Cross-domain DoS link-flooding attack detection and mitigation using SDN prin- ciples

The Denial of Service (DoS) attacks pose a major threat to Internet users and services. Since the network security ecosystem is expanding over the years, new types of DoS attacks emerge. The DoS link-flooding attacks target to severely congest certain network links disrupting Internet accessibility to certain geographical areas and services passing through these links. Since crucial services like financial and government services depend on real-time Internet availability, the consequences of DoS link-flooding attacks become detrimental. Among the diverse DoS link-flooding attacks, the Crossfire attack is worthwhile to focus on when designing a DoS link-flooding attack countermeasure due to its effectiveness while it remains undetected. In this master thesis, we propose a detection and mitigation technique by combining Software Defined Networking (SDN) and network security principles. Since current defence solutions and techniques are unable to deal with the Crossfire attack, we use SDN features, such as flow rerouting, flow-level management and control and monitoring centralization, which provide by definition higher flexibility in defeating such complex DoS attacks. We design an online traffic engineering mechanism based on a strategy that enables both mitigation and detection of the Crossfire attack. A working prototype is implemented based on the proposed technique and evaluated on an emulated pure SDN environment.