UMD Team Wins Internet Defense Prize
Published October 11, 2021
A University of Maryland-led team of researchers recently won an Internet Defense Prize for a paper that uncovered a unique form of distributed denial-of-service attack.
The prize—funded by Facebook in partnership with the USENIX Association—celebrates security research contributions to the protection and defense of the internet.
The researchers received the third-place prize—which amounts to $40K—for their work discussed in “Weaponizing Middleboxes for TCP Reflected Amplification.” The paper details their discovery that firewalls and other kinds of network-based “middleboxes”—the foundation of internet security—can be weaponized by attackers to launch unprecedentedly large denial of service attacks.
The award-winning team is comprised of Kevin Bock, lead author and a fourth-year doctoral student in computer science; Kyle Hurley, a senior majoring in computer science; Yair Fax, who received a bachelor’s degree in computer science last year; Abdulrahman Alaraj, a computer science doctoral student at the University of Colorado Boulder (CU Boulder); Eric Wustrow, an assistant professor of computer engineering at CU Boulder; and Dave Levin, an assistant professor of computer science at UMD.
The researchers used Geneva, an artificial intelligence tool they created, to discover new TCP-based amplification attacks that trick middleboxes into sending large amounts of traffic to unsuspecting victims.
Their results show that middleboxes introduce an unexpected, as-yet untapped threat that attackers could leverage to launch these powerful amplification attacks.