Self-Organized Network Security Facilities based on Bio-inspired Promoters and Inhibitors

  • Falko Dressler

Self-organization techniques based on promoters and inhibitors has been intensively studied in biological systems. Promoters enable an on-demand amplification of reactions to a particular cause. This allows to react quickly with appropriate countermeasures. On the other hand, inhibitors are capable of regulating this uncontrolled amplification by suppressing the reaction. In this paper, we demonstrate the applicability of these mechanisms in a network security scenario consisting of network monitoring elements, attack detection, and firewall devices. Previous work identified most existing detection approaches as not suitable for high-speed networks. This problem can be alleviated by separating the methodologies for network monitoring and for subsequent data analysis. In this paper, we present an adaptation algorithm that allows to manage the individual configuration parameters in order to optimize the overall system. We show the advantages of self-regulating techniques based on promoters and inhibitors that lead to maximized security and that gracefully degradate in case of overload situations. We created a simulation model to verify the algorithms. The results of the conducted simulations encourage further studies in this field.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    H.-W. Braun, k. Claffy, and G. C. Polyzos, “A framework for flow-based accounting on the Internet,” in IEEE Singapore International Conference on Networks (SICON’93), Singapore, September 1993, pp. 847-851.Google Scholar
  2. 2.
    B. Caswell and J. Hewlett, “Snort Users Manual,” The Snort Project, Manual, May 2004.Google Scholar
  3. 3.
    R. K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, vol. 10, pp. 42-51, October 2002.CrossRefGoogle Scholar
  4. 4.
    B. Claise, “Cisco Systems NetFlow Services Export Version 9,” RFC 3954, October 2004.Google Scholar
  5. 5.
    ——, “IPFIX Protocol Specification,” Internet-Draft (work in progress), draft-ietf-ipfix-protocol-22.txt, June 2006.Google Scholar
  6. 6.
    F. Dressler, “Adaptive network monitoring for self-organizing network security mechanisms,” in IFIP International Conference on Telecommunication Systems, Modeling and Analysis 2005 (ICTSM2005), Dallas, TX, USA, November 2005, pp. 67-75.Google Scholar
  7. 7.
    ——, “Efficient and Scalable Communication in Autonomous Networking using Bio-inspired Mechanisms - An Overview,” Informatica - An International Journal of Computing and Informatics, vol. 29, no. 2, pp. 183-188, July 2005.Google Scholar
  8. 8.
    F. Dressler and I. Dietrich, “Simulative Analysis of Adaptive Network Monitoring Methodologies for Attack Detection,” in IEEE EUROCON 2005 - The International Conference on "Computer as a Tool", Belgrade, Serbia and Montenegro, November 2005, pp. 624-627.Google Scholar
  9. 9.
    F. Dressler and B. Krüger, “Cell biology as a key to computer networking,” in German Conference on Bioinformatics 2004 (GCB’04), Poster Session, Bielefeld, Germany, October 2004.Google Scholar
  10. 10.
    F. Dressler and G. Münz, “Flexible Flow Aggregation for Adaptive Network Monitoring,” in 31st IEEE Conference on Local Computer Networks (LCN): 1st IEEE LCN Workshop on Network Measurements (WNM 2006), Tampa, Florida, November 2006, pp. 702-709.Google Scholar
  11. 11.
    F. Dressler, G. Münz, and G. Carle, “CATS - Cooperating Autonomous Detection Systems,” in 1st IFIP International Workshop on Autonomic Communication (WAC 2004), Poster Session, Berlin, Germany, October 2004.Google Scholar
  12. 12.
    F. Dressler, C. Sommer, and G. Münz, “IPFIX Aggregation,” Internet-Draft (work in progress), draft-dressler-ipfix-aggregation-03.txt, June 2006.Google Scholar
  13. 13.
    N. Duffield and M. Grossglauser, “Trajectory Sampling for Direct Traffic Observation,” IEEE/ACM Transactions on Networking (TON), vol. 9, no. 3, pp. 280-292, June 2001. CrossRefGoogle Scholar
  14. 14.
    N. Duffield, “A Framework for Packet Selection and Reporting,” Internet-Draft (work in progress), draft-ietf-psamp-framework-10.txt, January 2005.Google Scholar
  15. 15.
    A. Fessi, G. Carle, F. Dressler, J. Quittek, C. Kappler, and H. Tschofenig, “NSLP for Metering Configuration Signaling,” Internet-Draft (work in progress), draft-dressler-nsis-metering-nslp-04.txt, June 2006.Google Scholar
  16. 16.
    Y. Hu, D.-M. Chiu, and J. C. Lui, “Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks,” in IEEE/IFIP Network Operations and Management Symposium (IEEE/IFIP NOMS 2006), Vancouver, Canada, April 2006, pp. 424-435.Google Scholar
  17. 17.
    C. A. Janeway, M. Walport, and P. Travers, Immunobiology: The Immune System in Health and Disease, 5th ed. Garland Publishing, 2001.Google Scholar
  18. 18.
    B. Krüger and F. Dressler, “Molecular Processes as a Basis for Autonomous Networking,” IPSI Transactions on Advances Research: Issues in Computer Science and Engineering, vol. 1, no. 1, pp. 43-50, January 2005. Google Scholar
  19. 19.
    T.-H. Lee, W.-K. Wu, and T.-Y. W. Huang, “Scalable Packet Digesting Schemes for IP Traceback,” in IEEE International Conference on Communications, Paris, France, June 2004.Google Scholar
  20. 20.
    J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39-53, April 2004. CrossRefGoogle Scholar
  21. 21.
    M. Molina, “A scalable and efficient methodology for flow monitoring in the Internet,” in 18th International Teletraffic Congress (ITC18), ser. Providing Quality of Service in Heterogeneous Environments, J. Charzinski, R. Lehnert, and P. Tran-Gia, Eds., vol. 5a. Berlin, Germany: Elsevier, August 2003, pp. 271-280. Google Scholar
  22. 22.
    V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks, vol. 31, no. 23-24, pp. 2435-2463, December 1999. CrossRefGoogle Scholar
  23. 23.
    J. Quittek, S. Bryant, B. Claise, and J. Meyer, “Information Model for IP Flow Information Export,” Internet-Draft (work in progress), draft-ietf-ipfix-info-12.txt, June 2006.Google Scholar
  24. 24.
    M. Roesch, “Snort: Lightweight Intrusion Detection for Networks,” in 13th USENIX Conference on System Administration. USENIX Association, 1999, pp. 229-238.Google Scholar
  25. 25.
    R. F. Schmidt, F. Lang, and G. Thews, Physiologie des Menschen, 29th ed. Springer Verlag, 2005.Google Scholar
  26. 26.
    T. Zseby, M. Molina, N. Duffield, S. Niccolini, and F. Raspall, “Sampling and Filtering Techniques for IP Packet Selection,” Internet-Draft (work in progress), draft-ietf-psamp-sample-tech-07.txt, July 2005.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Falko Dressler
    • 1
  1. 1.Autonomic Networking Group. Department of Computer Science 7University of ErlangenErlangenGermany

Personalised recommendations