to beat the hackers with sheer force. If the cybersecurity group has more servers (grouped into clusters called “server farms”) than the hackers can overwhelm with their data and traffic, the attack will be unsuccessful. However, along with being costly, this method can fail against larger hacking operations or groups, whose massive botnets can overwhelm even the largest server farms.

Stavrou, Fleck and Kolias’s MOTAG approach has two primary methods for addressing these attacks. First, as the attack begins to hit the targeted servers, the system will begin to “shuffle” the servers to different locations on the internet every few seconds. In and of itself, this technique can be effective, since it can be difficult for hackers to track and follow the servers as they move, forcing the hacker to lose their target and, consequently, to stop attacking the servers.

As these servers are shuffled throughout the internet, the system divides all of the users on each server among new, additional servers. The system then looks at these newly-divided servers and checks which ones are being attacked. If nobody is attacking one of these new servers, it is safe, and every user on that server can be labeled “not an attacker.”

The system repeatedly shuffles and divides the servers, while narrowing down the list of possible attackers and identify the correct ones, which the system can then block out.

This innovative approach got the attention of DARPA, a governmental agency that, according to Fleck, focuses on “high-risk, high-reward” research projects. DARPA has already provided this Mason research team with one grant of over $1 million, though two more grants are expected in the coming weeks. The researchers were informed of this grant in a notice sent from DARPA two weeks ago, said an email from Mary Crowson, the program operations specialist for the CARE Center.

However, this money is not for Mason alone. Stavrou, Fleck and Kolias, along with a research team that includes Mason graduate students, are forming a team of researchers from Columbia University, Pennsylvania State University and BAE systems, a cybersecurity company. Mason’s researchers will be leading the team. Crowson noted that by 2019, DARPA is expected to invest $4 million in this team “with the goal of designing a solution for denial-of-service attacks.”

This grant, coming on the heels of Mason’s designation as an R1 research institute, will help cement Mason’s status as the largest public research university in Virginia. Mason is becoming a research juggernaut, and Stavrou, Fleck and Kolias and their team are among those leading the charge.