Skip to main content
SpringerLink
Log in

Community aware network security and a DDoS response system

Sécurité des réseaux par participation communautaire et système de réponse d’une attaque par déni de service distribué

  • Published:
Annales des Télécommunications Aims and scope Submit manuscript

Abstract

Due to the considerable growth of Internet as well as its usage as a commercial platform, attacks against networks such as Distributed Denial of Service (DDoS) attacks, have emerged, with victims even among prestigious commercial sites. Such attacks in traditional networking are difficult to recognize and to handle. Managing them requires a network that can dynamically detect, share info, respond to event-triggered requests and proactively secure itself. We present here a community aware network security as well as hands on experience with a specific threat i.e. a DDoS scenario and attack response system approach. We demonstrate the dynamicity and flexibility of the community-aware networks in dealing with this kind of threats. The implementation is based on agent-enabled active networks and makes heavy use of the mobile agent technology in order to asynchronously respond to critical situations. Finally we comment on the pros and cons of our approach and discuss future directions that could be followed.

Résumé

Par suite de la croissance considérable de l’internet et de son usage comme plateforme commerciale, des attaques contre les réseaux telles que les attaques par saturation (ou par déni de service distribué) ont apparu, dont sont mêmes victimes des sites commerciaux prestigieux. Ces attaques sont difficiles à reconnaître et à traiter en réseautique traditionnelle. Leur prise en compte exige un réseau capable de les détecter dynamiquement, de partager des informations, de répondre à des requêtes déclenchées par événements et de se sécuriser lui-même par anticipation. L’article présente une sécurisation de réseau par participation communautaire, ainsi que l’expérience obtenue avec une menace partculière, à savoir un scénario de déni de service distribué et une approche systémique de réponse à l’attaque. Les réseaux à participation communautaire peuvent traiter ce genre d’attaques de façon dynamique et flexible. La mise en œuvre est fondée sur des réseaux actifs à base d’agents et fait un large emploi de la technique des agents mobiles en vue de répondre de manière asynchrone à des situations critiques. On discute enfin les avantages et inconvénients de cette approche et des directions de recherche pour l’avenir.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Dittrich (D.), Tools for Distributed Denial of Service attacks, http://staff.washington.edu/dittrich/misc/ddos

  2. Thebang project, http://www.fokus.fraunhofer.de/research/cc/glone/projects/bang/

  3. The Grasshopper Agent Platform, http://www.grasshopper.de/

  4. The Ethereal Network Protocol Analyzer, http://www.ethereal.com/

  5. Smith (J. M.),Nettles (S. M.), “Active Networking: One View of the Past, Present and Future”,ieee Transactions on Systems, Man and Cybernetics (t-smc),34, Number 1, pp. 4–18, February 2004 (issn: 1094-6977).

    Article  Google Scholar 

  6. Mobile Agent Platforms, http://www.agentlink.org/resources/agent-software.php

  7. Hitachigr2000 Gigabit Routers, http://www.internetworking.hitachi.com/products/products_GR.html

  8. Biswas (J.),Huard (J.-F.),Lazar (A.A.),Lim (K.-S.),Mahjoub (S.),Pau (L.-F.),Suzuki (M.),Torstensson (S.),Wang (W.)Weinstein (S.), “Theieee P1520 Standards Initiative for Programmable Network Interfaces”,ieee Communications Magazine, Special Issue on Programmable Networks,36, pp. 64–72,ieee, October 1998.

    Google Scholar 

  9. Nodeos Interface Specification.an Nodeos Working Group, Larry Peterson, ed., January 24, 2000.

  10. Architectural Framework for Active Networks, Draft version 1.0, K.L. Calvert, ed., July 27, 1999.

  11. Wetherall (D. J.),Guttag (J.),Tennenhouse (D. L.),ants: A Toolkit for Building and Dynamically Deploying Network Protocols,ieee openarch’98, San Francisco CA, Apr. 1998.

