Distributed Denial of Service (DDoS) attacks have rapidly become a commonplace threat to doing business on the Internet. With over 2,000 distinct attacks per week, denial of service has quickly become the most costly form of cyber-crime businesses face today. Computer researchers in Europe are developing prototype architecture for halting DD0S attacks, where a barrage of traffic is directed at a web site or server to shut it down. The Diadem Firewall deploys hardware and software on the edge of a provider's network rather than within, says George Carle, chair of the computing and Internet department at the University of Tubingen in Germany. Diadem uses data filtering and intrusion-prevention technologies to detect rogue activity then coordinates a reaction based on policies, Carle says.
Companies like Microsoft, CERT, E-Trade, SCO, Yahoo, and Akamai, all of whom have collectively lost over USD 1 billion as a result of recent successful attacks, are no longer the only targets of DDoS; thousands of sites, varying in size of online activity and internet presence, are now subjected to attacks day in and day out. Cybercriminals have used distributed DoS attacks as a threat particularly against online gambling sites expecting a rush of business around a sporting event -- to extort businesses. To carry out the attack the criminals often control networks of computers commandeered through faults with the software on computers connected to the Internet.
The project, which started in 2004, was budgeted at .8 million and was funded in part from Information Society Technologies, a European Union organization that coordinates I.T. programs. It has been extended for three more months. The project pursues the following individual objectives:
Design and implement an architecture for provider-controlled distributed high-speed edge devices, aimed to become a new generation of distributed high-speed broadband firewalls with policy-based control, that are suitable to provide a security solution meeting the needs of customers and service providers
Develop and deploy techniques capable of detecting security violations, in particular detecting DDoS attacks, but also suitable for detecting and identifying other types of malfunctioning
Achieve detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic
Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components
Define use-cases for the new technology, deploy them in meaningful test beds, and disseminate know-how and training of target people
Diadem hasn't resulted in a product but rather a group of technologies that could be employed in different ways, Carle says. France Telecom and Polish Telecom are expected to begin testing Diadem by September. Diadem could be effective for ISPs that have connected directly with one another to reduce the cost of moving data traffic. Carle says these ISPs could share a common policy-using Diadem, strengthening their effectiveness with a coordinated reaction to distributed DoS attacks.
