Anomaly Detection and Mitigation at Internet Scale: A Survey

Jessica Steinberger, Lisa Schehlmann, Sebastian Abt, Harald Baier

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

8 Citations (Scopus)
61 Downloads (Pure)

Abstract

Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.
Original languageUndefined
Title of host publication7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013
EditorsGuillaume Doyen, Martin Waldburger, Pavel Celeda, Anna Sperotto, Burkhard Stiller
Place of PublicationBerlin
PublisherSpringer
Pages49-60
Number of pages12
ISBN (Print)978-3-642-38997-9
DOIs
Publication statusPublished - Jun 2013

Publication series

NameLecture notes in computer science
PublisherSpringer
Volume7943
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • EWI-25479
  • Network Security
  • NetFlow
  • Internet Service Provider
  • METIS-309763
  • IR-93982
  • Anomaly Detection
  • Anomaly Mitigation
  • Correlation

Cite this

Steinberger, J., Schehlmann, L., Abt, S., & Baier, H. (2013). Anomaly Detection and Mitigation at Internet Scale: A Survey. In G. Doyen, M. Waldburger, P. Celeda, A. Sperotto, & B. Stiller (Eds.), 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013 (pp. 49-60). (Lecture notes in computer science; Vol. 7943). Berlin: Springer. https://doi.org/10.1007/978-3-642-38998-6_7
Steinberger, Jessica ; Schehlmann, Lisa ; Abt, Sebastian ; Baier, Harald. / Anomaly Detection and Mitigation at Internet Scale: A Survey. 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. editor / Guillaume Doyen ; Martin Waldburger ; Pavel Celeda ; Anna Sperotto ; Burkhard Stiller. Berlin : Springer, 2013. pp. 49-60 (Lecture notes in computer science).
@inproceedings{c3ffc7709b92444e839aa11382f25169,
title = "Anomaly Detection and Mitigation at Internet Scale: A Survey",
abstract = "Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.",
keywords = "EWI-25479, Network Security, NetFlow, Internet Service Provider, METIS-309763, IR-93982, Anomaly Detection, Anomaly Mitigation, Correlation",
author = "Jessica Steinberger and Lisa Schehlmann and Sebastian Abt and Harald Baier",
note = "10.1007/978-3-642-38998-6_7",
year = "2013",
month = "6",
doi = "10.1007/978-3-642-38998-6_7",
language = "Undefined",
isbn = "978-3-642-38997-9",
series = "Lecture notes in computer science",
publisher = "Springer",
pages = "49--60",
editor = "Guillaume Doyen and Martin Waldburger and Pavel Celeda and Anna Sperotto and Burkhard Stiller",
booktitle = "7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013",

}

Steinberger, J, Schehlmann, L, Abt, S & Baier, H 2013, Anomaly Detection and Mitigation at Internet Scale: A Survey. in G Doyen, M Waldburger, P Celeda, A Sperotto & B Stiller (eds), 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. Lecture notes in computer science, vol. 7943, Springer, Berlin, pp. 49-60. https://doi.org/10.1007/978-3-642-38998-6_7

Anomaly Detection and Mitigation at Internet Scale: A Survey. / Steinberger, Jessica; Schehlmann, Lisa; Abt, Sebastian; Baier, Harald.

7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. ed. / Guillaume Doyen; Martin Waldburger; Pavel Celeda; Anna Sperotto; Burkhard Stiller. Berlin : Springer, 2013. p. 49-60 (Lecture notes in computer science; Vol. 7943).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Anomaly Detection and Mitigation at Internet Scale: A Survey

AU - Steinberger, Jessica

AU - Schehlmann, Lisa

AU - Abt, Sebastian

AU - Baier, Harald

N1 - 10.1007/978-3-642-38998-6_7

PY - 2013/6

Y1 - 2013/6

N2 - Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.

AB - Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.

KW - EWI-25479

KW - Network Security

KW - NetFlow

KW - Internet Service Provider

KW - METIS-309763

KW - IR-93982

KW - Anomaly Detection

KW - Anomaly Mitigation

KW - Correlation

U2 - 10.1007/978-3-642-38998-6_7

DO - 10.1007/978-3-642-38998-6_7

M3 - Conference contribution

SN - 978-3-642-38997-9

T3 - Lecture notes in computer science

SP - 49

EP - 60

BT - 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013

A2 - Doyen, Guillaume

A2 - Waldburger, Martin

A2 - Celeda, Pavel

A2 - Sperotto, Anna

A2 - Stiller, Burkhard

PB - Springer

CY - Berlin

ER -

Steinberger J, Schehlmann L, Abt S, Baier H. Anomaly Detection and Mitigation at Internet Scale: A Survey. In Doyen G, Waldburger M, Celeda P, Sperotto A, Stiller B, editors, 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. Berlin: Springer. 2013. p. 49-60. (Lecture notes in computer science). https://doi.org/10.1007/978-3-642-38998-6_7