DARPA wants to revolutionize DDoS defense

DARPA is seeking innovative industry proposals to advance the state of the art in DDoS defenses, looking for “revolutionary advances.” Those with “evolutionary improvements” need not apply.

Facing a growing threat of distributed denial-of-service attacks that could disrupt military communications, the Defense Department wants to kick DDoS defense up to a new level.

The Defense Advanced Research Projects Agency, known as DARPA, is soliciting research proposals on new ways to defend against DDoS attacks. It expects to award procurement contracts or cooperative agreements. No limits on the value of the contracts are given, but multiple awards in each of the major areas of interest are anticipated. No grants will be awarded.

The agency wants revolution, not evolution. It is looking for “innovative approaches that enable revolutionary advances in science, devices, or systems.”

It is not interested in “research that primarily results in evolutionary improvements to the existing state of practice.”


Denial of service attacks block access to online resources, often by overwhelming systems with large volumes of traffic but sometimes with more stealthy methods that can disrupt servers. Distributed attacks use multiple source points and vectors to multiply the volume of attack traffic, making detection and defense more difficult. Although DDoS usually does not do permanent damage to a system or compromise data, they can be costly to commercial operations that rely on online transactions. In a military setting, the attacks can disrupt mission-critical communications such as command and control traffic and could put lives at risk.

In its latest State of the Internet Security report, the content distribution company Akamai reported a substantial increase in the number of DDoS attacks it experienced in the second quarter of 2015, more than doubling the number of attacks seen a year earlier. Although the frequency of attacks using very large amounts of bandwidth is increasing, peak bandwidth volumes are significantly lower than a year earlier, Akamai reports.

But, “low‐volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint,” DARPA says. These attacks target specific applications, protocols or behaviors, relying on their sparse traffic to thwart traditional intrusion‐detection techniques.

Current DDoS defenses rely on network‐based filtering, traffic diversion and scrubbing, and replication of data to provide multiple points of access. These approaches fall short in several respects. DARPA says:

  • Manual response is too slow; military requirements demand disruptions be held to less than a minute.
  • Low-volume attacks are difficult to identify and block with in-line detection techniques.
  • It is difficult to block attack traffic without interrupting legitimate traffic.
  • Encrypted tunnels present problems.

“A clear need therefore exists for fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches …” DARPA said.

To meet this need, DARPA’s Extreme DDoS Defense, or XD3, program focuses on three primary technical areas:

  • Technical Area 1: Manageable Dispersion of Cyber Resources — Using multiple locations of cyber resources to reduce centralized points of vulnerability.
  • Technical Area 2: Networked Maneuver — Increasing the effort required of the attacker and deflecting the attack to minimize damage.
  • Technical Area 3: Adaptive Endpoint Sensing and Response — Enabling reliable detection and point-of-attack mitigation for low-volume DDoS attacks that can hide in network “noise.”

“The overriding objective of the XD3 program is to produce the best possible technologies for enabling resilience against DDoS attacks,” DARPA says. The three-year program will have two 18-month phases, beginning in April 2016. Work on the three primary technical areas will extend over both phases. Phase two will include a fourth technical on technology integration.

Proposals are due by Oct. 13, and DARPA is hosting a proposers’ day Sept. 2 at the agency’s conference center in Arlington, Virginia, to provide additional information to potential proposers. The technical point of contact is Program Manager Stuart Wagner and his email address is

Latest Podcasts