A Novel Approach to Identify Denial-of-Service Attacks against Transport Network Resources
Conference: Photonische Netze - 9. ITG-Fachtagung
04/28/2008 - 04/29/2008 at Leipzig, Germany
Proceedings: Photonische Netze
Pages: 8Language: englishTyp: PDFPersonal VDE Members are entitled to a 10% discount on this title
Hofmann, Stefan; Louizi, Mohamed; Stoll, Dieter (Alcatel-Lucent Deutschland AG, Nürnberg, Germany)
Transport networks are the core elements of today’s communications systems. Their capability to transmit data extremely fast and secure allows network operators to interconnect a large number of users at the same time. However, the increasing number of attacks against such networks raises the challenge to deploy effective safeguards to guarantee their availability. With UNI and E-NNI, Automatically Switched Optical Networks (ASON) have become susceptible to known and – potentially yet unknown – kind of Denial-of-Service attacks as well. This paper is focusing on attacks against transport resources aiming to prevent users from setting up transport connections, which can be SDH or ODU paths, but also wavelengths in dynamically switched WDM networks. With respect to the aspects being relevant for Denial-of-Service attacks against transport resources and potential attack schemes and scenarios, we present methods for the detection of such attacks and subsequent identification of the attackers, which contribute to a comprehensive detection framework for auditing the transport network for potential attacks. Within the EIBONE research project, we have developed a simulation tool to analyze a variety of simulation scenarios on the topology of a Lab-based ASON network. Using a variety of simulated attack scenarios, the detection methods and the framework were validated for their effectiveness. The results indicate that the framework yields good detection rates for Denial-of-Service attacks, in which one user account is attacking the network at one single access point. The combination of the detection methods and the consolidation of their results allows for identification of distributed attacks, in which an attacker employs several user accounts at potentially multiple access points to, for instance, attack a particular (gateway) network element. Next to the problem and the chosen analysis tools, the results from our analysis will be explained in detail.