Cable technologists have crafted a new software solution to identify and mitigate distributed denial-of-service (DDOS) attacks on broadband networks, as well as pinpoint and isolate the infected devices that provoke those attacks.

Known as Transparent Security, the open-source solution relies on in-band network telemetry (INT) technology to identify the compromised IoT devices and mitigate DDOS attacks, blocking network traffic where it originates on the operator's network. It is enabled through a programmable data plane, specifically one based on P4 protocol.

CableLabs is promoting the benefits of the new technology to its members after conducting a proof-of-concept test with Cox Communications in the Cox labs last fall. In that product comparison trial using programmable switches from Arista and an Intel-supported network, CableLabs and Cox found that the Transparent Security software was able to identify and mitigate DDOS attacks on the cable network in just one second, as opposed to a full minute for a leading commercially available DDOS mitigation solution.

"We've been working on it for two years," said Randy Levensalor, a principal architect at CableLabs who penned a recent blog post on the solution and trial with Chris Sibley, a senior engineer in the advanced network platforms unit of Cox. "With in-band telemetry, we know which possible device is tainted in the network."

In addition, the Cox lab trial validated the technologists' premise that installing and removing the INT header had no observable impact on network throughput or latency levels. "Everything remains the same whether we run our solution or not," Levensalor said.

DDOS growing problem for cable

Although DDOS attacks are not a huge issue for the cable industry just yet, the problem has been growing in scale, especially as more vulnerable upstream traffic climbs. While Levensalor estimates that DDOS attacks affect less than 10% of the upstream traffic on cable networks today, he said the number of attacks is still large in the aggregate and is rising steadily, prompting the need for the industry to be proactive.

"It's a lot easier to stop a few bits [now] rather than 99% of the traffic [later on]," he said. "If all cable operators [adopted this], we could really stem DDOS."

So, satisfied with the initial lab trial results with Cox, Levensalor is now recruiting other cable operators to conduct their own tests of the software solution. Without naming any operators, he is shooting for more lab trials, and even field trials, with other MSOs later this year. He is also reaching out to other cable equipment and software suppliers besides Arista and Intel about getting involved.

"We've talked to other vendors," he said, noting that the cost of the technology is "really inexpensive" because it works on standard white-box network switches. "We're just meeting with our members now."

Levensalor also hopes to make Transparent Security more than just a cable industry initiative. He would like to see other tech players, such as the big telcos and even the big hyperscalers, embrace the technology as well.

"It's not cable-specific but no one else is doing it," he said. "They could deploy it with just a software update."

— Alan Breznick, Cable/Video Practice Leader, Light Reading