论文信息 - Towards Defeating the Crossfire Attack using SDN

Towards Defeating the Crossfire Attack using SDN

In this work, we propose online traffic engineering as a novel approach to detect and mitigate an emerging class of stealthy Denial of Service (DoS) link-flooding attacks. Our approach exploits the Software Defined Networking (SDN) paradigm, which renders the management of network traffic more flexible through centralised flow-level control and monitoring. We implement a full prototype of our solution on an emulated SDN environment using OpenFlow to interface with the network devices. We further discuss useful insights gained from our preliminary experiments as well as a number of open research questions which constitute work in progress.

Xenofontas A. Dimitropoulos | Vasileios Kotronis | Dimitrios Gkounis

[1] Yuan Tian,et al. Resistance Is Not Futile: Detecting DDoS Attacks without Packet Inspection , 2013, WISA.

[2] Virgil D. Gligor,et al. CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[3] Dimitrios Gkounis. Cross-domain DoS link-flooding attack detection and mitigation using SDN principles , 2014 .

[4] Ellen W. Zegura,et al. Interactions of Intelligent Route Control with TCP Congestion Control , 2007, Networking.

[5] Jennifer Rexford,et al. BGP routing policies in ISP networks , 2005, IEEE Network.

[6] Virgil D. Gligor,et al. The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[7] Nick McKeown,et al. A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[8] Adrian Perrig,et al. The Coremelt Attack , 2009, ESORICS.