• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >Detecting and Mitigating Target Link-Flooding Attacks Using SDN
【24h】

Detecting and Mitigating Target Link-Flooding Attacks Using SDN

机译:使用SDN检测和缓解目标链路泛洪攻击

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

DDoS attacks have caused very serious damage to enterprise networks. Recently, a new kind of DDoS attack called link-flooding attack (LFA), has surfaced and is already being used by attackers to flood and congest network critical links. LFA is very difficult to detect since adversaries often utilize large-scale legitimate low-speed flows and rolls target links to isolate target areas for launching attacks. To address such a critical security problem, we design and implement a novel LFA defense system called LFADefender that leverages some key features, such as programmability, network-wide view, and flow traceability, of an emerging network technology, Software-Defined Networking (SDN), to effectively detect and migrate LFA. In LFADefender, we propose a LFA target link selection approach and design a LFA congestion monitoring mechanism to effectively detect LFA. In addition, we present a multiple optional paths rerouting method to temporarily mitigate links congestion caused by LFA. We further propose a malicious traffic blocking approach to radically mitigate LFA. Our evaluation results show that LFADefender can accurately detect and rapidly mitigate LFA, but only imposes minimal overhead in the communication channels between network controllers and data planes.
机译:DDoS攻击已严重破坏企业网络。最近,一种称为链路洪泛攻击(LFA)的新型DDoS攻击已经浮出水面,攻击者已使用它来洪泛和拥塞网络关键链路。由于对手经常利用大规模合法的低速流量并滚动目标链接来隔离目标区域以发起攻击,因此LFA很难检测。为了解决这一关键的安全问题,我们设计并实现了一个名为LFADefender的新型LFA防御系统,该系统利用了新兴的网络技术软件定义的网络(SDN)的一些关键功能,例如可编程性,全网范围的视图和流可跟踪性。 ),以有效地检测和迁移LFA。在LFADefender中,我们提出了一种LFA目标链接选择方法,并设计了一种LFA拥塞监视机制来有效检测LFA。此外,我们提出了多种可选的路径重路由方法,以暂时缓解由LFA引起的链路拥塞。我们还提出了一种恶意流量阻止方法,以从根本上缓解LFA。我们的评估结果表明,LFADefender可以准确检测并快速缓解LFA,但仅在网络控制器和数据平面之间的通信通道中施加最小的开销。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号