Abstract:
A Link Flooding Attack (LFA) is a type of link-aimed Distributed Denial of Service (DDoS) attack that can overwhelm the Internet critical links to cut off connections wit...Show MoreMetadata
Abstract:
A Link Flooding Attack (LFA) is a type of link-aimed Distributed Denial of Service (DDoS) attack that can overwhelm the Internet critical links to cut off connections with lots of low-rate, seemingly benign traffic. To defend against such threats, a promising solution involves mitigating the attack through load balancing. However, adaptive attacks employ two effective means to circumvent existing load balancing strategies. The first is the frequent changing of targets, known as rolling attacks. Rolling attacks exploit the delay between attack detection feedback and the mitigation of load balancing, depleting the defender’s resources. The second is the strategical selection of target links to create the worst-case scenario for load balancing algorithms. To address these challenges, we propose LinkDam. Specifically, LinkDam adopts a proactive approach by tracking and predicting potential victim links, providing defense against all targets of rolling attacks. Subsequently, we introduce a robust load balancing strategy to prevent the exploitation of selected link combinations. Additionally, LinkDam introduces a partial deployment approach, demanding a mere 40% of nodes be programmable (i.e., SDN nodes) while maintaining an acceptable 10% performance reduction from the maximum achievable. The experimental results indicate that LinkDam surpasses an 80% accuracy threshold, and exhibits a 57% higher tolerance to attack budgets compared to state-of-the-art solutions.
Published in: IEEE Transactions on Networking ( Early Access )