European boffins tackle DoS attacks

By on
European boffins tackle DoS attacks

European computer scientists working in conjunction with IT industry partners have unveiled details of a "novel and comprehensive" security technology designed to protect broadband services from denial of service (DoS) attacks.

European computer scientists working in conjunction with IT industry partners have unveiled details of a "novel and comprehensive" security technology designed to protect broadband services from denial of service (DoS) attacks.

The Diadem Firewall project is funded by the EU's Information Society Technologies initiative to promote technology development. 

Diadem is being developed by a consortium including France Telecom, Polish Telecom, IBM Research, Imperial College London, University of Tübingen, Groupe des Ecoles des Télécommunications and Jozef Stefan Institute.

The group aims to fight distributed DoS attacks that typically use thousands of compromised home and business computers (or zombies) to bring down corporate systems, often as part of a blackmail attempt.

DDoS attacks affected over 13 per cent of businesses in the UK at a cost of more than £558m in 2004 alone, according to figures from the UK's National Hi-Tech Crime Unit.

"There is no doubt that DoS attacks are a growing issue as more and more services, such as online games, IP telephony, television over IP and e-shopping, are provided to broadband users through the internet," said Yannick Carlinet, project coordinator for the Diadem project.

"It is a crucial and vulnerable aspect of broadband security and will become even more so in the future as more users move over to broadband connections."

To strike back at the "broadband bandits", the Diadem Firewall partners have developed a distributed detection and reaction system located in the network and managed by the network operator.

This is already a radical move away from the current approach where end users are responsible for their own online security, according to Carlinet.

"The current security paradigm requires all end users to organise and manage the security of their own terminals," he explained.

"This has many shortcomings and the failure of such an approach has been demonstrated too often in recent times for it to be considered a viable solution."

Carlinet added that the project's approach combines implementation techniques for high-speed packer processing, algorithms for intrusion detection and policy-based techniques for automated configuration and decision making.

This included designing and implementing an architecture for provider-controlled distributed high-speed edge devices, thereby paving the way for the next generation of distributed high-speed broadband firewalls with policy-based control.

The project team also succeeded in developing and deploying enhanced techniques capable of detecting and reacting to a wide range of security violations, in particular detecting DDoS attacks, but also suitable for detecting and identifying other types of malfunction.

"Functional and performance tests are taking place right now and we are optimistic that we will be able to show substantial progress over the state-of-art intrusion and prevention systems," said Carlinet.

"Discussions are ongoing with France Telecom and Polish Telecom with regard to commercial exploitation of our solution. We are also in contact with some application-level packet processor manufacturers that are interested in our approach."
Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?