Collaborative DDoS Defense using Flow-based Security Event Information

Autor: Aiko Pras, Harald Baier, Benjamin Kuhnert, Anna Sperotto, Jessica Steinberger
Rok vydání: 2016
Předmět:
Zdroj: Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016, 516-552
STARTPAGE=516;ENDPAGE=552;TITLE=Proceedings of the IEEE/IFIP Network Operations and Management Symposium, IEEE NOMS 2016
NOMS
Popis: Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is currently done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.
Databáze: OpenAIRE
Externí odkaz: