Cooperative Protection
The Distributed Context-Aware Firewall (D-CAF) is a system that adjusts filtering based on traffic situations and dynamically learned user valuations. Networks need to protect their connected services against disruptions caused by malicious attacks or irregular user behavior (flash crowds). When anomalies are detected, traffic has to be filtered while collateral damage from blocking legitimate customers is minimized. D-CAF installs an efficient first line defense strategy by collecting information from protected services and sharing it with neighboring D-CAF systems. Services generate user ratings that assess provisioning costs against their value in terms of business objectives. When filtering is triggered, D-CAF increases filter ranges, starting from the worst-rated users upwards, until used bandwidth falls below the set threshold. D-CAF is implemented on Cisco AXP routers that allow for direct manipulation of low level network functions. This makes it possible to integrate new functions for self-management and self-protection into the router.
English
