Anomaly Detection and Mitigation at Internet Scale: A Survey

Jessica Steinberger, Lisa Schehlmann, Sebastian Abt, Harald Baier

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    8 Citations (Scopus)
    68 Downloads (Pure)

    Abstract

    Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.
    Original languageUndefined
    Title of host publication7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013
    EditorsGuillaume Doyen, Martin Waldburger, Pavel Celeda, Anna Sperotto, Burkhard Stiller
    Place of PublicationBerlin
    PublisherSpringer
    Pages49-60
    Number of pages12
    ISBN (Print)978-3-642-38997-9
    DOIs
    Publication statusPublished - Jun 2013

    Publication series

    NameLecture notes in computer science
    PublisherSpringer
    Volume7943
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Keywords

    • EWI-25479
    • Network Security
    • NetFlow
    • Internet Service Provider
    • METIS-309763
    • IR-93982
    • Anomaly Detection
    • Anomaly Mitigation
    • Correlation

    Cite this

    Steinberger, J., Schehlmann, L., Abt, S., & Baier, H. (2013). Anomaly Detection and Mitigation at Internet Scale: A Survey. In G. Doyen, M. Waldburger, P. Celeda, A. Sperotto, & B. Stiller (Eds.), 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013 (pp. 49-60). (Lecture notes in computer science; Vol. 7943). Berlin: Springer. https://doi.org/10.1007/978-3-642-38998-6_7
    Steinberger, Jessica ; Schehlmann, Lisa ; Abt, Sebastian ; Baier, Harald. / Anomaly Detection and Mitigation at Internet Scale: A Survey. 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. editor / Guillaume Doyen ; Martin Waldburger ; Pavel Celeda ; Anna Sperotto ; Burkhard Stiller. Berlin : Springer, 2013. pp. 49-60 (Lecture notes in computer science).
    @inproceedings{c3ffc7709b92444e839aa11382f25169,
    title = "Anomaly Detection and Mitigation at Internet Scale: A Survey",
    abstract = "Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.",
    keywords = "EWI-25479, Network Security, NetFlow, Internet Service Provider, METIS-309763, IR-93982, Anomaly Detection, Anomaly Mitigation, Correlation",
    author = "Jessica Steinberger and Lisa Schehlmann and Sebastian Abt and Harald Baier",
    note = "10.1007/978-3-642-38998-6_7",
    year = "2013",
    month = "6",
    doi = "10.1007/978-3-642-38998-6_7",
    language = "Undefined",
    isbn = "978-3-642-38997-9",
    series = "Lecture notes in computer science",
    publisher = "Springer",
    pages = "49--60",
    editor = "Guillaume Doyen and Martin Waldburger and Pavel Celeda and Anna Sperotto and Burkhard Stiller",
    booktitle = "7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013",

    }

    Steinberger, J, Schehlmann, L, Abt, S & Baier, H 2013, Anomaly Detection and Mitigation at Internet Scale: A Survey. in G Doyen, M Waldburger, P Celeda, A Sperotto & B Stiller (eds), 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. Lecture notes in computer science, vol. 7943, Springer, Berlin, pp. 49-60. https://doi.org/10.1007/978-3-642-38998-6_7

    Anomaly Detection and Mitigation at Internet Scale: A Survey. / Steinberger, Jessica; Schehlmann, Lisa; Abt, Sebastian; Baier, Harald.

    7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. ed. / Guillaume Doyen; Martin Waldburger; Pavel Celeda; Anna Sperotto; Burkhard Stiller. Berlin : Springer, 2013. p. 49-60 (Lecture notes in computer science; Vol. 7943).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Anomaly Detection and Mitigation at Internet Scale: A Survey

    AU - Steinberger, Jessica

    AU - Schehlmann, Lisa

    AU - Abt, Sebastian

    AU - Baier, Harald

    N1 - 10.1007/978-3-642-38998-6_7

    PY - 2013/6

    Y1 - 2013/6

    N2 - Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.

    AB - Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.

    KW - EWI-25479

    KW - Network Security

    KW - NetFlow

    KW - Internet Service Provider

    KW - METIS-309763

    KW - IR-93982

    KW - Anomaly Detection

    KW - Anomaly Mitigation

    KW - Correlation

    U2 - 10.1007/978-3-642-38998-6_7

    DO - 10.1007/978-3-642-38998-6_7

    M3 - Conference contribution

    SN - 978-3-642-38997-9

    T3 - Lecture notes in computer science

    SP - 49

    EP - 60

    BT - 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013

    A2 - Doyen, Guillaume

    A2 - Waldburger, Martin

    A2 - Celeda, Pavel

    A2 - Sperotto, Anna

    A2 - Stiller, Burkhard

    PB - Springer

    CY - Berlin

    ER -

    Steinberger J, Schehlmann L, Abt S, Baier H. Anomaly Detection and Mitigation at Internet Scale: A Survey. In Doyen G, Waldburger M, Celeda P, Sperotto A, Stiller B, editors, 7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013. Berlin: Springer. 2013. p. 49-60. (Lecture notes in computer science). https://doi.org/10.1007/978-3-642-38998-6_7