Woodpecker: Detecting and mitigating link-flooding attacks via SDN

被引:32
|
作者
Wang, Lei [1 ]
Li, Qing [2 ]
Jiang, Yong [1 ]
Jia, Xuya [1 ]
Wu, Jianping [3 ]
机构
[1] Tsinghua Univ, Grad Sch Shenzhen, Shenzhen, Peoples R China
[2] Southern Univ Sci & Technol, Shenzhen, Peoples R China
[3] Tsinghua Univ, Dept Comp Sci & Technol, Beijing, Peoples R China
基金
中国国家自然科学基金;
关键词
Link-flooding attack; DDoS; Software-defined networking;
D O I
10.1016/j.comnet.2018.09.021
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks. (C) 2018 Elsevier B.V. All rights reserved.
引用
收藏
页码:1 / 13
页数:13
相关论文
共 50 条
  • [1] Detecting and Mitigating Target Link-Flooding Attacks Using SDN
    Wang, Juan
    Wen, Ru
    Li, Jiangqi
    Yan, Fei
    Zhao, Bo
    Yu, Fajiang
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2019, 16 (06) : 944 - 956
  • [2] Mitigating Link-Flooding Attack with Segment Rerouting in SDN
    Xie, Lixia
    Ding, Ying
    Yang, Hongyu
    CYBERSPACE SAFETY AND SECURITY, PT I, 2020, 11982 : 57 - 69
  • [3] Mitigating Link-flooding Attacks in Intelligent Transportation System
    Xia, Yu
    Liu, Ying
    Yin, Jianhui
    Li, Yikun
    Yu, Chengxiao
    2024 IEEE 99TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2024-SPRING, 2024,
  • [4] RL-Shield: Mitigating Target Link-Flooding Attacks Using SDN and Deep Reinforcement Learning Routing Algorithm
    Rezapour, Amir
    Tzeng, Wen-Guey
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (06) : 4052 - 4067
  • [5] On the Interplay of Link-Flooding Attacks and Traffic Engineering
    Gkounis, Dimitrios
    Kotronis, Vasileios
    Liaskos, Christos
    Dimitropoulos, Xenofontas
    ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2016, 46 (02) : 5 - 11
  • [6] Efficient Detection of Link-Flooding Attacks with Deep Learning
    Hsieh, Chih-Hsiang
    Wang, Wei-Kuan
    Wang, Cheng-Xun
    Tsai, Shi-Chun
    Lin, Yi-Bing
    SUSTAINABILITY, 2021, 13 (22)
  • [7] Active Link Obfuscation to Thwart Link-flooding Attacks for Internet of Things
    Ding, Xuyang
    Xiao, Feng
    Zhou, Man
    Wang, Zhibo
    2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020), 2020, : 217 - 224
  • [8] Towards Mitigating Link Flooding Attack Via Incremental SDN Deployment
    Wang, Lei
    Li, Qing
    Jiang, Yong
    Wu, Jianping
    2016 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATION (ISCC), 2016, : 397 - 402
  • [9] Mitigating while Accessing: A Lightweight Defense Framework Against Link Flooding Attacks in SDN
    Sun Hancun
    Chen Xu
    Luo Yantian
    Ge Ning
    China Communications, 2024, 21 (11) : 15 - 27
  • [10] Mitigating while Accessing: A Lightweight Defense Framework Against Link Flooding Attacks in SDN
    Sun, Hancun
    Chen, Xu
    Luo, Yantian
    Ge, Ning
    CHINA COMMUNICATIONS, 2024, 21 (11) : 15 - 27