Real-time DDoS defense: a collaborative approach at internet scale

Jessica Steinberger, Anna Sperotto, Aiko Pras, Harald Baier

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

16 Downloads (Pure)

Abstract

In the last years, Distributed Denial of Service attacks (DDoS) evolved to one of the major causes responsible for network infrastructure and service outages. Often the amount of traffic generated by DDoS attacks is such that, although traditional security solutions as firewalls and Intrusion Prevention Systems are deployed, the target network will lose connectivity, because the network resources are exhausted. To optimize mitigation and response capabilities and thus reduce potential damages caused by DDoS attacks, mitigation and response should be moved from the target network to the networks of Internet Service Providers (ISPs). Additionally, ISPs should collaborate and exchange information in context of network security. This poster proposes a framework for flow-based real-time and automatic mitigation of DDoS attacks in ISP networks. The framework collects and processes network flow-based data e.g. NetFlow/IPFIX from the network edge router of an ISP network. The collected data is used to perform anomaly detection, data fusion and classification. In case of a detected anomaly within the flow-based data a security event is raised. Based on this security event a collaborative process is initiated. The framework collaborates with third parties by gathering and processing security information e.g. from other ISPs, customers or available data e.g. Blacklists, Open DNS resolvers etc.).
Original languageUndefined
Title of host publicationTrans-European Research and Education Networking Association (TNC 2014)
Place of PublicationAmsterdam
PublisherGEANT Association
Pages133
Number of pages1
ISBN (Print)not assigned
Publication statusPublished - 19 May 2014

Publication series

Name
PublisherGÉANT Association

Keywords

  • EWI-25990
  • IR-96445
  • METIS-312587

Cite this

Steinberger, J., Sperotto, A., Pras, A., & Baier, H. (2014). Real-time DDoS defense: a collaborative approach at internet scale. In Trans-European Research and Education Networking Association (TNC 2014) (pp. 133). Amsterdam: GEANT Association.
Steinberger, Jessica ; Sperotto, Anna ; Pras, Aiko ; Baier, Harald. / Real-time DDoS defense: a collaborative approach at internet scale. Trans-European Research and Education Networking Association (TNC 2014). Amsterdam : GEANT Association, 2014. pp. 133
@inproceedings{5423b26efed24cd3ba864175c6cf69b2,
title = "Real-time DDoS defense: a collaborative approach at internet scale",
abstract = "In the last years, Distributed Denial of Service attacks (DDoS) evolved to one of the major causes responsible for network infrastructure and service outages. Often the amount of traffic generated by DDoS attacks is such that, although traditional security solutions as firewalls and Intrusion Prevention Systems are deployed, the target network will lose connectivity, because the network resources are exhausted. To optimize mitigation and response capabilities and thus reduce potential damages caused by DDoS attacks, mitigation and response should be moved from the target network to the networks of Internet Service Providers (ISPs). Additionally, ISPs should collaborate and exchange information in context of network security. This poster proposes a framework for flow-based real-time and automatic mitigation of DDoS attacks in ISP networks. The framework collects and processes network flow-based data e.g. NetFlow/IPFIX from the network edge router of an ISP network. The collected data is used to perform anomaly detection, data fusion and classification. In case of a detected anomaly within the flow-based data a security event is raised. Based on this security event a collaborative process is initiated. The framework collaborates with third parties by gathering and processing security information e.g. from other ISPs, customers or available data e.g. Blacklists, Open DNS resolvers etc.).",
keywords = "EWI-25990, IR-96445, METIS-312587",
author = "Jessica Steinberger and Anna Sperotto and Aiko Pras and Harald Baier",
year = "2014",
month = "5",
day = "19",
language = "Undefined",
isbn = "not assigned",
publisher = "GEANT Association",
pages = "133",
booktitle = "Trans-European Research and Education Networking Association (TNC 2014)",

}

Steinberger, J, Sperotto, A, Pras, A & Baier, H 2014, Real-time DDoS defense: a collaborative approach at internet scale. in Trans-European Research and Education Networking Association (TNC 2014). GEANT Association, Amsterdam, pp. 133.

Real-time DDoS defense: a collaborative approach at internet scale. / Steinberger, Jessica; Sperotto, Anna; Pras, Aiko; Baier, Harald.

Trans-European Research and Education Networking Association (TNC 2014). Amsterdam : GEANT Association, 2014. p. 133.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Real-time DDoS defense: a collaborative approach at internet scale

AU - Steinberger, Jessica

AU - Sperotto, Anna

AU - Pras, Aiko

AU - Baier, Harald

PY - 2014/5/19

Y1 - 2014/5/19

N2 - In the last years, Distributed Denial of Service attacks (DDoS) evolved to one of the major causes responsible for network infrastructure and service outages. Often the amount of traffic generated by DDoS attacks is such that, although traditional security solutions as firewalls and Intrusion Prevention Systems are deployed, the target network will lose connectivity, because the network resources are exhausted. To optimize mitigation and response capabilities and thus reduce potential damages caused by DDoS attacks, mitigation and response should be moved from the target network to the networks of Internet Service Providers (ISPs). Additionally, ISPs should collaborate and exchange information in context of network security. This poster proposes a framework for flow-based real-time and automatic mitigation of DDoS attacks in ISP networks. The framework collects and processes network flow-based data e.g. NetFlow/IPFIX from the network edge router of an ISP network. The collected data is used to perform anomaly detection, data fusion and classification. In case of a detected anomaly within the flow-based data a security event is raised. Based on this security event a collaborative process is initiated. The framework collaborates with third parties by gathering and processing security information e.g. from other ISPs, customers or available data e.g. Blacklists, Open DNS resolvers etc.).

AB - In the last years, Distributed Denial of Service attacks (DDoS) evolved to one of the major causes responsible for network infrastructure and service outages. Often the amount of traffic generated by DDoS attacks is such that, although traditional security solutions as firewalls and Intrusion Prevention Systems are deployed, the target network will lose connectivity, because the network resources are exhausted. To optimize mitigation and response capabilities and thus reduce potential damages caused by DDoS attacks, mitigation and response should be moved from the target network to the networks of Internet Service Providers (ISPs). Additionally, ISPs should collaborate and exchange information in context of network security. This poster proposes a framework for flow-based real-time and automatic mitigation of DDoS attacks in ISP networks. The framework collects and processes network flow-based data e.g. NetFlow/IPFIX from the network edge router of an ISP network. The collected data is used to perform anomaly detection, data fusion and classification. In case of a detected anomaly within the flow-based data a security event is raised. Based on this security event a collaborative process is initiated. The framework collaborates with third parties by gathering and processing security information e.g. from other ISPs, customers or available data e.g. Blacklists, Open DNS resolvers etc.).

KW - EWI-25990

KW - IR-96445

KW - METIS-312587

M3 - Conference contribution

SN - not assigned

SP - 133

BT - Trans-European Research and Education Networking Association (TNC 2014)

PB - GEANT Association

CY - Amsterdam

ER -

Steinberger J, Sperotto A, Pras A, Baier H. Real-time DDoS defense: a collaborative approach at internet scale. In Trans-European Research and Education Networking Association (TNC 2014). Amsterdam: GEANT Association. 2014. p. 133