Detecting and Mitigating Target Link-Flooding Attacks Using SDN

DDoS attacks have caused very serious damage to enterprise networks. Recently, a new kind of DDoS attack called link-flooding attack (LFA), has surfaced and is already being used by attackers to flood and congest network critical links. LFA is very difficult to detect since adversaries often utilize...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2019-11, Vol.16 (6), p.944-956
Hauptverfasser: Wang, Juan, Wen, Ru, Li, Jiangqi, Yan, Fei, Zhao, Bo, Yu, Fajiang
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:DDoS attacks have caused very serious damage to enterprise networks. Recently, a new kind of DDoS attack called link-flooding attack (LFA), has surfaced and is already being used by attackers to flood and congest network critical links. LFA is very difficult to detect since adversaries often utilize large-scale legitimate low-speed flows and rolls target links to isolate target areas for launching attacks. To address such a critical security problem, we design and implement a novel LFA defense system called LFADefender that leverages some key features, such as programmability, network-wide view, and flow traceability, of an emerging network technology, Software-Defined Networking (SDN), to effectively detect and migrate LFA. In LFADefender, we propose a LFA target link selection approach and design a LFA congestion monitoring mechanism to effectively detect LFA. In addition, we present a multiple optional paths rerouting method to temporarily mitigate links congestion caused by LFA. We further propose a malicious traffic blocking approach to radically mitigate LFA. Our evaluation results show that LFADefender can accurately detect and rapidly mitigate LFA, but only imposes minimal overhead in the communication channels between network controllers and data planes.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2018.2822275