Collaborative Research Project within the 7th Framework Programme (FP7) of the European Commission

Partners :

Telefonica Investigación y Desarrollo, Spain
NEC Europe Ltd., United Kingdom
Consorzio Nazionale Interuniversitario per le Telecomunicazioni, Italy
Forschungszentrum Telekommunikation Wien, Austria
Telekomunikacja Polska, Poland
France Telecom, France
Institut Telecom, France
ETH Zürich, Switzerland
SingularLogic, Greece
INVEA, Czech Republic
Institute of Communication and Computer Systems, Greece
Optenet, Spain
Kyos AG, Switzerland

September 2010 to February 2013

The core problem in cooperative network monitoring and mitigation is that incidents impacting the security and reliability of a given network today are complex, with threats widely distributed among attackers, intermediary systems, indirect and direct targets, all potentially lying in different organizations, parts of the network, and national jurisdictions. The legal, organizational, and technical infrastructure to respond to these incidents must therefore be distributed and cooperative.
To address all the above considerations, DEMONS envisions building a novel cooperative network monitoring and mitigation system based on a completely decentralized, application-aware, privacy-preserving, multi-jurisdictional monitoring infrastructure. Such an infrastructure will provide the detection, reporting and mitigation mechanisms needed to combat not only today's threats, but also those of tomorrow.

NEC leads the overall DEMONS technical coordination. In addition, NEC contributes to most technical topics of DEMONS, with particular focus on decentralized coordination layer design, application layer components for anomaly detection and privacy-preservation techniques.

Decentralized coordination layer
Main NEC objectives:

• Design and implementation of distributed overlay technologies based on P2P concepts for the scalable and resilient distribution and aggregation of data and control information.
• Evaluation of the scalability and resilience of the solutions designed by means of simulations and test facilities.
• Definition of cross-domain protocols for monitoring information verification and mitigation strategies enforcement in terms of information and data models.

Application layer components
Main NEC objectives:

• Specification and development of a VoIP anomaly detection tool intended to detect operational failures and unwanted communications at application layer with specific semantics.
• Specification of a distributed detection approach for Distributed Denial of Service (DDos) attacks, that enables early-detection of emerging attacks and identifies the sources of the malicious traffic.
• Design of an anomaly-based application that monitors the network traffic on a per-customer basis and raises alerts when there are sudden and large-scale shifts in communication behavior, as it is the case during automated information harvesting campaigns like phishing.

Privacy preservation techniques
Main NEC objectives:

• Specification of a framework for protecting and privately managing identity-related information (such as social contact patterns) that are derived from the monitoring data
• Design and validation of secure collaborative computation approaches for computing functions specifically related to cross-domain monitoring functions, so that the result of the computation is public but all input data remain private.

Please find the project's pulications at the official DEMONS web site.

Official DEMONS Web Site