Collaborative DDoS Defense using Flow-based Security Event Information

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras

  • 2 Citations

Abstract

Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.
Original languageUndefined
Title of host publicationProceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
Place of PublicationUSA
PublisherIEEE Communications Society
Pages516-552
Number of pages6
ISBN (Print)978-1-5090-0223-8
DOIs
StatePublished - Apr 2016

Publication series

Name
PublisherIEEE Communications Society

Fingerprint

Communication
Internet service providers
Electronic mail
Telephone
Outages
Monitoring

Keywords

  • EWI-26587
  • METIS-316825
  • IR-100168

Cite this

Steinberger, J., Kuhnert, B., Sperotto, A., Baier, H., & Pras, A. (2016). Collaborative DDoS Defense using Flow-based Security Event Information. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 (pp. 516-552). USA: IEEE Communications Society. DOI: 10.1109/NOMS.2016.7502852

Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko / Collaborative DDoS Defense using Flow-based Security Event Information.

Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA : IEEE Communications Society, 2016. p. 516-552.

Research output: Scientific - peer-reviewConference contribution

@inbook{26ec8b0300ca4f278851f64457aeda9d,
title = "Collaborative DDoS Defense using Flow-based Security Event Information",
abstract = "Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.",
keywords = "EWI-26587, METIS-316825, IR-100168",
author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",
note = "eemcs-eprint-26587",
year = "2016",
month = "4",
doi = "10.1109/NOMS.2016.7502852",
isbn = "978-1-5090-0223-8",
publisher = "IEEE Communications Society",
pages = "516--552",
booktitle = "Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016",
address = "United States",

}

Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, Collaborative DDoS Defense using Flow-based Security Event Information. in Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. IEEE Communications Society, USA, pp. 516-552. DOI: 10.1109/NOMS.2016.7502852

Collaborative DDoS Defense using Flow-based Security Event Information. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko.

Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA : IEEE Communications Society, 2016. p. 516-552.

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Collaborative DDoS Defense using Flow-based Security Event Information

AU - Steinberger,Jessica

AU - Kuhnert,Benjamin

AU - Sperotto,Anna

AU - Baier,Harald

AU - Pras,Aiko

N1 - eemcs-eprint-26587

PY - 2016/4

Y1 - 2016/4

N2 - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

AB - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

KW - EWI-26587

KW - METIS-316825

KW - IR-100168

U2 - 10.1109/NOMS.2016.7502852

DO - 10.1109/NOMS.2016.7502852

M3 - Conference contribution

SN - 978-1-5090-0223-8

SP - 516

EP - 552

BT - Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016

PB - IEEE Communications Society

ER -

Steinberger J, Kuhnert B, Sperotto A, Baier H, Pras A. Collaborative DDoS Defense using Flow-based Security Event Information. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA: IEEE Communications Society. 2016. p. 516-552. Available from, DOI: 10.1109/NOMS.2016.7502852