Cooperative security management for broadband network environments



From an internet service provider's (ISP) perspective, modern broadband access networks pose significant and ever increasing challenges in terms of security management. The growing number of permanently connected home networks, with a myriad of poorly managed devices, imposes significant security risks not only to the domestic customers, unable to defend themselves from security attacks, but also to the ISP and third-parties potentially targeted by large-scale distributed botnet attacks fed by swarms of zombie domestic personal computers. In this context, the traditional delimitation of customer and ISP perimeters is no longer effective. Home networks became too complex and vulnerable to be autonomously managed by the average customer, and the scale and sophistication of distributed security attacks make it more and more difficult for the ISP to properly manage security without intervening outside the boundaries of its own network. Considering this state of affairs, we propose an alternative architecture for security management. This architecture increases the level of integration and cooperation between the domains of the ISP infrastructure and the home network. At the same time, it potentially improves the scalability and granularity of traditional intrusion detection and prevention mechanisms.


Security;distributed IDS;home networks;CWMP

Related Project

iCIS - Intelligent Computing in the Internet of Services


Wiley Security and Communication Networks (ISSN 1939-0122), Hsiao-Hwa Chen and Hamid R. Sharif, July 2015


Cited by

Year 2018 : 3 citations

 Di Mauro, Mario, and Cesario Di Sarno. "Improving SIEM capabilities through an enhanced probe for encrypted Skype traffic detection." Journal of Information Security and Applications 38 (2018): 85-95.

 Pecorella, T.; Pierucci, L.; Nizzi, F. “Network Sentiment” Framework to Improve Security and Privacy for Smart Home, Future Internet, Vol 10, Issue 12, pp125, December 2018. DOI: 10.3390/fi10120125

 Norbert Nthala, Ivan Flechais, "Rethinking Home Network Security", in Proc. of Conference: European Workshop on Usable Security (EuroUSEC), London, England, April 2018. DOI: 10.14722/eurousec.2018.23011

Year 2016 : 2 citations

 K. M. Lee, W. G. Teng and T. W. Hou, "DRASE: A Dynamic Rescheduling and Self-Adaptive Estimation Technique to Enhance ACS Throughputs in CWMP," in IEEE Communications Letters, vol. 20, no. 11, pp. 2161-2164, Nov. 2016.
doi: 10.1109/LCOMM.2016.2602198

 Li Kunmin, Toward Optimizing System Capabilities in a CWMP Network, PhD. Thesis, Cheng Kung University Engineering Science degree thesis, 2016 (