Find a SECReT supervisor
prism apply now

Immmunising the Internet

22 February 2012

Changwang Zhang

This research is being funded by the China Scholarship Council.  Existing approaches in securing the Internet are insufficient and now new and more innovative ways for dealing with the increasing cyber-threats are necessary. This study explores the possibility of immunising the Internet.

The immune system and Internet security systems have many similarities in terms of the scale and complexity of the system they are protecting, the evolving nature of the threats, and the potentially catastrophic result of defence failures. By drawing analogies between the immune system and Internet security systems, we identify six immune paradigms that could be applied in designing better Internet se-curity systems. They are Danger-driven defence, Coordinated defence, Progressive increase in precision, Distributed defence and shared responsibility, Evolution and gradual development, and Spontaneous defence and artificial vaccination.

We then propose an Internet Immunisation Architecture (IIA) based on the identified immune paradigms. It is expected to serve as a blueprint for immunising the Internet against various traffic-flooding-based malicious network activities. Next we design an example application of the Internet Im-munisation Architecture (IIA) for countering Distributed Denial-of-Service (DDoS) attacks - currently one of the most prevalent threats in contemporary networks. Lastly, we conduct simulations in three generic DDoS attack scenarios to test the performance of the example application. Results from the simulations demonstrated the IIA can be effective and efficient in defending DDoS attacks.

The immune paradigms identified in this dissertation have been demonstrated to be a promising approach for improving network security in a series of simulations.