Skip to content
Internet Society Foundation
  • About
    • Board of Trustees
    • Our Projects
    • Our Team
    • 2024 Impact Report
    • 2025 Action Plan
    • Press Center
  • Funding Areas
    • Beyond the Net
    • BOLT
    • Chapter Admin Funding
    • Connecting the Unconnected
    • Encryption Day
    • Internet Governance Forum Events
    • Research
    • Resiliency
    • SCILLS
    • Sustainable Peering Infrastructure Funding Program
    • Sustainable Technical Communities
  • Resources
    • Grantee Eligibility & Compliance Guidance
    • Application Review Process
    • Alignment Requirements
    • Grant Management & Reporting Expectations
    • Grant Application and Project Implementation Guidance
    • Grant Partner Communications Toolkit
    • How to use Fluxx
    • Logo guidelines
  • News & Stories
    • News
    • Impact stories
    • The Bcc podcast
  • Careers
  • The Internet Society
  • Subscribe
  • Languages:ENESFR
FacebookTwitterLinkedinInstagramRssEmail
This content is available in the following languages
The Internet Society English is the current languageEspañolFrançais
  • Subscribe
    Internet Society Foundation
    • About
      • Board of Trustees
      • Our Projects
      • Our Team
      • 2024 Impact Report
      • 2025 Action Plan
      • Press Center
    • Funding Areas
      • Beyond the Net
      • BOLT
      • Chapter Admin Funding
      • Connecting the Unconnected
      • Encryption Day
      • Internet Governance Forum Events
      • Research
      • Resiliency
      • SCILLS
      • Sustainable Peering Infrastructure Funding Program
      • Sustainable Technical Communities
    • Resources
      • Grantee Eligibility & Compliance Guidance
      • Application Review Process
      • Alignment Requirements
      • Grant Management & Reporting Expectations
      • Grant Application and Project Implementation Guidance
      • Grant Partner Communications Toolkit
      • How to use Fluxx
      • Logo guidelines
    • News & Stories
      • News
      • Impact stories
      • The Bcc podcast
    • Careers
    • The Internet Society
    • Subscribe
    • Languages:ENESFR
    Research Grants

    Transforming the Responsibility for Trusted Denial-of-Service Mitigation in the Internet

    Home / Projects / Research Grants / Transforming the Responsibility for Trusted Denial-of-Service Mitigation in the Internet
    Computer LCD screen with multiple pings. Virus and DDOS attack concept

    Grant Program

    Research Grants

    Grantee Name

    The Regents of the University of California in partnership with Massachusetts Institute of Technology

    Grant Start Date

    1 June 2023

    Grant End Date

    31 May 2025

    Amount Funded

    $500,000.00

    City

    La Jolla

    Country

    United States

    Region

    Global

    See More Projects

    The question addressed in this research is how to transform the cost of mitigating Denial-of-Service (DoS) attacks on the Internet from a burden on the potential victim to a burden on attackers. Reducing the cost of mitigation DoS attacks to the victims and increasing that burden on the attackers helps enhance trust in the network.

    The project proposes three focal points for metrics, both technical and economic: 1) the impact on the potential victim of an attack (examining the quality of experience (QoE) of the applications at the victim and then understanding how that is reflected in the exhaustion of lower-level resources such as bandwidth, CPU, and memory); 2) the burden on potential attackers (the question to ask with respect to the attackers is the “cost” to them in terms of performance and utilization of resources); and 3) the impact on the infrastructure of the network itself (their primary resource to be evaluated is bandwidth, but also the router capacity on performance and economic level).    

    WHY IS THIS RESEARCH IMPORTANT? 

    The contributions of this project are both technical and economic. In particular: 

    1. Putting the burden both computationally and economically on the attackers rather than the victims and their agents will significantly change the dynamics, reducing or eliminating these types of attacks when the cost becomes too great. 

    2. Because it is well understood that attackers will move to less burdensome forms of attacks, understanding and eliminating whole classes of attacks and the protocols used to launch them with respect to other widely utilized protocols or protocols critical to the infrastructure, such as NTP, will significantly reduce the opportunities for successful attacks. 

    3. More broadly, by bringing together both technical and economic analysis, the research has a significant impact on the commercial side of networking. As an example, if Internet providers are able to evaluate their options both technically and economically in helping to reduce unwanted and malicious traffic with either minimal negative impact on their customers or perhaps even with a positive economic and experiential effect on their customers, the benefit of this approach is that it improves the trust that society places in the Internet. The final result is an opportunity to improve overall trust in the Internet, specifically with respect to resistance to, and lowered costs of handling volumetric denial-of-service attacks. 

    METHODOLOGY  

    This research has an experimental methodological approach.  

    In order to run the experiments and collect the data, the “Merge testbed Platform” is used (an emulation facility designed specifically for security experimentation). Because very large amounts of intentionally malicious traffic are sent, such experiments cannot be performed on a live, operational network without significant negative impact. Merge is designed not only for isolation of security experiments but also to create suites of experiments controlling for a wide variety of configurations such as topology, computation and memory sizes of the nodes, characterization of links (e.g. bandwidth, packet loss, jitter, etc.), operating systems, and so forth. 

    For each of the four scenarios (TCP/HTTP, TLS/HTTPS, UDP and possibly NTP), four sets of experiments will be performed, measuring both user-level transaction completion as well as bandwidth, CPU utilization, and memory utilization, from the perspectives of the intended victims, the attackers and routers internal to the network: (1) No attacks and no mitigation, as a baseline; (2) Attacks and no mitigation, as the worst case scenario; (3) No attacks, but mitigation present, as the normal case when prepared for an attack, as the cost of mitigation; and (4) Attacks and mitigation, as the benefit of mitigation.  

    With the resulting data from the experiments, the analysis involves aggregation, cross-correlation, and development of economic models.  

    The Internet is for Everyone

    The Internet Society Foundation supports the vision of the Internet Society and its work for an open, globally-connected, secure, and trustworthy Internet for everyone.

    isoc_foundation_logo@2x

    1551 Emancipation Highway #1506
    Fredericksburg, VA 22401

    1-703-439-2120

    [email protected]

    LinkedIn ISOC Foundation on Facebook ISOC Foundation on Instagram ISOC Foundation on YouTube ISOC Foundation on Twitter ISOC Foundation RSS feed
    Guidestar Platinum seal of transparency 2020

    Subscribe to our newsletter

    Get the latest news and announcements from our projects. Unsubscribe at any time. We won't use your details for anything else.

    Please enter your name.
    Please enter a valid email address.
    Subscribe!

    Thanks for subscribing! Please check your email for further instructions.

    Something went wrong. Please check your entries and try again.

    © 2024 Internet Society Foundation | Privacy Policy | Terms of use | Engagement Code of Conduct | Our Governance | DMCA Policy | Sitemap

    Scroll To Top