Collaborative Research: SaTC: CORE: Medium: ONSET: Optics-enabled Network Defenses for Extreme Terabit DDoS Attacks

Funding source: NSF SaTC-2132651. Period of performance: 01/01/2022 -- 12/31/2025.

Project Overview

Distributed Denial of Service (DDoS) attacks continue to present a clear and imminent danger to critical network infrastructures. DDoS attacks have increased in sophistication with advanced strategies to continuously adapt (e.g., changing threat postures dynamically) and induce collateral damage (i.e., higher latency and loss for legitimate traffic). Furthermore, advanced attacks may also employ reconnaissance (e.g., mapping the network to find bottleneck links) to target the network infrastructure itself. In light of these trends, state-of-art defenses (e.g., advanced scrubbing, emerging software-defined defenses, and programmable switching hardware) have fundamental shortcomings. This project will develop a new framework, referred to as "Optics-enabled In-Network defenSe for Extreme Terabit DDoS attacks" (ONSET). The framework makes a case for new dimensions of defense agility that can programmatically control the topology of the network (in addition to the processing behavior) to tackle advanced and future attacks. The project will facilitate the use of optical technologies as an exciting visual medium for engaging K-12 students via suitable channels for dissemination. The project will also result in new course materials at the intersection of optical networking, software-defined networking, and network security to enable students to become domain experts in this emerging problem space.

The project will take an interdisciplinary approach spanning security, optics, systems, and networks, to address fundamental challenges along three thrusts: (1) novel "data plane" solutions to rapidly reconfigure the wavelengths and switches and new capabilities in programmable switches to rapidly identify malicious vs. benign traffic at line rate; (2) novel "control plane" orchestration mechanisms for scalable resource management algorithms and coordinated control across optical networking and programmable switches; and (3) new "northbound application programming interfaces (APIs)" to express novel defenses to combat current and future DDoS attacks (e.g., with reconnaissance). This project will develop a new framework, referred to as "Optics-enabled In-Network defenSe for Extreme Terabit DDoS attacks" (ONSET). The research efforts will result in end-to-end prototypes using open-source and standardized interfaces to demonstrate the novel defense capabilities of ONSET. The efficacy of ONSET will be evaluated using pilot studies on operational networks to create a roadmap to practical deployment, using real testbeds and large-scale simulations. The project outcomes will be released as open-source software tools, models, and simulation frameworks that will inform industry and academic work.

People

• Lead PI: Ram Durairajan
• Co-PIs: Vyas Sekar (Co-PI, CMU), Zaoxing Liu (Co-PI, BU)
• Ph.D. Students: Matthew Nance Hall
• B.S. Students:

Publications

• There is more to Internet invariants than meets the eye
  Chris Misa, Walter Willinger, Ramakrishnan Durairajan and Reza Rejaie
  In Proceedings of New Ideas in Networked Systems (NINeS), Virtual, February 2026.
  [PAPER]    
  
  
• Bootstrapping Transparency in AI-Powered Network Operations: A Network Explanation Framework
  Riya Ponraj, Yu Wang and Ramakrishnan Durairajan
  In Proceedings of ACM (SIGKDD), Jeju, South Korea, August 2026.
  [PAPER]    
  
  
• Why Choose When You Can Have Both: Programmable Data Planes meet Programmable Optics
  Chris Misa, Matthew Nance-Hall, Reza Rejaie, Walter Willinger, and Ramakrishnan Durairajan
  In Proceedings of workshop on Networks for AI Computing (NAIC)
  co-located with ACM SIGCOMM'25, Coimbra, Portugal, September 2025.
  [PAPER]    
  
  
• Building Trust in Machine Learning-Powered Networking: The Network Explainer Framework
  Riya Ponraj, Ramakrishnan Durairajan, and Yu Wang
  In Proceedings of SIAM Data Mining (SDM '25) AI4TS workshop, Virginia, US, May 2025.
  [PAPER]    
  
  
• Bootstrapping Trust in ML4Nets Solutions with Hybrid Explainability
  Abduarraheem Elfandi, Hannah Sagalyn, Ramakrishnan Durairajan and Walter Willinger
  In Proceedings of workshop on Practical Adoption Challenges of ML for Systems (PACMI)
  co-located with ACM SOSP'24, Austin, TX, November 2024.
  [PAPER]    
  
  
• Leveraging Prefix Structure to Detect Volumetric DDoS Attack Signatures with Programmable Switches
  Chris Misa, Ramakrishnan Durairajan, Arpit Gupta, Reza Rejaie and Walter Willinger
  In IEEE Symposium on Security and Privacy (S&P) (Oakland '24), San Francisco, CA, May 2024.
  [PAPER]     [CODE]    
  
  
• Analyzing the Benefits of Optical Topology Programming for Mitigating Link-flood DDoS Attacks
  Matthew Nance Hall, Zaoxing Liu, Vyas Sekar and Ramakrishnan Durairajan
  In IEEE Transactions on Dependable and Secure Computing, 2024.
  [PAPER]    
  
  
• Data-Fusion for Prefix-Level Inference: A DDoS Case Study
  Chris Misa, Ramakrishnan Durairajan, Reza Rejaie and Walter Willinger
  In Security Datasets for AI (SECDAI) workshop, virtual, April 2024.
  [PAPER]    
  
  
• Network Management with Graph Machine Learning: Challenges and Solutions
  Yu Wang and Ramakrishnan Durairajan
  In Security Datasets for AI (SECDAI) workshop, virtual, April 2024.
  [PAPER]    
  
  
• DynATOS+: A Network Telemetry System for Dynamic Traffic and Query Workloads
  Chris Misa, Ramakrishnan Durairajan, Reza Rejaie and Walter Willinger
  In IEEE/ACM Transactions on Networking, 2024.
  [PAPER]    
  
  
• Improving Scalability in Traffic Engineering via Optical Topology Programming
  Matthew Nance Hall, Paul Barford, Klaus-Tycho Foerster and Ramakrishnan Durairajan
  In IEEE Transactions on Network and Service Management, November 2023.
  [PAPER]     [CODE]    
  
  
• Dynamic Scheduling of Approximate Telemetry Queries
  Chris Misa, Walt O'Connor, Ramakrishnan Durairajan, Reza Rejaie and Walter Willinger
  In Proceedings of USENIX NSDI'22, Renton, WA, April 2022.
  [PAPER]     [PROJECT WEBSITE]     [CODE]    
  
  
• Fighting Fire with Light: Tackling Extreme Terabit DDoS Using Programmable Optics
  Matthew Nance Hall, Guyue Liu, Ramakrishnan Durairajan and Vyas Sekar
  In Proceedings of 1st Workshop on Secure and Programmable Network Infrastructure (SPIN'20)
  co-located with ACM SIGCOMM'20, New York, USA, August 2020.
  [PAPER]    
  

Outreach

• Virtual Summer School on Internet Measurements, 2024
• UO CS Summer Academy to Inspire Learning (SAIL) camp, 2024
• UO CS Summer Academy to Inspire Learning (SAIL) camp, 2022