Cooperative Protection

Overload situations can be caused by targeted hostile attacks (Denial-of-Service-Attacks). However, unexpected suddenly growing legitimate user requests (flash crowds) can also threaten the functionality of servers. Here, D-CAF Cooperative Firewall offers effective protection mechanisms that ensure that the service access at least remains for the most important user groups.

Basis for the mode of action is a continuous observation of traffic and a cost/use-behaviour evaluation of the service users with regards to the economical goals of the service. Automated filter rules are derived from it that are activated independently in emergency situations and therefore sustain a best possible operation before further counter-measures are taken by the administrator. An efficiency increase is attained by means of cooperative exchange of user evaluations between various firewall systems. This allows filter rules to be distributed quickly on the web in order to isolate interfering sources early and close to their origin.

The D-CAF Cooperative Firewall-System is available on the Cisco-AXP router platform. It realises characteristic functions of self-management and self-protection in the Future Internet: cross layer approach with exchange of information between services and network layer, cross domain cooperation behaviour, self-management functions by independent generation of filter rules, as well as adjustment of system behaviour appropriate to the situation.