da/sec scientific talk on Internet-Security

Topic: Collaborative DDoS Defense using Flow-based Security Event Information

by Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras
FBI D14/2.03, April 07, 2016 (Thursday), 12.00 noon

Keywords — Network security

Abstract

Over recent years, network-based attacks evolved to the top concerns responsible for network infrastructure and service outages. To counteract such attacks, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). In addition, exchanging threat information among trusted partners is used to reduce the time needed to detect and respond to large-scale network-based attacks. However, exchanging threat information is done on an ad-hoc basis via email or telephone, and there is still no interoperable standard to exchange threat information among trusted partners. To facilitate the exchange of security event information in conjunction with widely adopted monitoring technologies, in particular network flows, we make use of the exchange format FLEX. The goal of this paper is to present a communication process that supports the dissemination of threat information based on FLEX in context of ISPs. We show that this communication process helps organizations to speed up their mitigation and response capabilities without the need to modify the current network infrastructure, and hence make it viable to use for network operators.