Collaborative Attack Mitigation and Response: A survey

Jessica Steinberger, Anna Sperotto, Harald Baier, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    10 Citations (Scopus)
    36 Downloads (Pure)

    Abstract

    Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.
    Original languageUndefined
    Title of host publicationProceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    Place of PublicationUSA
    PublisherIEEE Computer Society
    Pages910-913
    Number of pages4
    ISBN (Print)978-3-901882-76-0
    DOIs
    Publication statusPublished - 14 May 2015
    EventIFIP/IEEE International Symposium on Integrated Network Management 2015: Integrated Management in the Age of Big Data - Ottawa, Canada
    Duration: 11 May 201515 May 2015
    http://im2015.ieee-im.org/

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    ConferenceIFIP/IEEE International Symposium on Integrated Network Management 2015
    Abbreviated titleIM 2015
    CountryCanada
    CityOttawa
    Period11/05/1515/05/15
    Internet address

    Keywords

    • EWI-25482
    • IR-96795
    • METIS-312464

    Cite this

    Steinberger, J., Sperotto, A., Baier, H., & Pras, A. (2015). Collaborative Attack Mitigation and Response: A survey. In Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015) (pp. 910-913). USA: IEEE Computer Society. https://doi.org/10.1109/INM.2015.7140407
    Steinberger, Jessica ; Sperotto, Anna ; Baier, Harald ; Pras, Aiko. / Collaborative Attack Mitigation and Response: A survey. Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Computer Society, 2015. pp. 910-913
    @inproceedings{98e4390c05eb4a588456985cb675c09f,
    title = "Collaborative Attack Mitigation and Response: A survey",
    abstract = "Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.",
    keywords = "EWI-25482, IR-96795, METIS-312464",
    author = "Jessica Steinberger and Anna Sperotto and Harald Baier and Aiko Pras",
    note = "eemcs-eprint-25482",
    year = "2015",
    month = "5",
    day = "14",
    doi = "10.1109/INM.2015.7140407",
    language = "Undefined",
    isbn = "978-3-901882-76-0",
    publisher = "IEEE Computer Society",
    pages = "910--913",
    booktitle = "Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",
    address = "United States",

    }

    Steinberger, J, Sperotto, A, Baier, H & Pras, A 2015, Collaborative Attack Mitigation and Response: A survey. in Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE Computer Society, USA, pp. 910-913, IFIP/IEEE International Symposium on Integrated Network Management 2015, Ottawa, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140407

    Collaborative Attack Mitigation and Response: A survey. / Steinberger, Jessica; Sperotto, Anna; Baier, Harald; Pras, Aiko.

    Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Computer Society, 2015. p. 910-913.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Collaborative Attack Mitigation and Response: A survey

    AU - Steinberger, Jessica

    AU - Sperotto, Anna

    AU - Baier, Harald

    AU - Pras, Aiko

    N1 - eemcs-eprint-25482

    PY - 2015/5/14

    Y1 - 2015/5/14

    N2 - Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

    AB - Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

    KW - EWI-25482

    KW - IR-96795

    KW - METIS-312464

    U2 - 10.1109/INM.2015.7140407

    DO - 10.1109/INM.2015.7140407

    M3 - Conference contribution

    SN - 978-3-901882-76-0

    SP - 910

    EP - 913

    BT - Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

    PB - IEEE Computer Society

    CY - USA

    ER -

    Steinberger J, Sperotto A, Baier H, Pras A. Collaborative Attack Mitigation and Response: A survey. In Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA: IEEE Computer Society. 2015. p. 910-913 https://doi.org/10.1109/INM.2015.7140407