تشخیص و کاهش حملات link-flooding
ترجمه نشده

تشخیص و کاهش حملات link-flooding

عنوان فارسی مقاله: تشخیص و کاهش حملات link-flooding از طریق شبکه نرم افزار محور: Woodpecker
عنوان انگلیسی مقاله: Woodpecker: Detecting and mitigating link-flooding attacks via SDN
مجله/کنفرانس: شبکه های کامپیوتری – Computer Networks
رشته های تحصیلی مرتبط: مهندسی کامپیوتر، فناوری اطلاعات
گرایش های تحصیلی مرتبط: امنیت اطلاعات، شبکه های کامپیوتری
کلمات کلیدی فارسی: حمله Link-flooding، شبکه های تعریف شده توسط نرم افزار، DDoS
کلمات کلیدی انگلیسی: Link-flooding Attack، DDoS، Software-Defined Networking
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.comnet.2018.09.021
دانشگاه: Graduate School at Shenzhen – Tsinghua University – Shenzhen – China
صفحات مقاله انگلیسی: 17
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2018
ایمپکت فاکتور: ۳٫۰۹۲ در سال ۲۰۱۷
شاخص H_index: ۱۱۳ در سال ۲۰۱۹
شاخص SJR: ۰٫۵ در سال ۲۰۱۹
شناسه ISSN: ۱۳۸۹-۱۲۸۶
شاخص Quartile (چارک): Q2 در سال ۲۰۱۹
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: بله
کد محصول: E10652
فهرست مطالب (انگلیسی)

Abstract

1- Introduction

2- Related work

3- Threat model

4- Woodpecker design overview

5- Optimal upgrade nodes selection policy

6- Congestion location and attack detection

7- LFA defense measures

8- Evaluation

9- Conclusion and future work

References

بخشی از مقاله (انگلیسی)

Abstract

Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks.

Introduction

Recently, distributed denial of service (DDoS) attacks are the biggest threat to the availability of networks, applications and cloud services. The adversary generally ex5 plores resource asymmetry between the bots and victim servers, and abuses vulnerabilities of many network protocols to launch DDoS attacks [1, 2]. Many effective approaches have been proposed to detect and defend against the DDoS attacks, including Pushback [3], Ingress filter 10 [4], PacketScore [5] and so forth. These methods all need to identify malicious traffic in advance, but this operation is very difficult for link-flooding attack (LFA) — a new type of DDoS attack. Different from the traditional DDoS attacks, LFA floods 15 a well-chosen group of links to cut off the network connections of a target area, instead of attacking the target servers directly. To this end, the adversary first detects the paths from bots to the public servers and constructs a link map accordingly. Then, the adversary floods the 20 selected links by employing a large number of bots to send legitimate, low-density flows to the certain public servers. In this way, these congested links will severely degrade or even cut off the network connections of the target area. We show a simple example of LFA in Figure 1. 25 Over the last few years, LFA has quickly moved from the realm of academic curiosity [6, 7] to real-world incidents. We have already witnessed the real-life demonstration of LFA in the core of the Internet [8, 9]. The target areas of these attacks include internet exchange points, enterprises 30 and campus. Worth still, such an attack may be more frequent and massive due to inability to resist in reality. LFA typically has two remarkable characteristics. Undetectablity: The target area is not directly attacked. Thus the servers in the target area cannot perceive any 35 suspicious traffic. Indistinguishability: The adversary usually employs legitimate, low-rate flows with real IP addresses. Consequently, it is difficult to distinguish malicious flows from legitimate ones.