An adaptive approach to network resilience: Evolving challenge detection and mitigation

It is widely agreed that computer networks need to become more resilient to a range of challenges that can seriously impact their normal operation. Challenges include malicious attacks, misconfigurations, accidental faults and operational overloads. As part of an overall strategy for network resilience, a crucial requirement is the identification of challenges in real-time, followed by the application of appropriate remedial action. In this paper, we motivate and describe a novel solution that enables the progressive multi-stage deployment of resilience strategies, based on incomplete challenge and context information. Policies are used to orchestrate the interactions between various resilience mechanisms, which incrementally identify the nature of a challenge and deploy appropriate remediation mechanisms. We demonstrate the benefits of this approach via simulation of a resource starvation attack on an Internet Service Provider infrastructure. By initially using lightweight detection and then progressively applying more heavyweight analysis, a key contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. The approach we propose in this paper has the flexibility, reproducibility and extensibility needed to assist in the identification and remediation of various network challenges in the future.