Collaborative Attack Mitigation and Response: A survey

Jessica Steinberger; Anna Sperotto; Harald Baier; Aiko Pras

doi:10.1109/INM.2015.7140407

Collaborative Attack Mitigation and Response: A survey

Jessica Steinberger
, Anna Sperotto
, Harald Baier
, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

14 Citations (Scopus)

188 Downloads (Pure)

Abstract

Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

Original language	Undefined
Title of host publication	Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
Place of Publication	USA
Publisher	IEEE
Pages	910-913
Number of pages	4
ISBN (Print)	978-3-901882-76-0
DOIs	https://doi.org/10.1109/INM.2015.7140407
Publication status	Published - 14 May 2015
Event	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015: Integrated Management in the Age of Big Data - Shaw Centre, Ottawa, Canada Duration: 11 May 2015 → 15 May 2015 Conference number: 14 http://im2015.ieee-im.org/

Publication series

Name
Publisher	IEEE Computer Society

Conference

Conference	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
Abbreviated title	IM 2015
Country/Territory	Canada
City	Ottawa
Period	11/05/15 → 15/05/15
Internet address	http://im2015.ieee-im.org/

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Keywords

EWI-25482
IR-96795
METIS-312464

Access to Document

10.1109/INM.2015.7140407

im2015_Upload

Distributed DDoS Defense - A collaborative Approach at Internet Scale
Steinberger, J., 19 Sept 2018, University of Twente. 209 p.
Research output: Thesis › PhD Thesis - Research UT, graduation UT

Open Access
File

2715 Downloads (Pure)

Cite this

@inproceedings{98e4390c05eb4a588456985cb675c09f,

title = "Collaborative Attack Mitigation and Response: A survey",

abstract = "Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.",

keywords = "EWI-25482, IR-96795, METIS-312464",

author = "Jessica Steinberger and Anna Sperotto and Harald Baier and Aiko Pras",

note = "eemcs-eprint-25482 ; 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015 ; Conference date: 11-05-2015 Through 15-05-2015",

year = "2015",

month = may,

day = "14",

doi = "10.1109/INM.2015.7140407",

language = "Undefined",

isbn = "978-3-901882-76-0",

publisher = "IEEE",

pages = "910--913",

booktitle = "Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",

address = "United States",

url = "http://im2015.ieee-im.org/",

}

Steinberger, J, Sperotto, A, Baier, H & Pras, A 2015, Collaborative Attack Mitigation and Response: A survey. in Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE, USA, pp. 910-913, 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, Ontario, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140407

TY - GEN

T1 - Collaborative Attack Mitigation and Response: A survey

AU - Steinberger, Jessica

AU - Sperotto, Anna

AU - Baier, Harald

AU - Pras, Aiko

N1 - Conference code: 14

PY - 2015/5/14

Y1 - 2015/5/14

N2 - Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

AB - Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

KW - EWI-25482

KW - IR-96795

KW - METIS-312464

U2 - 10.1109/INM.2015.7140407

DO - 10.1109/INM.2015.7140407

M3 - Conference contribution

SN - 978-3-901882-76-0

SP - 910

EP - 913

BT - Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

PB - IEEE

CY - USA

T2 - 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015

Y2 - 11 May 2015 through 15 May 2015

ER -

Collaborative Attack Mitigation and Response: A survey

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Research output

Distributed DDoS Defense - A collaborative Approach at Internet Scale

Cite this