DeDOS: Declarative Dispersion-Oriented Software

Project overview

Illustration The goal of this project is to create fundamentally new defenses against distributed denial-of-service (DDoS) attacks that can provide far greater resilience to these attacks compared to existing solutions. Today's responses to DDoS attacks largely rely on old-school network-based filtering or scrubbing, which are slow and manual, and cannot handle new attacks. DeDOS takes a radically different approach that combines techniques from declarative programming, program analysis, and real-time resource allocation in the cloud.

Rather than relying on traditional detection and mitigatiton techniques, the project aims to develop a new software architecture from the ground up that make it significantly harder for an attacker to slow down to system without expending large amounts of resources. For example, instead of running monolithic software and naively replicating it when under an attack, DeDOS logically and physically restructures complex software systems into smaller components that can react to attacks at a much finer granularity. DeDOS also uses state-of-the-art resource allocation algorithms to achieve near-optimal use of system resources and to support critical, time-sensitive applications, such as situational awareness.

The Penn press release and the Georgetown press release contain some more information about the project.


  • A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers
    Henri Maxime Demoulin, Tavish Vaidya, Isaac Pedisich, Nik Sultana, Jingyu Qian, Bowen Wang, Yuankai Zhang, Ang Chen, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, Wenchao Zhou.
    SIGCOMM 2017 demonstration
  • Dispersing Asymmetric DDoS Attacks with SplitStack
    Ang Chen*, Akshay Sriraman*, Tavish Vaidya*, Yuankai Zhang*, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, and Wenchao Zhou
    15th ACM Workshop on Hot Topics in Networks (HotNets'16), Atlanta, GA, November 2016.
    [PDF] [BibTex]
    *Student orders are listed alphabetically.

Boon Thau Loo
Andreas Haeberlen
Linh Thi Xuan Phan
Micah Sherr
Clay Shields
Wenchao Zhou

Ang Chen
Henri Maxime Demoulin
Jingyu Qian
Achala Rao
Tavish Vaidya
Bowen Wang
Yuankai Zhang

Nik Sultana

Isaac Pedisich

Robert DiMaiolo
Chirag Shah
Akshay Sriraman


This is a joint project between the University of Pennsylvania and Georgetown University. The work is funded by DARPA under the Extreme DDoS Defense (XD3) program.

Web site contact: Andreas Haeberlen