Title :
A network challenge identification strategy based on firewall performance analysis
Author :
Ocampo, Andres F. ; Gaviria, Natalia
Author_Institution :
Dept. of Electron. & Telecommun. Eng., Univ. de Antioquia, Medellin, Colombia
Abstract :
In this papper, we study a resource starvation challenge caused by low rate DoS (Denial of Service)-DDoS (Distributed DoS) attacks targeting the last-matching rules of the firewall´s security policy. Our onset challenge detection mechanisms considers a CPU utilization threshold to keep track of firewall processing performance. In this way, when this threshold is reached, an initial alarm of the occurrence of an attack is triggered. Such a methodology enable to deploy an strategy of impact mitigation. Initial remediation actions against challenges are then considered once the detection part is performed, it includes the temporary swap of the most likely last-rule matched, in order to improve the system performance. We evaluate our strategy through simulations performed in Network Simulator 2, results show the performance of this scheme when subjected to normal traffic flows as well as DoS and DDoS attack flows.
Keywords :
firewalls; telecommunication security; telecommunication traffic; CPU utilization threshold; Network Simulator 2; challenge detection mechanisms; distributed denial of service attacks; firewall performance analysis; firewall processing performance; impact mitigation; last-rule matched; low rate DoS-DDoS attacks; network challenge identification strategy; normal traffic flows; resource starvation challenge; security policy; system performance; Analytical models; Computer crime; Firewalls (computing); Kernel; Mathematical model; Resilience; Network resilience; network challenge identification; network firewalls; performance analysis; performance modeling; queuing systems;
Conference_Titel :
Security Technology (ICCST), 2013 47th International Carnahan Conference on
Conference_Location :
Medellin
DOI :
10.1109/CCST.2013.6922069
