An adaptive approach to network resilience: Evolving challenge detection and mitigation.
ABSTRACT It is widely agreed that computer networks need to become more resilient to a range of challenges that can seriously impact their normal operation. Challenges include malicious attacks, misconfigurations, accidental faults and operational overloads. As part of an overall strategy for network resilience, a crucial requirement is the identification of challenges in real-time, followed by the application of appropriate remedial action. In this paper, we motivate and describe a novel solution that enables the progressive multi-stage deployment of resilience strategies, based on incomplete challenge and context information. Policies are used to orchestrate the interactions between various resilience mechanisms, which incrementally identify the nature of a challenge and deploy appropriate remediation mechanisms. We demonstrate the benefits of this approach via simulation of a resource starvation attack on an Internet Service Provider infrastructure. By initially using lightweight detection and then progressively applying more heavyweight analysis, a key contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. The approach we propose in this paper has the flexibility, reproducibility and extensibility needed to assist in the identification and remediation of various network challenges in the future.
- SourceAvailable from: Alberto Egon Schaeffer-Filho[Show abstract] [Hide abstract]
ABSTRACT: Network resilience strategies aim to maintain ac-ceptable levels of network operation in the face of challenges, such as malicious attacks, operational overload or equipment failures. Often the nature of these challenges requires resilience strategies comprising mechanisms across multiple protocol layers and in disparate locations of the network. In this paper, we address the problem of resilience management and advocate that a new approach is needed for the design and evaluation of resilience strategies. To support the realisation of this approach we propose a framework that enables (1) the offline evaluation of resilience strategies to combat several types of challenges, (2) the generalisa-tion of successful solutions into reusable patterns of mechanisms, and (3) the rapid deployment of appropriate patterns when challenges are observed at run-time. The evaluation platform permits the simulation of a range of challenge scenarios and the resilience strategies used to combat these challenges. Strategies that can successfully address a particular type of challenge can be promoted to become resilience patterns. Patterns can thus be used to rapidly deploy resilience configurations of mechanisms when similar challenges are detected in the live network.01/2012;
- [Show abstract] [Hide abstract]
ABSTRACT: The increased number of security threats against the Internet has made communications more vulnerable to attacks. Despite much research and improvement in network security, the number of denial of service (DoS) attacks has rapidly grown in frequency, severity, and sophistication in recent years. Thus, serious attention needs to be paid to network security. However, to create a secure network that can stay ahead of all threats, detection and response features are real challenges. In this paper, we look at the the interaction between the attacker and the defender in a Red Team/Blue Team exercise. We also propose a quantitative decision framework which is able to provide optimal solutions to defend against well-organized and sophisticated attacks. A large number of possible scenarios for testing of DoS defences will be examined through this framework in order to help experts to improve decisions regarding optimal solutions to defend against DoS threats.Computational Intelligence for Security and Defense Applications (CISDA), 2013 IEEE Symposium on; 01/2013
Conference Paper: PReSET: A toolset for the evaluation of network resilience strategies[Show abstract] [Hide abstract]
ABSTRACT: Computer networks support many of the services that our society relies on. Therefore, ensuring their resilience to faults and challenges, such as attacks, is critical. To do this can require the execution of resilience strategies that perform dynamic reconfiguration of networks, including resilience-specific functionality. It is important that resilience strategies are evaluated prior to their execution, for example, to ensure they will not exacerbate an on-going problem. To facilitate this activity, we have developed a toolset that supports the evaluation of resilience strategies that are specified as event-driven policies. The toolset couples the Ponder2 policy-based management framework and the OMNeT++ simulation environment. In this paper, we discuss the network resilience problem and motivate simulation as a suitable way to evaluate resilience strategies. We describe the toolset we have developed, including its architecture and the implementation of a number of resilience mechanisms, and its application to evaluating strategies that detect and mitigate Internet worm behaviour.Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013