DynaBone is a system for the rapid configuration, deployment, and management of protective layered overlays that both proactively and reactively resist distributed denial-of-service (DDOS) attacks.
DDOS attacks overload network connections at hosts and routers, often leaving administrators with no solution other than to disconnect the network. DynaBone automates this capability and makes it a viable alternative, by deploying parallel concurrent ‘inner’ overlays (innerlays) and a proactive/reactive multiplexer (PRM) to direct traffic among them.
DynaBone uses X-Bone’s unique ability to layer and compose these innerlays into a single ‘outer’ overlay (outerlay) that presents an interface compatible with COTS applications and operating systems. The result is a parallel set of innerlays, any subset of which can be disconnected in response to attack while the outerlay continues to provide effective service over the remaining innerlays.
Concurrent use of parallel innerlays provides redundancy that allows the overall network service to degrade gracefully even though any individual innerlay may fail completely or be disconnected due to an attack. This concurrency also provides alternate paths where traffic can be shifted to restore service, either by the use of alternate control and security algorithms, or via stronger algorithms with lower performance.
Integrates a variety of DDOS and obfuscation defenses
A mob attack necessitates a mob response. DynaBone provides multiple virtual targets, all of which must be simultaneously attacked to successfully deny service. A variety of network management (routing, DNS, etc.) and security algorithms are used in different innerlays, resulting in a set that is stronger than any individual component. The shifting of traffic to unaffected innerlays provides a moving target to hide from or actively avoid DDOS attacks.
Proactive and reactive response
The use of concurrent parallel innerlays allows concurrent use of different network and security algorithms. By using all of these networks (per-packet scatter), DynaBone makes the resulting outerlay (thus network connectivity) more difficult to attack, providing proactive defense. When an innerlay is compromised, by concerted DDOS attacks to its addresses or algorithms, that innerlay can be removed from the scatter algorithm to provide reactive defense.
Deploys across administrative boundaries by unsophisticated users
Like the X-Bone that it extends, DynaBone deploys these capabilities on demand, across administrative boundaries or among coalitions. A web-based GUI simplifies network deployment and management, and secure, fail-safe coordination automates configuration details.
Negative impact on attackers: DynaBone allows the network to disconnect innerlays under attack while retaining outerlay connectivity. Network disconnection can have a negative impact on attackers, by denying service at the layer being attacked, or by more advanced capabilities such as honeypots in the disabled overlays, or even traffic reflectors which redirect attacks back to the attacker. In a single network these techniques are infeasible because they disconnect the components being protected; DynaBone’s redundant innerlays enable these responses.
J. Touch, R. Perlman, “Transparently Interconnecting Lots of Links (TRILL): Problem and Applicability Statement,” RFC 5556, May 2009. (layer 2 recursive routers)
V. Pingali, J. Touch, “Protecting Public Servers from DDoS Attacks Using Drifting Overlays,” Proc. IEEE / IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM), Nov. 2006.
J. Touch, G. Finn, Y. Wang, L. Eggert, “DynaBone: Dynamic Defense Using Multi-layer Internet Overlays,” Proc. 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III), Washington, DC, USA, April 22-24, 2003, Vol. 2, pp. 271-276.
Joe Touch – PI
Greg Finn – staff
Lars Eggert, Amy Hughes, Yu-Shun Wang, SunHee Yoon – students
Effort sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0529 entitled “DynaBone”. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Defense Advanced Research Projects Agency (DARPA), the Air Force Research Laboratory, or the U.S. Government.