Paper Abstract and Keywords |
Presentation |
2007-03-08 10:30
Network Defence Method Based on Aggregation of Users Security Policy Katsuhiro Sebayashi, Osamu Akashi, Mitsuru Maruyama (NTT) IN2006-199 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
A network defense scheme for an Internet Service Provider (ISP) network is presented. In this scheme, the ISP cooperates with users to filter attack packets or limits their rate. ISPs acquire configurations of filtering and intrusion detection functions which reflect user security policy obtained from user equipment such as Broad-band Routers (BBRs) and PCs. Next, aggregate rule is created from them. Finally, the ISP filters attack packets or limits their rate according to the aggregate rule. ISPs and users take countermeasures to deal with DDoS attacks and propagation of worms separately. The countermeasures of users that filter unnecessary packets by firewall function and IDS function in the BBR cannot mitigate bandwidth usage of these attack packets. On the other hand, countermeasures of ISPs that use the DDoS countermeasure system cannot mitigate the waste of network resources caused by these attack packets. ISPs cannot intercept attack packets without user permission even if the attack is detected by the system. This scheme makes it possible for users to mitigate bandwidth usage of these attack packets on their access lines by providing their security policies to their ISP. Then, The ISPs become able to control the waste of the network resources by not forwarding packets unnecessary to the users. We analyze default configurations of popular BBRs and verify the basic model of this scheme based on those configurations. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Security / Security Policy / Packet Filtering / DDoS Attack / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 106, no. 578, IN2006-199, pp. 113-118, March 2007. |
Paper # |
IN2006-199 |
Date of Issue |
2007-03-01 (IN) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IN2006-199 |
Conference Information |
Committee |
NS IN |
Conference Date |
2007-03-08 - 2007-03-09 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Okinawa Convention Center |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
|
Paper Information |
Registration To |
IN |
Conference Code |
2007-03-NS-IN |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Network Defence Method Based on Aggregation of Users Security Policy |
Sub Title (in English) |
|
Keyword(1) |
Security |
Keyword(2) |
Security Policy |
Keyword(3) |
Packet Filtering |
Keyword(4) |
DDoS Attack |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Katsuhiro Sebayashi |
1st Author's Affiliation |
Nipponn Telegraph and Telephone (NTT) |
2nd Author's Name |
Osamu Akashi |
2nd Author's Affiliation |
Nipponn Telegraph and Telephone (NTT) |
3rd Author's Name |
Mitsuru Maruyama |
3rd Author's Affiliation |
Nipponn Telegraph and Telephone (NTT) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2007-03-08 10:30:00 |
Presentation Time |
20 minutes |
Registration for |
IN |
Paper # |
IN2006-199 |
Volume (vol) |
vol.106 |
Number (no) |
no.578 |
Page |
pp.113-118 |
#Pages |
6 |
Date of Issue |
2007-03-01 (IN) |
|