Real-time DDoS defense: a collaborative approach at internet scale

Jessica Steinberger, Anna Sperotto, Aiko Pras, Harald Baier

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    65 Downloads (Pure)


    In the last years, Distributed Denial of Service attacks (DDoS) evolved to one of the major causes responsible for network infrastructure and service outages. Often the amount of traffic generated by DDoS attacks is such that, although traditional security solutions as firewalls and Intrusion Prevention Systems are deployed, the target network will lose connectivity, because the network resources are exhausted. To optimize mitigation and response capabilities and thus reduce potential damages caused by DDoS attacks, mitigation and response should be moved from the target network to the networks of Internet Service Providers (ISPs). Additionally, ISPs should collaborate and exchange information in context of network security. This poster proposes a framework for flow-based real-time and automatic mitigation of DDoS attacks in ISP networks. The framework collects and processes network flow-based data e.g. NetFlow/IPFIX from the network edge router of an ISP network. The collected data is used to perform anomaly detection, data fusion and classification. In case of a detected anomaly within the flow-based data a security event is raised. Based on this security event a collaborative process is initiated. The framework collaborates with third parties by gathering and processing security information e.g. from other ISPs, customers or available data e.g. Blacklists, Open DNS resolvers etc.).
    Original languageUndefined
    Title of host publicationTrans-European Research and Education Networking Association (TNC 2014)
    Place of PublicationAmsterdam
    PublisherGEANT Association
    Number of pages1
    ISBN (Print)not assigned
    Publication statusPublished - 19 May 2014
    EventTrans-European Research and Education Networking Association (TNC 2014), Dublin, Ireland: Trans-European Research and Education Networking Association (TNC 2014) - Amsterdam
    Duration: 19 May 2014 → …

    Publication series

    PublisherGÉANT Association


    ConferenceTrans-European Research and Education Networking Association (TNC 2014), Dublin, Ireland
    Period19/05/14 → …


    • EWI-25990
    • IR-96445
    • METIS-312587

    Cite this