Zurich Research Laboratory
Lab overview
News
	News archive
	Image gallery
Careers at Zurich
Visitor information
Feedback
Site map

Research areas
	Math & Computer Science
	Science & Technology
	Systems

Competence Centers
	Deep Computing
	Privacy Research Institute

Business Services
	Industry Solutions Lab
	Business Development & Relations
	Consulting

Related links
	Other Labs
	IBM Journal of R & D
	IBM Systems Journal
	IBM Technical Reports

News

IBM researchers have developed a hardware prototype for protecting large-scale, high-speed networks

DIADEM firewall tightens the net against attacks	German

Zurich, Switzerland, 6 December 2006—The EU project DIADEM Firewall is a prototype of a novel architecture to block attacks against large-scale networks—an increasingly severe threat in this IT era where businesses are becoming ever more networked to provide goods and services on demand. Together with their project partners, scientists at the IBM (NYSE: IBM) Zurich Research Laboratory have developed a hardware module for large-scale, high-speed business networks. The technology gives businesses and network service providers entirely new capabilities to offer their customers secure, high-speed broadband services, thereby guaranteeing business-critical network availability at all times.

Attacks against large-scale networks that cause a breakdown of network connectivity and services, so-called distributed denial-of-service (DDoS) attacks, are a growing source of concern as businesses become increasingly networked and offer more and more services online. A DDoS attack usually happens when a network is flooded with so many requests that it cannot keep traffic moving at a regular pace. By hijacking thousands of home and business computers and using them as so-called zombies to flood and overload a network, DDoS attacks can bring down entire corporate systems, usually as part of a blackmail attempt.

The impact of such network outages on businesses is tremendous. Today, many businesses such as online shops, electronic financial traders, and airline booking portals are vitally dependent on network connectivity. Their potential loss of revenue can quickly reach millions of euros for every minute without connectivity, not accounting for the negative impact on corporate image and reputation. A security survey conducted by IBM in 2006 showed that 74% of 3000 leading companies worldwide rated upgrading their firewall as the most important measure against cybercrime.

Another aspect is that, in the near future, more and more end-users will presumably upgrade to broadband services. This will obviously generate more traffic, which in turn means that the cost of dealing with malicious data traffic is predicted to increase exponentially.

To block DDoS attacks in an effective and cost-efficient way, the DIADEM research team took a whole new approach. They developed a prototype of a distributed detection and automatic reaction system. It is centrally located in the network and managed by the network operator, thereby shifting the responsibility back to the provider to ensure the security of the network.

This new distributed firewall deploys monitoring elements throughout the network. These monitors continuously track traffic patterns at the edges of a network and report them to a system manager. The manager automatically detects abnormalities and adjusts the policies of all firewalls in the network accordingly. As a result, malicious hosts are disconnected from the network. "This is a radical departure from the current approach, where end-users are responsible for installing and maintaining their own firewall systems," explains Patricia Sagmeister, project leader at the Zurich Research Lab. "Unfortunately, the current approach is dangerously insufficient, as demonstrated all too often in recent times."

The IBM team in Zurich has developed a business solution prototype suitable for high-speed corporate networks. It is an innovative architecture that offloads the processing-intensive packet filtering task efficiently to a hardware module. The hardware module filters incoming data at extremely high speeds, which is essential in order to protect broadband networks against DDoS attacks. For the core of this module, IBM researchers developed a sophisticated, highly efficient algorithm that is capable of reliably filtering incoming data packages at network speeds up to 40 gigabits per second. Thus, the system is able to filter as many as 100 million packages per second in order to detect and immediately react to DDoS attacks.

"IBM's hardware module constitutes the kind of solution for large-scale deployment in distributed corporate networks that network operators and internet service providers need to ensure the integrity of their networks," states Sagmeister. Whereas, until now, individual users were in a poor position to protect and defend themselves against most kinds of malicious attacks, the DIADEM solution will allow internet service providers to secure their networks—including the systems of their clients and users—in a central fashion.

This paradigm shift in security management means that internet service providers can offer a real added value by providing a level of protection against malicious traffic that is significantly higher than what the average end-user can achieve. "DIADEM will pave the way to the next generation of distributed high-speed broadband firewalls with policy-based control," predicts Sagmeister.

Preliminary tests and performance evaluations of the DIADEM firewall and the hardware module have been successful. Now it is up to internet service providers and network operators to assume responsibility for implementing and managing centralized network security.

About the DIADEM Firewall project

The DIADEM Firewall project focused on a solution for adaptive security by means of a distributed programmable firewall to stop distributed denial-of-service (DDoS) attacks. The collaborative research project, which was officially launched in 2004 and completed on September 30, 2006, received funding in part from the EU commission and the Swiss government. Partners involved in the Diadem Firewall include France Télécom's R&D department, the University of Tübingen in Germany, IBM's Zurich Research Laboratory, Imperial College London, Groupe des Ecoles des Télécommunications in France, Jozef Stefan Institute in Slovenia, and Polish Telecom.

About the IBM Zurich Research Laboratory

The IBM Zurich Research Laboratory (ZRL), which is celebrating its 50th anniversary in 2006, is the European branch of IBM Research. This network of some 3200 employees in eight laboratories around the globe is the largest industrial research organization in the world. The Zurich laboratory itself currently employs about 320 people, representing more than 30 nationalities. World-class research and outstanding scientific achievements, most remarkably two Nobel Prizes, are associated with this lab. The spectrum of research activities at ZRL ranges from exploratory research to the development of computer systems and software to the designing of novel business models and services that are becoming available "On Demand".

News archive


		HSG rates European research organizations: ZRL premiere industrial research lab

		Lorenz Meier erhält Preis der Schweizerischen Physikalischen Gesellschaft

		EU funds project to pioneer privacy and identity management solutions in Web 2.0

		Karrierestart im IBM Forschungslabor in Rüschlikon

		3D avatar improves patient care

		Intelligent use of heat emissions in data centers of the future


		More news »

Press inquiries

Nicole Herfurth
Media Relations
IBM Research GmbH
Zurich Research Laboratory
Säumerstrasse 4
8803 Rüschlikon
Switzerland

Tel +41 44 724 8445
Fax +41 44 724 8952
e-mail: nih@zurich.ibm.com