Skip to content

Defense of a Ph.D. Dissertation- Jared M. Smith

Candidate for Doctor of Philosophy
Faculty Advisor: Max Schuchard
Where: See Zoom information below

Leveraging Conventional Internet Routing Protocol Behavior to Defeat DDoS and Adverse Networking Conditions

The Internet supports the livelihoods, businesses, governments, and critical infrastructure that keep our modern society moving. The Internet, at its most basic level, uses purpose-built computers to deliver messages between parts of the Internet, called routers. To build paths which these messages will travel, routers carry out a routing protocol called the Border Gateway Protocol, or BGP. Unfortunately, the Internet's success at using BGP and other protocols to connect the unconnected has made it an exceptionally valuable target for adversaries, from nation-states to novice computer users. Increasingly devastating Distributed Denial of Service attacks, or DDoS, continue to bring down core Internet services and websites. Yet, to date, the only viable solutions for these attacks are excessively expensive, require an Internet redesign, or require cooperation among routers. This dissertation focuses on examining the following thesis statement. Rather than seek to redefine the way the Internet works to combat advanced DDoS attacks, we can leverage conventional Internet routing behavior via BGP to mitigate modern distributed denial of service attacks.

The research in this work breaks down into a single arc with three independent, but connected thrusts. These thrusts demonstrate that the aforementioned thesis is possible, practical, and useful. The first thrust demonstrates that this thesis is possible by building and evaluating Nyx, a system able to protect Internet networks from DDoS using BGP, without an Internet redesign and without cooperation from other networks. We show that Nyx is effective in simulation for protecting Internet networks and end users from the impact of advanced forms of DDoS. The second thrust examines the real-world practicality of Nyx, as well as other systems which rely on real-world BGP behavior. Through a comprehensive set of active Internet measurements, this second thrust confirms that Nyx works effectively in practice beyond simulation as well as revealing novel insights about the effectiveness of other Internet security defensive and offensive systems. We then follow these live measurements by evaluating Nyx under the real-world routing constraints discovered in practice. The third thrust explores the usefulness of Nyx for mitigating DDoS against critical U.S. energy infrastructure. After first exposing the latent vulnerability of U.S. electric utilities to DDoS, we explore how Nyx can protect these utilities. This final thrust finds that the current set of exposed U.S. power facilities are widely vulnerable to DDoS that could induce blackouts, and that Nyx can be leveraged to reduce the impact of these targeted DDoS attacks.

Dial-In Information

Join from PC, Mac, Linux, iOS or Android:
Email for password.

Or iPhone one-tap (US Toll):  +13017158592,97923769797#  or +13126266799,97923769797# 

Or Telephone:
    +1 301 715 8592 (US Toll)
    +1 312 626 6799 (US Toll)
    +1 646 876 9923 (US Toll)
    +1 253 215 8782 (US Toll)
    +1 346 248 7799 (US Toll)
    +1 669 900 6833 (US Toll)
    Meeting ID: 979 2376 9797
    International numbers available:

Thursday, July 16, 2020 at 12:00pm

Virtual Event
Event Type

Lectures & Presentations




Current Students, Faculty & Staff

Electrical Engineering and Computer Science
Google Calendar iCal Outlook

Recent Activity