Engineering Issues for an Adaptive Defense Network

Abstract

Engineering Issues for an Adaptive Defense Network (ADN) examines the ability of network systems to change behavior dynamically to sustain service in response to attacks. To focus the research problem, Distributed Denial of Service (DDoS) attacks were used as the threat. The primary issue was the capability to detect and defend against DDoS. Experimentation was performed with a packet filtering firewall, a network Quality of Service manager, multiple DDoS tools, and traffic generation tools. Related efforts, recommendations, and experiments are covered in this paper. Adapting to network events in degraded environments is a challenge for applications, services, and systems where conditions are known. As network conditions change due to cyber attacks carried out by e-mail viruses, application viruses, and denial of service attacks, there is typically instantaneous network confusion. Network operator reaction and control of these events can take hours to days for determination and resolution. This effort examines a severe threat, DDoS, and potential techniques for an adaptive, automatic defense that would take place in seconds and represent the first level of defense until network operations or the system administrator can respond. The asymmetric nature of the DDoS threat allows an individual with minimal resources to disrupt or deny network service to critical information infrastructures. Adaptive defense of networks requires automated response to current and future threats. This effort utilized DDoS threats to motivate adaptive defense behavior and experimentation. To provide guidance with respect to DDoS, recommendations were developed by information security organizations. The recommendations presented here protect the packet producers versus the victim, however, they are applicable to all sites and should be implemented.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2001

Accession Number

ADA458141

Entities

Tags