UMD Team Wins Internet Defense Prize

Published October 11, 2021

A University of Maryland-led team of researchers recently won an Internet Defense Prize for a paper that uncovered a unique form of distributed denial-of-service attack.

The prize—funded by Facebook in partnership with the USENIX Association—celebrates security research contributions to the protection and defense of the internet.

The researchers received the third-place prize—which amounts to $40K—for their work discussed in “Weaponizing Middleboxes for TCP Reflected Amplification.” The paper details their discovery that firewalls and other kinds of network-based “middleboxes”—the foundation of internet security—can be weaponized by attackers to launch unprecedentedly large denial of service attacks.

The award-winning team is comprised of Kevin Bock, lead author and a fourth-year doctoral student in computer science; Kyle Hurley, a senior majoring in computer science; Yair Fax, who received a bachelor’s degree in computer science last year; Abdulrahman Alaraj, a computer science doctoral student at the University of Colorado Boulder (CU Boulder); Eric Wustrow, an assistant professor of computer engineering at CU Boulder; and Dave Levin, an assistant professor of computer science at UMD.

The researchers used Geneva, an artificial intelligence tool they created, to discover new TCP-based amplification attacks that trick middleboxes into sending large amounts of traffic to unsuspecting victims.

Their results show that middleboxes introduce an unexpected, as-yet untapped threat that attackers could leverage to launch these powerful amplification attacks.

The same paper won a Distinguished Paper Award at the 30th USENIX Security Symposium, which was held August 11–13.