Self Protection through Collaboration Using D-CAF: A Distributed Context-Aware Firewall

Abstract

Keeping network services in the Internet available overtime is not an easy task. Sudden changes in usage volumes are common, not least due to Flash Crowds and Denial of Service attacks. Given the difficulty to discern malicious users from regular customers, administrators have little chance to mitigate without compromising availability or security. The presented Distributed Context-Aware Firewall (D-CAF) architecture, avails itself of the specialized knowledge of the protected services to minimize the impact.The protected services participate in in a valuation process,forwarding a per-user value/cost ratio information to the D-CAF. When a traffic overload occurs, the firewall selectively limits the access to resources of the protected system based on the aggregated reports. The semantic simplicity of the report lends itself to propagation and collaboration between several D-CAF instances. In this paper we discuss the approach, architecture and first testing results.