Collaborative DDoS Defense using Flow-based Security Event Information

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    16 Citations (Scopus)


    Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.
    Original languageUndefined
    Title of host publicationProceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
    Place of PublicationUSA
    PublisherIEEE Communications Society
    Number of pages6
    ISBN (Print)978-1-5090-0223-8
    Publication statusPublished - Apr 2016
    Event15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016 - Suleyman Demirel Cultural Center, Istanbul, Istanbul, Turkey
    Duration: 25 Apr 201629 Apr 2016
    Conference number: 15

    Publication series

    PublisherIEEE Communications Society


    Conference15th IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
    Abbreviated titleNOMS 2016
    Internet address


    • EWI-26587
    • METIS-316825
    • IR-100168

    Cite this