Centralized Defense Using Smart Routing Against Link-Flooding Attacks

Recently, two new distributed Link-flooding attacks with high destruction potential have been introduced named the Coremelt and the Crossfire attacks. Unlike the traditional DDoS attacks these two attacks isolate the victim from the rest of internet while the traffic is not sent to it. Moreover, these attacks are indistinguishable since the adversary keeps each per-flow rate, to flood the target network links, low for the Crossfire attack and only legitimate traffic is used for the Coremelt attack. The previous characteristics make these attacks undetectable by the current protection mechanisms in the routers or by intrusion detection systems (IDS). In this paper, we present a new mechanism that detects the sources used by the adversary to perform the attacks. Besides, we went one step further and we try to mitigate the attack even during the detection phase. This mechanism can be enabled by the softwarization mechanism as SDN. By extensive simulation on an ISP topology, and by comparing our work with previous solutions selected from the state of the art. Our results show that our heuristic is up to three times faster than the existing solutions and improve by ten the network stability. We believe that these results can help ISP enablers and designers to counter the link flooding attacks.

[1]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[2]  Lei Xue,et al.  LinkScope: Toward Detecting Target Link Flooding Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[3]  Sotiris Ioannidis,et al.  Network Topology Effects on the Detectability of Crossfire Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Matthew Roughan,et al.  The Internet Topology Zoo , 2011, IEEE Journal on Selected Areas in Communications.

[5]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[6]  Bo Zhao,et al.  Detecting and Mitigating Target Link-Flooding Attacks Using SDN , 2019, IEEE Transactions on Dependable and Secure Computing.

[7]  Vyas Sekar,et al.  SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks , 2016, NDSS.

[8]  Virgil D. Gligor,et al.  CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[9]  Xenofontas A. Dimitropoulos,et al.  On the Interplay of Link-Flooding Attacks and Traffic Engineering , 2016, CCRV.

[10]  Lei Xue,et al.  Towards Detecting Target Link Flooding Attack , 2014, LISA.

[11]  Dimitrios Gkounis Cross-domain DoS link-flooding attack detection and mitigation using SDN principles , 2014 .

[12]  Vinod Yegneswaran,et al.  Athena: A Framework for Scalable Anomaly Detection in Software-Defined Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[13]  Xenofontas A. Dimitropoulos,et al.  A novel framework for modeling and mitigating distributed link flooding attacks , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[14]  Bo An,et al.  Protecting internet infrastructure against link flooding attacks: A techno-economic perspective , 2019, Inf. Sci..

[15]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[16]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.