LinkScope: Towards Detecting Target Link Flooding Attacks
نویسندگان
چکیده
A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usage since they require either additional modules to enhance routers or using the software-defined network (SDN) to replace the traditional routers. In this paper, we propose a novel framework that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then locate the target links or areas whenever possible, and develop a prototype of the framework named LinkScope. Although using network measurement to capture network anomaly is not new, we tackle a number of challenging issues, such as conducting large-scale Internet path monitoring via non-cooperative measurement so that users do not need to install LinkScope on every host, profiling the performance of asymmetric Internet paths, and detecting LFA. The extensive evaluation in a testbed and the Internet shows that with limited bandwidth and computational overhead LinkScope can achieve timely detection and diagnosis of LFA with high detection rate and low false positive rate.
منابع مشابه
Towards Detecting Target Link Flooding Attack
A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that ...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملCross-domain DoS link-flooding attack detection and mitigation using SDN prin- ciples
The Denial of Service (DoS) attacks pose a major threat to Internet users and services. Since the network security ecosystem is expanding over the years, new types of DoS attacks emerge. The DoS link-flooding attacks target to severely congest certain network links disrupting Internet accessibility to certain geographical areas and services passing through these links. Since crucial services li...
متن کاملFLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks (CMU-CyLab-11-019)
— Malware-contaminated hosts organized as a " bot network " can target and flood network links (e.g., routers). Yet, none of the countermeasures to link flooding proposed to date have provided dependable link access (i.e., bandwidth guarantees) for legitimate traffic during such attacks. In this paper, we present a router subsystem called FLoc (Flow Localization) that confines attack effects an...
متن کاملSPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks
We have recently witnessed the real life demonstration of link-flooding attacks—DDoS attacks that target the core of the Internet that can cause significant damage while remaining undetected. Because these attacks use traffic patterns that are indistinguishable from legitimate TCP-like flows, they can be persistent and cause long-term traffic disruption. Existing DDoS defenses that rely on dete...
متن کامل