Q&A with Christos Papadopoulos: Cyberattack Defense Grant

Gina Spoden

Colorado State University researchers recently received a $2.7 million grant from the Department of Homeland Security to design a program that would protect Internet users from large-scale online attacks.

Back in 2013, a company named Spamhaus suffered a Distributed Denial of Service attack that caused one of the largest cyberattacks the Internet has seen so far. DDoS attacks can cause slow network performance and an inability to access websites. Although they are usually aimed at high profile websites such as banks and credit card payment sites, anyone is at risk of being attacked.


The CSU team is working with the Department of Homeland Security to further develop their program, Network Membrane, which would potentially stop attacks such as DDoS in minutes.

Christos Papadopoulos, one of the leading members of the project, sat down with the Collegian to discuss the project.

What is DDoS and what happens when a program is attacked by DDoS?

DDoS stands for Distributed Denial of Service, and it is one of the attacks that is frequently seen on the Internet. It’s typically done by commandeering a large number of machines, infecting them through malware and installing malicious code on the machines so that someone can control them remotely and instruct them to send a lot of traffic towards a particular target. The goal of a DDoS attack is to essentially knock a service off the Internet, so when you are attacking a particular service that means legitimate users cannot use it.

Where do these DDoS attacks come from?

They could be coming from anywhere because in a DDoS attack, the machines carrying out the attack are infected machines that regular people own, they just happen to be infected with malware. The controller is usually another machine that provides remote commands to these machines. So, the attack could be coming from essentially anywhere on the Internet, any country, any place, and again, the controller could be located anywhere. 

How did you and your collaborators come up with the idea of NetBrane?

So, this is in response to a call from DHS. What they were looking for is ideas on how to deal with these attacks because they are very prevalent on the Internet. They do cost a lot of money in terms of time lost and potentially sales lost, depending on who you’re attacking. A DDoS attack by its nature is a flooding attack, so what the attacker is trying to do is generate as much flooding as possible to flood your network links, saturate them, so that no good traffic can come through. So, we were looking for ideas where the solutions were deployed in a distributed way so that you’ve got Internet providers turning off the attack in different places. In other words, killing the attack while it’s still at a low rate before it funneled into the target at which point is the strongest.

How does NetBrane work to prevent these attacks?

The response is on a human scale, so if we’re lucky we’re now talking hours. What we’re looking for is a system that will (respond to these attacks) automatically and get the response time down to minutes, if not seconds. The system that we’re looking for is used to detect the attack when it happens and then put in filters in different parts of the network so that once you detect it and know the characteristics, you can instruct those filters to turn it off.


How does this attack appear to users? Can they recognize that it is coming?

The interesting thing about these attacks is that there’s no mistake that this is happening. It’s a big tidal wave coming towards your network. You know it’s coming. You know it’s there. The problem with this attack is your inability to do anything about it. It requires substantial coordination that spans potentially a large part of the Internet, and there’s no system in place right now that will help ISPs coordinate and tell each other that there is an attack going on.

Did you have to apply for the grant through the Department of Homeland Security?

We competed with, what I assume (was) a large number of other entities. We sent in a proposal and got selected. From hundreds of proposals, I think there’s about a dozen that got selected to do this.

How does this affect the way students and other citizens use the Internet?

If we are successful, users will not notice anything. By that I mean, all services will be up and running and with no delays and unexplained lulls in communication. Users will be able to do their shopping and go on Facebook without interruptions. It’s one of those things where there’s no glamorous winning. If we’re successful, things go on as usual, but for network operators, I think it will save them a lot of headaches.

Collegian Reporter Gina Spoden can be reached at news@collegian.com or on Twitter @gina_spoden5.