  12. Alexander (D. S.),alien: A Generalized Computing Model of Active Networks, Ph.D. Thesis, University of Pennsylvania, December 1998.

  13. masif — Mobile Agent System Interoperability Facility, http://www.omg.org/docs/orbos/98-03-09.pdf

  14. Karnouskos (S.), “Security Implications of Implementing Active Network Infrastructures using Agent Technology”, Special Issue on Active Networks and Services, Computer Networks Journal,36, Issue 1, pp 87–100, June 2001 (ISSN 1389-1286).

    Google Scholar 

  15. fipa Web Site: http://www.fipa.org/

  16. Mobile Agents Technology: http://www.cetus-links.org/oo_mobile_agents.html

  17. Future Activeip Network (fain) Project, http://www.ist-fain.org

  18. cert security advisories, http://www.cert.org/advisories/

  19. Karnouskos (S.),Guo (H.),Becker (T.), “Trade-off or Invention: Experimental Integration of Active Networking and Programmable Networks”,Special Issue on Programmable Switches and Routers,ieeeJournal of Communications and Networks,3, Number 1, pp 19–27, March 2001 (issn 1229-2370)

    Google Scholar 

  20. Karnouskos (S.), “Realization of a Secure Active and Programmable Network Infrastructure via Mobile Agent Technology”,Special Issue on Computational Intelligence in Telecommunications Networks, Computer Communications Journal,25, Issue 16, pp. 1465–1476, October 2002 (issn: 0140-3664).

    Google Scholar 

  21. Savage (S.),Wetherall (D.),Karlin (A.),Anderson (T.), “Practical Network support forip Traceback”,acm sigcomm Conference 2000, Stockholm, Sweden

  22. Park (K.),Lee (H.), “On the Effectiveness of Probabilistic Packet Marking forip Traceback under Denial of Service Attack”, Department of Computer Sciences, Purdue University,ieee infocom 2001.

  23. Kang (M.),Moskowitz (I.),Lee (D.), A Network Pump,ieee Transactions on Software Engineering, pp. 329–338,22, No. 5, May 1996.

    Article  Google Scholar 

  24. Dublin Core Metadata Initiative, http://dublincore.org/

  25. xml Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/

  26. xml-Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/

  27. fipa Agent Communication Language (ACL), http://www.fipa.org/repository/aclspecs.html

  28. ietf Intrusion Detection Exchange Format Working Group, http://www.ietf.org/html.charters/idwgcharter.html

  29. Autonomous Agents for Intrusion Detection Group (aafid), http://www.cerias.purdue.edu/homes/aafid/

  30. Java Agents for Meta-learning (jam), http://www.cs.columbia.edu/~sal/jam/project/

  31. Intrusion Detection Agent System (ida), http://www.ipa.go.jp/stc/ida/

  32. Mobile Agent Intrusion Detection System (maids), http://latte.cs.iastate.edu/Research/Intrusion/

  33. Moore (A. P.), “Network Pump (np) security target”, Naval Research Laboratory, 29 May 2000. http://chacs.nrl.navy.mil/publications/chacs/2000/2000moore-npst.pdf

  34. Anderson (J. P.), “Computer security threat monitoring and surveillance”, Technical report, James P. Anderson Co., Fort Washington,pa, April 1980

  35. Denning (D. E.), “An intrusion-detection model”,ieee Transactions on Software Engineering, 13(2):222–232, February 1987.

    Article  Google Scholar 

  36. Forrest (S.),Hofmeyr (S.),Somayaji (A.), “Computer Immunology” Communications of theacm,40, No 10, pp. 88–96 (1997).

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer FOKUS, Institute for Open Communication Systems, Kaiserin-Augusta-Allee 31, D-10589, Berlin, Germany

    Stamatis Karnouskos

Authors
  1. Stamatis Karnouskos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stamatis Karnouskos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Karnouskos, S. Community aware network security and a DDoS response system. Ann. Télécommun. 59, 525–542 (2004). https://doi.org/10.1007/BF03179686

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF03179686

Keywords

Mot clés

Search

Navigation