Bohatei: Flexible and Elastic DDoS Defense

Overview

DDoS attacks are constantly increasing in number, scale, and diversity causing a significant damage to organizations and Internet users. Current DDoS defense solutions rely on proprietary hardware appliances with fixed traffic processing capacity, fixed defense capabilities, and deployed at fixed locations. This makes the current practice fundamentally inflexible and expensive.

In response, we have designed Bohatei, a first-of-its-kind system that embraces new paradigms such as software-defined networking (SDN) and network functions virtualization (NFV) to dramatically improve the state-of-the-art DDoS defense. Our evaluations show that Bohatei is highly scalable, responsive, and adversary-resilient. Bohatei is designed to be immediately deployable.

Looking beyond DDoS defense, we believe our design and implementation of Bohatei can be a harbinger for several other network security services that are plagued with similar problems (e.g., high cost, inflexibility, and inelasticity with respect to attack volume).

People

Bohatei in 1 minute

Codebase

You can find the codebase for Bohatei here.

Demo

Here is a time-lapse of the system demo:

Publications

Back to Seyed's home page