Abstract
Due to the considerable growth of Internet as well as its usage as a commercial platform, attacks against networks such as Distributed Denial of Service (DDoS) attacks, have emerged, with victims even among prestigious commercial sites. Such attacks in traditional networking are difficult to recognize and to handle. Managing them requires a network that can dynamically detect, share info, respond to event-triggered requests and proactively secure itself. We present here a community aware network security as well as hands on experience with a specific threat i.e. a DDoS scenario and attack response system approach. We demonstrate the dynamicity and flexibility of the community-aware networks in dealing with this kind of threats. The implementation is based on agent-enabled active networks and makes heavy use of the mobile agent technology in order to asynchronously respond to critical situations. Finally we comment on the pros and cons of our approach and discuss future directions that could be followed.
Résumé
Par suite de la croissance considérable de l’internet et de son usage comme plateforme commerciale, des attaques contre les réseaux telles que les attaques par saturation (ou par déni de service distribué) ont apparu, dont sont mêmes victimes des sites commerciaux prestigieux. Ces attaques sont difficiles à reconnaître et à traiter en réseautique traditionnelle. Leur prise en compte exige un réseau capable de les détecter dynamiquement, de partager des informations, de répondre à des requêtes déclenchées par événements et de se sécuriser lui-même par anticipation. L’article présente une sécurisation de réseau par participation communautaire, ainsi que l’expérience obtenue avec une menace partculière, à savoir un scénario de déni de service distribué et une approche systémique de réponse à l’attaque. Les réseaux à participation communautaire peuvent traiter ce genre d’attaques de façon dynamique et flexible. La mise en œuvre est fondée sur des réseaux actifs à base d’agents et fait un large emploi de la technique des agents mobiles en vue de répondre de manière asynchrone à des situations critiques. On discute enfin les avantages et inconvénients de cette approche et des directions de recherche pour l’avenir.
Similar content being viewed by others
References
Dittrich (D.), Tools for Distributed Denial of Service attacks, http://staff.washington.edu/dittrich/misc/ddos
Thebang project, http://www.fokus.fraunhofer.de/research/cc/glone/projects/bang/
The Grasshopper Agent Platform, http://www.grasshopper.de/
The Ethereal Network Protocol Analyzer, http://www.ethereal.com/
Smith (J. M.),Nettles (S. M.), “Active Networking: One View of the Past, Present and Future”,ieee Transactions on Systems, Man and Cybernetics (t-smc),34, Number 1, pp. 4–18, February 2004 (issn: 1094-6977).
Mobile Agent Platforms, http://www.agentlink.org/resources/agent-software.php
Hitachigr2000 Gigabit Routers, http://www.internetworking.hitachi.com/products/products_GR.html
Biswas (J.),Huard (J.-F.),Lazar (A.A.),Lim (K.-S.),Mahjoub (S.),Pau (L.-F.),Suzuki (M.),Torstensson (S.),Wang (W.)Weinstein (S.), “Theieee P1520 Standards Initiative for Programmable Network Interfaces”,ieee Communications Magazine, Special Issue on Programmable Networks,36, pp. 64–72,ieee, October 1998.
Nodeos Interface Specification.an Nodeos Working Group, Larry Peterson, ed., January 24, 2000.
Architectural Framework for Active Networks, Draft version 1.0, K.L. Calvert, ed., July 27, 1999.
Wetherall (D. J.),Guttag (J.),Tennenhouse (D. L.),ants: A Toolkit for Building and Dynamically Deploying Network Protocols,ieee openarch’98, San Francisco CA, Apr. 1998.
Alexander (D. S.),alien: A Generalized Computing Model of Active Networks, Ph.D. Thesis, University of Pennsylvania, December 1998.
masif — Mobile Agent System Interoperability Facility, http://www.omg.org/docs/orbos/98-03-09.pdf
Karnouskos (S.), “Security Implications of Implementing Active Network Infrastructures using Agent Technology”, Special Issue on Active Networks and Services, Computer Networks Journal,36, Issue 1, pp 87–100, June 2001 (ISSN 1389-1286).
fipa Web Site: http://www.fipa.org/
Mobile Agents Technology: http://www.cetus-links.org/oo_mobile_agents.html
Future Activeip Network (fain) Project, http://www.ist-fain.org
cert security advisories, http://www.cert.org/advisories/
Karnouskos (S.),Guo (H.),Becker (T.), “Trade-off or Invention: Experimental Integration of Active Networking and Programmable Networks”,Special Issue on Programmable Switches and Routers,ieeeJournal of Communications and Networks,3, Number 1, pp 19–27, March 2001 (issn 1229-2370)
Karnouskos (S.), “Realization of a Secure Active and Programmable Network Infrastructure via Mobile Agent Technology”,Special Issue on Computational Intelligence in Telecommunications Networks, Computer Communications Journal,25, Issue 16, pp. 1465–1476, October 2002 (issn: 0140-3664).
Savage (S.),Wetherall (D.),Karlin (A.),Anderson (T.), “Practical Network support forip Traceback”,acm sigcomm Conference 2000, Stockholm, Sweden
Park (K.),Lee (H.), “On the Effectiveness of Probabilistic Packet Marking forip Traceback under Denial of Service Attack”, Department of Computer Sciences, Purdue University,ieee infocom 2001.
Kang (M.),Moskowitz (I.),Lee (D.), A Network Pump,ieee Transactions on Software Engineering, pp. 329–338,22, No. 5, May 1996.
Dublin Core Metadata Initiative, http://dublincore.org/
xml Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/
xml-Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/
fipa Agent Communication Language (ACL), http://www.fipa.org/repository/aclspecs.html
ietf Intrusion Detection Exchange Format Working Group, http://www.ietf.org/html.charters/idwgcharter.html
Autonomous Agents for Intrusion Detection Group (aafid), http://www.cerias.purdue.edu/homes/aafid/
Java Agents for Meta-learning (jam), http://www.cs.columbia.edu/~sal/jam/project/
Intrusion Detection Agent System (ida), http://www.ipa.go.jp/stc/ida/
Mobile Agent Intrusion Detection System (maids), http://latte.cs.iastate.edu/Research/Intrusion/
Moore (A. P.), “Network Pump (np) security target”, Naval Research Laboratory, 29 May 2000. http://chacs.nrl.navy.mil/publications/chacs/2000/2000moore-npst.pdf
Anderson (J. P.), “Computer security threat monitoring and surveillance”, Technical report, James P. Anderson Co., Fort Washington,pa, April 1980
Denning (D. E.), “An intrusion-detection model”,ieee Transactions on Software Engineering, 13(2):222–232, February 1987.
Forrest (S.),Hofmeyr (S.),Somayaji (A.), “Computer Immunology” Communications of theacm,40, No 10, pp. 88–96 (1997).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Karnouskos, S. Community aware network security and a DDoS response system. Ann. Télécommun. 59, 525–542 (2004). https://doi.org/10.1007/BF03179686
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF03179686
Keywords
- Communication security
- Internet
- Blocking
- Protection
- Web site
- Active telecommunication network
- Cooperation
- Intelligent agent
- System architecture