Collaborative DDoS Defense using Flow-based Security Event Information

Jessica Steinberger; Benjamin Kuhnert; Anna Sperotto; Harald Baier; Aiko Pras

doi:10.1109/NOMS.2016.7502852

Collaborative DDoS Defense using Flow-based Security Event Information

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

19 Citations (Scopus)

27 Downloads (Pure)

Abstract

Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

Original language	Undefined
Title of host publication	Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
Place of Publication	USA
Publisher	IEEE
Pages	516-552
Number of pages	6
ISBN (Print)	978-1-5090-0223-8
DOIs	https://doi.org/10.1109/NOMS.2016.7502852
Publication status	Published - Apr 2016
Event	15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 - Suleyman Demirel Cultural Center, Istanbul, Istanbul, Turkey Duration: 25 Apr 2016 → 29 Apr 2016 Conference number: 15 http://noms2016.ieee-noms.org/

Publication series

Name
Publisher	IEEE Communications Society

Conference

Conference	15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
Abbreviated title	NOMS 2016
Country/Territory	Turkey
City	Istanbul
Period	25/04/16 → 29/04/16
Internet address	http://noms2016.ieee-noms.org/

Keywords

EWI-26587
METIS-316825
IR-100168

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/NOMS.2016.7502852

http://eprints.eemcs.utwente.nl/secure2/26587/01/PID4064521.pdf

19 Citations
1 PhD Thesis - Research UT, graduation UT

Distributed DDoS Defense - A collaborative Approach at Internet Scale
Steinberger, J., 19 Sept 2018, University of Twente. 209 p.
Research output: Thesis › PhD Thesis - Research UT, graduation UT

Open Access
File

2456 Downloads (Pure)

Cite this

@inproceedings{26ec8b0300ca4f278851f64457aeda9d,

title = "Collaborative DDoS Defense using Flow-based Security Event Information",

abstract = "Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.",

keywords = "EWI-26587, METIS-316825, IR-100168",

author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",

note = "eemcs-eprint-26587 ; 15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 ; Conference date: 25-04-2016 Through 29-04-2016",

year = "2016",

month = apr,

doi = "10.1109/NOMS.2016.7502852",

language = "Undefined",

isbn = "978-1-5090-0223-8",

publisher = "IEEE",

pages = "516--552",

booktitle = "Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016",

address = "United States",

url = "http://noms2016.ieee-noms.org/",

}

Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, Collaborative DDoS Defense using Flow-based Security Event Information. in Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. IEEE, USA, pp. 516-552, 15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016, Istanbul, Turkey, 25/04/16. https://doi.org/10.1109/NOMS.2016.7502852

Collaborative DDoS Defense using Flow-based Security Event Information. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna et al.
Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA: IEEE, 2016. p. 516-552.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Collaborative DDoS Defense using Flow-based Security Event Information

AU - Steinberger, Jessica

AU - Kuhnert, Benjamin

AU - Sperotto, Anna

AU - Baier, Harald

AU - Pras, Aiko

N1 - Conference code: 15

PY - 2016/4

Y1 - 2016/4

N2 - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

AB - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

KW - EWI-26587

KW - METIS-316825

KW - IR-100168

U2 - 10.1109/NOMS.2016.7502852

DO - 10.1109/NOMS.2016.7502852

M3 - Conference contribution

SN - 978-1-5090-0223-8

SP - 516

EP - 552

BT - Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016

PB - IEEE

CY - USA

T2 - 15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016

Y2 - 25 April 2016 through 29 April 2016

ER -

Collaborative DDoS Defense using Flow-based Security Event Information

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Research output

Distributed DDoS Defense - A collaborative Approach at Internet Scale

Cite this