Anomaly Detection and Mitigation at Internet Scale: A Survey

Jessica Steinberger, Lisa Schehlmann, Sebastian Abt, Harald Baier

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    13 Citations (Scopus)
    147 Downloads (Pure)

    Abstract

    Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.
    Original languageUndefined
    Title of host publication7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013
    EditorsGuillaume Doyen, Martin Waldburger, Pavel Celeda, Anna Sperotto, Burkhard Stiller
    Place of PublicationBerlin
    PublisherSpringer
    Pages49-60
    Number of pages12
    ISBN (Print)978-3-642-38997-9
    DOIs
    Publication statusPublished - Jun 2013
    Event7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013 - Barcelona, Spain
    Duration: 25 Jun 201328 Jun 2013
    Conference number: 7

    Publication series

    NameLecture notes in computer science
    PublisherSpringer
    Volume7943
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference7th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2013
    Abbreviated titleAIMS 2013
    Country/TerritorySpain
    CityBarcelona
    Period25/06/1328/06/13

    Keywords

    • EWI-25479
    • Network Security
    • NetFlow
    • Internet Service Provider
    • METIS-309763
    • IR-93982
    • Anomaly Detection
    • Anomaly Mitigation
    • Correlation

    Cite this