Self Protection through Collaboration Using D-CAF: A Distributed Context-Aware Firewall

Keeping network services in the Internet available overtime is not an easy task. Sudden changes in usage volumes are common, not least due to Flash Crowds and Denial of Service attacks. Given the difficulty to discern malicious users from regular customers, administrators have little chance to mitigate without compromising availability or security. The presented Distributed Context-Aware Firewall (D-CAF) architecture, avails itself of the specialized knowledge of the protected services to minimize the impact.The protected services participate in in a valuation process,forwarding a per-user value/cost ratio information to the D-CAF. When a traffic overload occurs, the firewall selectively limits the access to resources of the protected system based on the aggregated reports. The semantic simplicity of the report lends itself to propagation and collaboration between several D-CAF instances. In this paper we discuss the approach, architecture and first testing results.

[1]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[2]  D.N. Serpanos,et al.  Countermeasures Against Distributed Denial of Service Attacks , 2005, 2005 IEEE Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[3]  Benoit Claise,et al.  Ip Flow Information Export (ipfix) Applicability , 2009 .

[4]  Mary Baker,et al.  Peer-to-Peer Caching Schemes to Address Flash Crowds , 2002, IPTPS.

[5]  Jürgen Quittek,et al.  Requirements for IP Flow Information Export (IPFIX) , 2004, RFC.

[6]  Bo Hong,et al.  Managing flash crowds on the Internet , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[7]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..