Affiliation:
1. NEC Laboratories Europe, Heidelberg, Germany
2. ETH Zurich, Zurich, Switzerland
3. Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece
Abstract
Link-flooding attacks have the potential to disconnect even entire countries from the Internet. Moreover, newly proposed indirect link-flooding attacks, such as ``Crossfire'', are extremely hard to expose and, subsequently, mitigate effectively. Traffic Engineering (TE) is the network's natural way of mitigating link overload events, balancing the load and restoring connectivity. This work poses the question: Do we need a new kind of TE to expose an attack as well? The key idea is that a carefully crafted, attack-aware TE could force the attacker to follow improbable traffic patterns, revealing his target and his identity over time. We show that both existing and novel TE modules can efficiently expose the attack, and study the benefits of each approach. We implement defense prototypes using simulation mechanisms and evaluate them extensively on multiple real topologies.
Funder
European Research Council
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference25 articles.
1. The DDoS That Almost Broke The Internet. http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet. The DDoS That Almost Broke The Internet. http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet.
2. Lightweight DDoS flooding attack detection using NOX/OpenFlow
3. Ip spoofing;Farha A;The Internet Protocol Jrn.,2007
Cited by
30 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献