DeDOS Logo

DeDOS: Declarative Dispersion-Oriented Software


Project overview

Illustration The goal of this project is to create fundamentally new defenses against distributed denial-of-service (DDoS) attacks that can provide far greater resilience to these attacks compared to existing solutions. Today's responses to DDoS attacks largely rely on old-school network-based filtering or scrubbing, which are slow and manual, and cannot handle new attacks. DeDOS takes a radically different approach that combines techniques from declarative programming, program analysis, and real-time resource allocation in the cloud.

Rather than relying on traditional detection and mitigation techniques, the project aims to develop a new software architecture from the ground up that make it significantly harder for an attacker to slow down to system without expending large amounts of resources. For example, instead of running monolithic software and naively replicating it when under an attack, DeDOS logically and physically restructures complex software systems into smaller components that can react to attacks at a much finer granularity. DeDOS also uses state-of-the-art resource allocation algorithms to achieve near-optimal use of system resources and to support critical, time-sensitive applications, such as situational awareness.

Release

Code, documentation, and installation instructions are available here.

Also check out DoS experimentation tools and data : DoSarray, DoStbin, and Apache httpd Worker Union MPM

Publications

  • Flightplan: Automatic Disaggregation and Placement for P4 Programs.
    Nik Sultana, John Sonchack, Hans Giesen, Isaac Pedisich, Zhaoyang Han, Nishanth Shyamkumar, Shivani Burad, Andre Dehon, and Boon Thau Loo.
    USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2021.
  • Detecting Asymmetric Application-layer Denial-of-Service Attacks In-Flight with FINELAME [PDF]
    Henri Maxime Demoulin, Isaac Pedisich, Nikos Vasilakis, Vincent Liu, Boon Thau Loo, Linh Thi Xuan Phan.
    USENIX Annual Technical Conference (ATC), Renton, WA, Jul. 2019.
  • Multi-resource allocation for real-time multicore virtualization
    Meng Xu, Robert Gifford, and Linh Thi Xuan Phan.
    Design Automation Conference (DAC), Las Vegas, NV, Jun. 2019. (To appear)
  • RTNF: Predictable Latency for Network Function Virtualization
    Saeed Abedi, Neeraj Gandhi, Henri Maxime Demoulin, Yang Li, Yang Wu, and Linh Thi Xuan Phan.
    IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Montreal, Canada, Apr. 2019. (To appear)
    Awarded RTAS Outstanding Paper Award
  • Holistic Resource Allocation for Multicore Real-Time Systems
    M. Xu, L. T. X. Phan, H. Choi, Y. Lin, H. Li, C. Lu, and I. Lee.
    IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Montreal, Canada, Apr. 2019. (To appear)
  • Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor [PDF]
    Rob Jansen, Tavish Vaidya, and Micah Sherr
    28th USENIX Security Symposium, 2019.
  • An Extensible Evaluation System for DoS Research. [PDF] [Source Code]
    Nik Sultana, Shilpi Bose, and Boon Thau Loo.
    11th International Conference on COMmunication Systems & NETworkS (COMSNETS), 2019.
  • Hashtray: Turning the tables on Scalable Client Classification [PDF] [Source Code]
    Nik Sultana, Pardis Pashakhanloo, Zihao Jin, Achala Rao, and Boon Thau Loo.
    4th IEEE/IFIP International Workshop on Analytics for Network and Service Management (AnNet 2019).
  • Making Break-ups Less Painful: Source-level Support forTransforming Legacy Software into a Network of Tasks [PDF] [Source Code]
    Nik Sultana, Achala Rao, Zihao Jin, Pardis Pashakhanloo, Henry Zhu, Ke Zhong, and Boon Thau Loo.
    FEAST '18: 2018 Workshop on Forming an Ecosystem Around Software Transformation.
  • DeDoS: Defusing DoS with Dispersion Oriented Software. [PDF]
    Henri Maxime Demoulin*, Tavish Vaidya*, Isaac Pedisich, Bob Dimaiolo, Jingyu Qian, Chirag Shah, Yuankai Zhang, Ang Chen, Andreas Haeberlen, Boon Loo, Linh Phan, Micah Sherr, Clay Shields and Wenchao Zhou.
    Annual Computer Security Applications Conference (ACSAC), 2018.
    *Lead students are listed alphabetically.
  • Automated Detection and Mitigation of Application-level Asymmetric DoS Attacks [PDF]
    Henri Maxime Demoulin, Isaac Pedisich, Linh Thi Xuan Phan, and Boon Thau Loo.
    ACM SIGCOMM Workshop on Self-Driving Networks (SDN), August 2018.
  • A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers [PDF] [BibTeX]
    Henri Maxime Demoulin*, Tavish Vaidya*, Isaac Pedisich, Nik Sultana, Jingyu Qian, Bowen Wang, Yuankai Zhang, Ang Chen, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, Wenchao Zhou.
    SIGCOMM 2017 demonstration
    *Lead students are ordered alphabetically.
    First prize for the ACM Student Research Competition at SIGCOMM'17.
  • Dispersing Asymmetric DDoS Attacks with SplitStack [PDF] [BibTex]
    Ang Chen*, Akshay Sriraman*, Tavish Vaidya*, Yuankai Zhang*, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, and Wenchao Zhou
    15th ACM Workshop on Hot Topics in Networks (HotNets'16), Atlanta, GA, November 2016.

    *Student orders are listed alphabetically.
Contributors

Faculty:
Boon Thau Loo
Andreas Haeberlen
Linh Thi Xuan Phan
Micah Sherr
Clay Shields
Wenchao Zhou

Doctoral students:
Henri Maxime Demoulin
Tavish Vaidya
Yuankai Zhang

Postdoc:
Nik Sultana

Staff programmer:
Isaac Pedisich

Alumni:
Henry Zhu
Shilpi Bose
Ang Chen
Robert DiMaiolo
Zihao Jin
Jingyu Qian
Achala Rao
Chirag Shah
Akshay Sriraman
Bowen Wang
Ke Zhong

Funding

This is a joint project between the University of Pennsylvania and Georgetown University. The work is funded by DARPA under the Extreme DDoS Defense (XD3) program.

Web site contact: Andreas Haeberlen