Border Gateway Protocol Distributed Denial of Service Attack Alert Extension (DDoS-AE)

Period of Performance: 01/01/2015 - 12/31/2015


Phase 1 SBIR

Recipient Firm

Blue Ridge Envisioneering Inc.
14450 Broadwinged Dr.
Gainesville, VA 20155
Firm POC
Principal Investigator

Research Topics


Our approach will be to design and develop a BGP extension called the DDoS Alert Extension (DDoS-AE) and a web-based central service (CS) that will leverage existing infrastructure and established protocols to enable real-time distribution of DDoS alert messages. A prototype unit running the DDoS-AE will be designed using innovative new hardware such as FPGAs and GPUs to aid in the detection and mitigation of DDoS attacks. The proposed alert messages will contain message classification information that can be used by routers to implement targeted filters to block and/or throttle DDoS traffic. The proposed system will provide routers and network operators with standard interfaces for generating DDoS alerts, allowing multiple sources and ever evolving techniques to facilitate DDoS traffic classification and identification. Additionally, this work will investigate techniques utilizing information already present in BGP to supplement the DDoS packet classifiers to aid in DDoS alert generation. Unlike other DDoS mitigation techniques, this proposed effort does not require network operators to replace existing network equipment; it also has the unique advantage of leveraging existing BGP peer knowledge and relationships. The CS allows DDoS-AE nodes that may not have BGP peers using the extension, to reap the benefits of the alert network, as well as providing a commercialization opportunity to allow human operators. CS will also provide network operators a robust interface for monitoring, reporting, and responding to attacks, greatly increasing the immediate effectiveness of the extension without requiring wide-spread adoption.