An adaptive mitigation framework for handling suspicious network flows via MPLS policies

Nabil Hachem; Joaquin Garcia-Alfaro; Hervé Debar

doi:10.1007/978-3-642-41488-6_20

An adaptive mitigation framework for handling suspicious network flows via MPLS policies

CNRS SAMOVAR UMR 5157

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

As network attacks become more complex, defence strategies must provide means to handle more flexible and dynamic requirements. The Multiprotocol Label Switching (MPLS) standard is a promising method to properly handle suspicious flows participating in such network attacks. Tasks such as alert data extraction, and MPLS routers configuration present an entailment to activate the defence process. This paper introduces a novel framework to define, generate and implement mitigation policies on MPLS routers. The activation of such policies is triggered by the alerts and expressed using a high level formalism. An implementation of the approach is presented.

Original language	English
Title of host publication	Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings
Publisher	Springer Verlag
Pages	297-312
Number of pages	16
ISBN (Print)	9783642414879
DOIs	https://doi.org/10.1007/978-3-642-41488-6_20
Publication status	Published - 1 Jan 2013
Externally published	Yes
Event	18th Nordic Conference on Secure IT Systems, NordSec 2013 - Ilulissat, Greenland Duration: 18 Oct 2013 → 21 Oct 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8208 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th Nordic Conference on Secure IT Systems, NordSec 2013
Country/Territory	Greenland
City	Ilulissat
Period	18/10/13 → 21/10/13

Keywords

MPLS
Network Security
OrBAC
Policy Management

Access to Document

10.1007/978-3-642-41488-6_20

Cite this

Hachem, N., Garcia-Alfaro, J., & Debar, H. (2013). An adaptive mitigation framework for handling suspicious network flows via MPLS policies. In Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings (pp. 297-312). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8208 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-41488-6_20

Hachem, Nabil ; Garcia-Alfaro, Joaquin ; Debar, Hervé. / An adaptive mitigation framework for handling suspicious network flows via MPLS policies. Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings. Springer Verlag, 2013. pp. 297-312 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{aa69acc371b94e5990f671ed04628e57,

title = "An adaptive mitigation framework for handling suspicious network flows via MPLS policies",

abstract = "As network attacks become more complex, defence strategies must provide means to handle more flexible and dynamic requirements. The Multiprotocol Label Switching (MPLS) standard is a promising method to properly handle suspicious flows participating in such network attacks. Tasks such as alert data extraction, and MPLS routers configuration present an entailment to activate the defence process. This paper introduces a novel framework to define, generate and implement mitigation policies on MPLS routers. The activation of such policies is triggered by the alerts and expressed using a high level formalism. An implementation of the approach is presented.",

keywords = "MPLS, Network Security, OrBAC, Policy Management",

author = "Nabil Hachem and Joaquin Garcia-Alfaro and Herv{\'e} Debar",

year = "2013",

month = jan,

day = "1",

doi = "10.1007/978-3-642-41488-6\_20",

language = "English",

isbn = "9783642414879",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "297--312",

booktitle = "Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings",

note = "18th Nordic Conference on Secure IT Systems, NordSec 2013 ; Conference date: 18-10-2013 Through 21-10-2013",

}

Hachem, N, Garcia-Alfaro, J & Debar, H 2013, An adaptive mitigation framework for handling suspicious network flows via MPLS policies. in Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8208 LNCS, Springer Verlag, pp. 297-312, 18th Nordic Conference on Secure IT Systems, NordSec 2013, Ilulissat, Greenland, 18/10/13. https://doi.org/10.1007/978-3-642-41488-6_20

An adaptive mitigation framework for handling suspicious network flows via MPLS policies. / Hachem, Nabil; Garcia-Alfaro, Joaquin ; Debar, Hervé.
Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings. Springer Verlag, 2013. p. 297-312 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8208 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An adaptive mitigation framework for handling suspicious network flows via MPLS policies

AU - Hachem, Nabil

AU - Garcia-Alfaro, Joaquin

AU - Debar, Hervé

PY - 2013/1/1

Y1 - 2013/1/1

N2 - As network attacks become more complex, defence strategies must provide means to handle more flexible and dynamic requirements. The Multiprotocol Label Switching (MPLS) standard is a promising method to properly handle suspicious flows participating in such network attacks. Tasks such as alert data extraction, and MPLS routers configuration present an entailment to activate the defence process. This paper introduces a novel framework to define, generate and implement mitigation policies on MPLS routers. The activation of such policies is triggered by the alerts and expressed using a high level formalism. An implementation of the approach is presented.

AB - As network attacks become more complex, defence strategies must provide means to handle more flexible and dynamic requirements. The Multiprotocol Label Switching (MPLS) standard is a promising method to properly handle suspicious flows participating in such network attacks. Tasks such as alert data extraction, and MPLS routers configuration present an entailment to activate the defence process. This paper introduces a novel framework to define, generate and implement mitigation policies on MPLS routers. The activation of such policies is triggered by the alerts and expressed using a high level formalism. An implementation of the approach is presented.

KW - MPLS

KW - Network Security

KW - OrBAC

KW - Policy Management

UR - https://www.scopus.com/pages/publications/84890885556

U2 - 10.1007/978-3-642-41488-6_20

DO - 10.1007/978-3-642-41488-6_20

M3 - Conference contribution

AN - SCOPUS:84890885556

SN - 9783642414879

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 297

EP - 312

BT - Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings

PB - Springer Verlag

T2 - 18th Nordic Conference on Secure IT Systems, NordSec 2013

Y2 - 18 October 2013 through 21 October 2013

ER -

Hachem N, Garcia-Alfaro J , Debar H. An adaptive mitigation framework for handling suspicious network flows via MPLS policies. In Secure IT Systems - 18th Nordic Conference, NordSec 2013, Proceedings. Springer Verlag. 2013. p. 297-312. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-41488-6_20

An adaptive mitigation framework for handling suspicious network flows via MPLS policies

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this