liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Collaborative Network Security: Targeting Wide-area Routing and Edge-network Attacks
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
2016 (Engelska)Doktorsavhandling, monografi (Övrigt vetenskapligt)
Abstract [en]

To ensure that services can be delivered reliably and continuously over theInternet, it is important that both Internet routes and edge networks aresecured. However, the sophistication and distributed nature of many at-tacks that target wide-area routing and edge networks make it difficult foran individual network, user, or router to detect these attacks. Thereforecollaboration is important. Although the benefits of collaboration betweendifferent network entities have been demonstrated, many open questionsstill remain, including how to best design distributed scalable mechanismsto mitigate attacks on the network infrastructure. This thesis makes severalcontributions that aim to secure the network infrastructure against attackstargeting wide-area routing and edge networks.

First, we present a characterization of a controversial large-scale routinganomaly, in which a large Telecom operator hijacked a very large numberof Internet routes belonging to other networks. We use publicly availabledata from the time of the incident to understand what can be learned aboutlarge-scale routing anomalies and what type of data should be collected inthe future to diagnose and detect such anomalies.

Second, we present multiple distributed mechanisms that enable col-laboration and information sharing between different network entities thatare affected by such attacks. The proposed mechanisms are applied in thecontexts of collaborating Autonomous Systems (ASes), users, and servers,and are shown to help raise alerts for various attacks. Using a combina-tion of data-driven analysis and simulations, based on publicly availablereal network data (including traceroutes, BGP announcements, and net-work relationship data), we show that our solutions are scalable, incur lowcommunication and processing overhead, and provide attractive tradeoffsbetween attack detection and false alert rates.

Finally, for a set of previously proposed routing security mechanisms,we consider the impact of regional deployment restrictions, the scale of thecollaboration, and the size of the participants deploying the solutions. Al-though regional deployment can be seen as a restriction and the participationof large networks is often desirable, we find interesting cases where regionaldeployment can yield better results compared to random global deployment,and where smaller networks can play an important role in achieving bettersecurity gains. This study offers new insights towards incremental deploy-ment of different classes of routing security mechanisms.

Ort, förlag, år, upplaga, sidor
Linköping: Linköping University Electronic Press, 2016. , 175 s.
Serie
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 1798
Nyckelord [en]
Collaboration, network security, BGP attacks, routing security, hijack
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:liu:diva-131959DOI: 10.3384/diss.diva-131959ISBN: 9789176856628 (tryckt)OAI: oai:DiVA.org:liu-131959DiVA: diva2:1045752
Disputation
2016-12-02, Visionen, Building B, Campus Valla, Linköping, 13:15 (Engelska)
Opponent
Handledare
Forskningsfinansiär
CUGS (National Graduate School in Computer Science).SE (Stiftelsen för internetinfrastruktur)
Tillgänglig från: 2016-11-11 Skapad: 2016-10-12 Senast uppdaterad: 2016-11-14Bibliografiskt granskad

Open Access i DiVA

Collaborative Network Security: Targeting Wide-area Routing and Edge-network Attacks(5363 kB)189 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 5363 kBChecksumma SHA-512
e2206107cf8e371e3a7c748a455aec3b6f368d654a5b0cdb37c5a8ebd2024e41e3eabf66ef5ebfab60a2d92c9a5eb101494ab743447736654c355c2690249d65
Typ fulltextMimetyp application/pdf
omslag(816 kB)21 nedladdningar
Filinformation
Filnamn COVER01.pdfFilstorlek 816 kBChecksumma SHA-512
829bcd44747c2d49c234dd9b12035ad0edd04617b643650bf9c917bcdbc920773fad8f45f4207bf20b0591584e210079c4eff1ffb08a6e9325e55b9039c2b56b
Typ coverMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Sök vidare i DiVA

Av författaren/redaktören
Hiran, Rahul Gokulchand
Av organisationen
Databas och informationsteknikTekniska fakulteten
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 189 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

Altmetricpoäng

Totalt: 2436 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf