European boffins tackle DoS attacks

European computer scientists working in conjunction with IT industry partners have unveiled details of a "novel and comprehensive" security technology designed to protect broadband services from denial of service (DoS) attacks.

The Diadem Firewall project is funded by the EU's Information Society Technologies initiative to promote technology development. 

Diadem is being developed by a consortium including France Telecom, Polish Telecom, IBM Research, Imperial College London, University of Tübingen, Groupe des Ecoles des Télécommunications and Jozef Stefan Institute.

The group aims to fight distributed DoS attacks that typically use thousands of compromised home and business computers (or zombies) to bring down corporate systems, often as part of a blackmail attempt.

DDoS attacks affected over 13 per cent of businesses in the UK at a cost of more than £558m in 2004 alone, according to figures from the UK's National Hi-Tech Crime Unit.

"There is no doubt that DoS attacks are a growing issue as more and more services, such as online games, IP telephony, television over IP and e-shopping, are provided to broadband users through the internet," said Yannick Carlinet, project coordinator for the Diadem project.

"It is a crucial and vulnerable aspect of broadband security and will become even more so in the future as more users move over to broadband connections."

To strike back at the "broadband bandits", the Diadem Firewall partners have developed a distributed detection and reaction system located in the network and managed by the network operator.

This is already a radical move away from the current approach where end users are responsible for their own online security, according to Carlinet.

"The current security paradigm requires all end users to organise and manage the security of their own terminals," he explained.

"This has many shortcomings and the failure of such an approach has been demonstrated too often in recent times for it to be considered a viable solution."

Carlinet added that the project's approach combines implementation techniques for high-speed packer processing, algorithms for intrusion detection and policy-based techniques for automated configuration and decision making.

This included designing and implementing an architecture for provider-controlled distributed high-speed edge devices, thereby paving the way for the next generation of distributed high-speed broadband firewalls with policy-based control.

The project team also succeeded in developing and deploying enhanced techniques capable of detecting and reacting to a wide range of security violations, in particular detecting DDoS attacks, but also suitable for detecting and identifying other types of malfunction.

"Functional and performance tests are taking place right now and we are optimistic that we will be able to show substantial progress over the state-of-art intrusion and prevention systems," said Carlinet.

"Discussions are ongoing with France Telecom and Polish Telecom with regard to commercial exploitation of our solution. We are also in contact with some application-level packet processor manufacturers that are interested in our approach."

Copyright ©v3.co.uk

attacksboffinsdoseuropeansecuritytackle