Collaborative DDoS Defense using Flow-based Security Event Information

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    6 Citations (Scopus)

    Abstract

    Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.
    Original languageUndefined
    Title of host publicationProceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
    Place of PublicationUSA
    PublisherIEEE Communications Society
    Pages516-552
    Number of pages6
    ISBN (Print)978-1-5090-0223-8
    DOIs
    Publication statusPublished - Apr 2016
    Event15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 - Suleyman Demirel Cultural Center, Istanbul, Istanbul, Turkey
    Duration: 25 Apr 201629 Apr 2016
    Conference number: 15
    http://noms2016.ieee-noms.org/

    Publication series

    Name
    PublisherIEEE Communications Society

    Conference

    Conference15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
    Abbreviated titleNOMS 2016
    CountryTurkey
    CityIstanbul
    Period25/04/1629/04/16
    Internet address

    Keywords

    • EWI-26587
    • METIS-316825
    • IR-100168

    Cite this

    Steinberger, J., Kuhnert, B., Sperotto, A., Baier, H., & Pras, A. (2016). Collaborative DDoS Defense using Flow-based Security Event Information. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 (pp. 516-552). USA: IEEE Communications Society. https://doi.org/10.1109/NOMS.2016.7502852
    Steinberger, Jessica ; Kuhnert, Benjamin ; Sperotto, Anna ; Baier, Harald ; Pras, Aiko. / Collaborative DDoS Defense using Flow-based Security Event Information. Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA : IEEE Communications Society, 2016. pp. 516-552
    @inproceedings{26ec8b0300ca4f278851f64457aeda9d,
    title = "Collaborative DDoS Defense using Flow-based Security Event Information",
    abstract = "Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.",
    keywords = "EWI-26587, METIS-316825, IR-100168",
    author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",
    note = "eemcs-eprint-26587",
    year = "2016",
    month = "4",
    doi = "10.1109/NOMS.2016.7502852",
    language = "Undefined",
    isbn = "978-1-5090-0223-8",
    publisher = "IEEE Communications Society",
    pages = "516--552",
    booktitle = "Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016",
    address = "United States",

    }

    Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, Collaborative DDoS Defense using Flow-based Security Event Information. in Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. IEEE Communications Society, USA, pp. 516-552, 15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016, Istanbul, Turkey, 25/04/16. https://doi.org/10.1109/NOMS.2016.7502852

    Collaborative DDoS Defense using Flow-based Security Event Information. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko.

    Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA : IEEE Communications Society, 2016. p. 516-552.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Collaborative DDoS Defense using Flow-based Security Event Information

    AU - Steinberger, Jessica

    AU - Kuhnert, Benjamin

    AU - Sperotto, Anna

    AU - Baier, Harald

    AU - Pras, Aiko

    N1 - eemcs-eprint-26587

    PY - 2016/4

    Y1 - 2016/4

    N2 - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

    AB - Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.

    KW - EWI-26587

    KW - METIS-316825

    KW - IR-100168

    U2 - 10.1109/NOMS.2016.7502852

    DO - 10.1109/NOMS.2016.7502852

    M3 - Conference contribution

    SN - 978-1-5090-0223-8

    SP - 516

    EP - 552

    BT - Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016

    PB - IEEE Communications Society

    CY - USA

    ER -

    Steinberger J, Kuhnert B, Sperotto A, Baier H, Pras A. Collaborative DDoS Defense using Flow-based Security Event Information. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016. USA: IEEE Communications Society. 2016. p. 516-552 https://doi.org/10.1109/NOMS.2016.7502852