Abstract
Distributed attacks are one of the major threats that can cause catastrophic events to network infrastructures. By misusing fundamental network technologies, an attacker can saturate resources on networks and services by using botnets or web based services like Booters [JS15], which offers DDoS-as-a-service for anyone. Often UDP-based protocols like NTP (Network Time Protocol) or DNSSEC (Domain Name System Security Extensions) are being misused. Sophisticated attackers use amplification and reflection techniques to achieve high bandwidth consumption on the target up to 500 Gbps, as seen in recent attack reports [KS16].
System operators of centralized services are challenged to verify their mitigation strategies to prevent damage that are caused by such attacks. Moreover, running reproducible tests in order to learn the effectiveness of countermeasures can be a difficult task, since the integration of existing tools often introduces different application runtime semantics and thus, do not work as a seamless system. Running such tests on an operative network infrastructure is not an easy task, since legal restrictions and enterprise policies can restrict or even forbid the use of security penetrating tools.
We introduce a work-in-progress framework that complies to an operator’s requirements and could help to understand the possible outcome of a distributed attack within a network as a controllable and reliable process: The Security attack experimentation framework (STORM) [JS16]. In our work we discuss about the fundamental problems in developing such a framework and how it could be integrated into existing network infrastructures.
System operators of centralized services are challenged to verify their mitigation strategies to prevent damage that are caused by such attacks. Moreover, running reproducible tests in order to learn the effectiveness of countermeasures can be a difficult task, since the integration of existing tools often introduces different application runtime semantics and thus, do not work as a seamless system. Running such tests on an operative network infrastructure is not an easy task, since legal restrictions and enterprise policies can restrict or even forbid the use of security penetrating tools.
We introduce a work-in-progress framework that complies to an operator’s requirements and could help to understand the possible outcome of a distributed attack within a network as a controllable and reliable process: The Security attack experimentation framework (STORM) [JS16]. In our work we discuss about the fundamental problems in developing such a framework and how it could be integrated into existing network infrastructures.
| Original language | English |
|---|---|
| Pages | 17-17 |
| Number of pages | 1 |
| Publication status | Published - Jun 2016 |
| Event | 11th SPRING Gaduate Workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI), SPRING 2016 - Darmstadt, Germany Duration: 2 Jun 2016 → 3 Jun 2016 Conference number: 11 |
Workshop
| Workshop | 11th SPRING Gaduate Workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI), SPRING 2016 |
|---|---|
| Abbreviated title | SPRING |
| Country/Territory | Germany |
| City | Darmstadt |
| Period | 2/06/16 → 3/06/16 |
Fingerprint
Dive into the research topics of 'The security attack experimentation framework: An approach to test network mitigation strategies in compliance'. Together they form a unique fingerprint.Research output
- 1 Book editing
-
SPRING 2016, Darmstadt, Germany: Proceedings of the 11th SPRING graduate workshop of the special interest group Security – Intrusion Detection and Response (SIDAR) of the German informatics Society (GI)
Steinberger, J. (Editor), Jun 2016, Germany: German Informatics Society (GI). 22 p. (SIDAR-Reports; vol. SR-2016-01)Research output: Book/Report › Book editing › Academic
Open AccessFile
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver