Collaborative Attack Mitigation and Response: A survey

Abstract

Over recent years, network-based attacks have become to one of the top causes of network infrastructure and service outages. To counteract a network-based attack, an approach is to move mitigation from the target network to the networks of Internet Service Providers (ISP). However, it remains unclear to what extent countermeasures are set up and which mitigation approaches are adopted by ISPs. Hence, the goal of this paper is to present the results of a survey that aims to gain insight into processes, structures and capabilities of ISPs to mitigate and respond to network-based attacks. One key finding is that automatic attack detection systems are deployed but transport networks report significant less security events per month on average than smaller networks. In addition, we found that automatic detection systems raise a massive amount of false positives. To handle the massive amount of security events, automatic mitigation and response systems could be established. We found that automatic mitigation and response systems to speed up mitigation and response capabilities are not widely deployed, but network operators would like to make use of them. Besides automatic detection and mitigation systems, collaboration of trusted partners to mitigate and respond to a network-based attack might be valuable, but network operators are not aware of existing protocols and formats to exchange security events or incidents.

Publication
14th IFIP/IEEE Symposium on Integrated Network and Service Management (IM 2015)