Visible to the public Distributed DDoS Defense:A collaborative Approach at Internet Scale

TitleDistributed DDoS Defense:A collaborative Approach at Internet Scale
Publication TypeConference Paper
Year of Publication2020
AuthorsSteinberger, Jessica, Sperotto, Anna, Baier, Harald, Pras, Aiko
Conference NameNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
Keywordsattack intensities, DDoS, Dissemination, future attacks, Human Behavior, Internet-scale Computing Security, Metrics, mitigation, policy-based governance, pubcrawl, Reaction, Resiliency, Scalability
AbstractDistributed large-scale cyber attacks targeting the availability of computing and network resources still remain a serious threat. To limit the effects caused by those attacks and to provide a proactive defense, mitigation should move to the networks of Internet Service Providers (ISPs). In this context, this thesis focuses on a development of a collaborative, automated approach to mitigate the effects of Distributed Denial of Service (DDoS) attacks at Internet Scale. This thesis has the following contributions: i) a systematic and multifaceted study on mitigation of large-scale cyber attacks at ISPs. ii) A detailed guidance selecting an exchange format and protocol suitable to use to disseminate threat information. iii) To overcome the shortcomings of missing flow-based interoperability of current exchange formats, a development of the exchange format Flow-based Event Exchange Format (FLEX). iv) A communication process to facilitate the automated defense in response to ongoing network-based attacks, v) a model to select and perform a semi-automatic deployment of suitable response actions. vi) An investigation of the effectiveness of the defense techniques moving-target using Software Defined Networking (SDN) and their applicability in context of large-scale cyber attacks and the networks of ISPs. Finally, a trust model that determines a trust and a knowledge level of a security event to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in context of ISP networks.
DOI10.1109/NOMS47738.2020.9110300
Citation Keysteinberger_distributed_2020