Self-organization techniques based on promoters and inhibitors has been intensively studied in biological systems. Promoters enable an on-demand amplification of reactions to a particular cause. This allows to react quickly with appropriate countermeasures. On the other hand, inhibitors are capable of regulating this uncontrolled amplification by suppressing the reaction. In this paper, we demonstrate the applicability of these mechanisms in a network security scenario consisting of network monitoring elements, attack detection, and firewall devices. Previous work identified most existing detection approaches as not suitable for high-speed networks. This problem can be alleviated by separating the methodologies for network monitoring and for subsequent data analysis. In this paper, we present an adaptation algorithm that allows to manage the individual configuration parameters in order to optimize the overall system. We show the advantages of self-regulating techniques based on promoters and inhibitors that lead to maximized security and that gracefully degradate in case of overload situations. We created a simulation model to verify the algorithms. The results of the conducted simulations encourage further studies in this field.
Chapter PDF
References
H.-W. Braun, k. Claffy, and G. C. Polyzos, “A framework for flow-based accounting on the Internet,” in IEEE Singapore International Conference on Networks (SICON’93), Singapore, September 1993, pp. 847-851.
B. Caswell and J. Hewlett, “Snort Users Manual,” The Snort Project, Manual, May 2004.
R. K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, vol. 10, pp. 42-51, October 2002.
B. Claise, “Cisco Systems NetFlow Services Export Version 9,” RFC 3954, October 2004.
——, “IPFIX Protocol Specification,” Internet-Draft (work in progress), draft-ietf-ipfix-protocol-22.txt, June 2006.
F. Dressler, “Adaptive network monitoring for self-organizing network security mechanisms,” in IFIP International Conference on Telecommunication Systems, Modeling and Analysis 2005 (ICTSM2005), Dallas, TX, USA, November 2005, pp. 67-75.
——, “Efficient and Scalable Communication in Autonomous Networking using Bio-inspired Mechanisms - An Overview,” Informatica - An International Journal of Computing and Informatics, vol. 29, no. 2, pp. 183-188, July 2005.
F. Dressler and I. Dietrich, “Simulative Analysis of Adaptive Network Monitoring Methodologies for Attack Detection,” in IEEE EUROCON 2005 - The International Conference on "Computer as a Tool", Belgrade, Serbia and Montenegro, November 2005, pp. 624-627.
F. Dressler and B. Krüger, “Cell biology as a key to computer networking,” in German Conference on Bioinformatics 2004 (GCB’04), Poster Session, Bielefeld, Germany, October 2004.
F. Dressler and G. Münz, “Flexible Flow Aggregation for Adaptive Network Monitoring,” in 31st IEEE Conference on Local Computer Networks (LCN): 1st IEEE LCN Workshop on Network Measurements (WNM 2006), Tampa, Florida, November 2006, pp. 702-709.
F. Dressler, G. Münz, and G. Carle, “CATS - Cooperating Autonomous Detection Systems,” in 1st IFIP International Workshop on Autonomic Communication (WAC 2004), Poster Session, Berlin, Germany, October 2004.
F. Dressler, C. Sommer, and G. Münz, “IPFIX Aggregation,” Internet-Draft (work in progress), draft-dressler-ipfix-aggregation-03.txt, June 2006.
N. Duffield and M. Grossglauser, “Trajectory Sampling for Direct Traffic Observation,” IEEE/ACM Transactions on Networking (TON), vol. 9, no. 3, pp. 280-292, June 2001.
N. Duffield, “A Framework for Packet Selection and Reporting,” Internet-Draft (work in progress), draft-ietf-psamp-framework-10.txt, January 2005.
A. Fessi, G. Carle, F. Dressler, J. Quittek, C. Kappler, and H. Tschofenig, “NSLP for Metering Configuration Signaling,” Internet-Draft (work in progress), draft-dressler-nsis-metering-nslp-04.txt, June 2006.
Y. Hu, D.-M. Chiu, and J. C. Lui, “Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks,” in IEEE/IFIP Network Operations and Management Symposium (IEEE/IFIP NOMS 2006), Vancouver, Canada, April 2006, pp. 424-435.
C. A. Janeway, M. Walport, and P. Travers, Immunobiology: The Immune System in Health and Disease, 5th ed. Garland Publishing, 2001.
B. Krüger and F. Dressler, “Molecular Processes as a Basis for Autonomous Networking,” IPSI Transactions on Advances Research: Issues in Computer Science and Engineering, vol. 1, no. 1, pp. 43-50, January 2005.
T.-H. Lee, W.-K. Wu, and T.-Y. W. Huang, “Scalable Packet Digesting Schemes for IP Traceback,” in IEEE International Conference on Communications, Paris, France, June 2004.
J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39-53, April 2004.
M. Molina, “A scalable and efficient methodology for flow monitoring in the Internet,” in 18th International Teletraffic Congress (ITC18), ser. Providing Quality of Service in Heterogeneous Environments, J. Charzinski, R. Lehnert, and P. Tran-Gia, Eds., vol. 5a. Berlin, Germany: Elsevier, August 2003, pp. 271-280.
V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks, vol. 31, no. 23-24, pp. 2435-2463, December 1999.
J. Quittek, S. Bryant, B. Claise, and J. Meyer, “Information Model for IP Flow Information Export,” Internet-Draft (work in progress), draft-ietf-ipfix-info-12.txt, June 2006.
M. Roesch, “Snort: Lightweight Intrusion Detection for Networks,” in 13th USENIX Conference on System Administration. USENIX Association, 1999, pp. 229-238.
R. F. Schmidt, F. Lang, and G. Thews, Physiologie des Menschen, 29th ed. Springer Verlag, 2005.
T. Zseby, M. Molina, N. Duffield, S. Niccolini, and F. Raspall, “Sampling and Filtering Techniques for IP Packet Selection,” Internet-Draft (work in progress), draft-ietf-psamp-sample-tech-07.txt, July 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dressler, F. (2007). Self-Organized Network Security Facilities based on Bio-inspired Promoters and Inhibitors. In: Dressler, F., Carreras, I. (eds) Advances in Biologically Inspired Information Systems. Studies in Computational Intelligence, vol 69. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72693-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-72693-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72692-0
Online ISBN: 978-3-540-72693-7
eBook Packages: EngineeringEngineering (R0)