You are here

BGP FLOWSPEC Enabling Dynamic Traffic Resilience


OBJECTIVE: Develop a model of threat identification coupled with a means to redirect, reroute, or otherwise dynamically divert suspicious or malicious network activity to independent locations for investigation, in order to create a resilient network boundary capable of handling potentially widespread attack vectors. DESCRIPTION: The current model implemented by Einstein for Trusted Internet Connections (TIC) services for the detection and mitigation of the Global Information Grid (GIG) enterprise is often inefficient and ineffective based on the volume of legitimate, suspicious, and known bad traffic. By creating a dynamic system of threat identification with an ability to control traffic and redirect as necessary to disparate locations, DoD will be capable of performing organized analysis of advanced persistent threats. Using a protocol such as BGP FLOWSPEC to allow internal analysis of both internal and external information to directly manipulate the path of network activity across a wide area network (WAN) will provide targeted analysis leveraging specific algorithms. Not only does the method enhance detection capabilities, but also analysis and algorithms to be applied to a smaller, more manageable data set. An operational solution would be a combination of protocols, architecture, and analytical locations where data is sent. PHASE I: Define a plan to develop a threat feed, internal traffic monitoring, and correlation of system aggregation into rule sets. Included in the plan will be a connection of the threat feed systems with boundary network devices using BGP FLOWSPEC, which will determine the necessary human intervention versus automation. Also, define the optimal network architecture for maximum performance (division of threats, placement of filters and redirects, etc.) PHASE II: Implement Phase I plan and further define mitigation strategies, such as redirect passive, redirect active, man-in-the-middle, or black hole. Potentially develop a solution to covertly redirect the traffic, consisting of packet manipulation, and hop count using IPv6. PHASE III DUAL USE APPLICATIONS - Military: With a military implementation, details of the employment of BGP FLOWSPEC enabling traffic resilience will be sensitive to DoD. A similar architecture and capability may be implemented and designed for the requirements of DoD to provide the data in the appropriate places to effectively and efficiently analyze adversarial behavior. - Commercial: The system could be employed to route traffic for analysis to commercial locations interested in further analyzing threats posing their organization, which would be beneficial in prioritizing defense mechanisms and responses to the activity.
US Flag An Official Website of the United States Government