LinkScope: Toward Detecting Target Link Flooding Attacks

Lei Xue, Xiaobo Ma, Xiapu Luo, Edmond W.W. Chan, Tony T.N. Miu, Guofei Gu

Research output: Journal article publicationJournal articleAcademic researchpeer-review

19 Citations (Scopus)

Abstract

A new class of target link flooding attacks (LFAs) can cut off the Internet connections of a target area without being detected, because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usage, since they require either additional modules to enhance routers or using the software-defined network to replace the traditional routers. In this paper, we propose a novel framework that employs both the end-to-end and hop-by-hop network measurement techniques to capture the abnormal path performance degradation for detecting LFA and then locate the target links or areas whenever possible, and develop a prototype of the framework named LinkScope. Although using network measurement to capture network anomaly is not new, we tackle a number of challenging issues, such as conducting large-scale Internet path monitoring via non-cooperative measurement so that users do not need to install LinkScope on every host, profiling the performance of asymmetric Internet paths and detecting LFA. The extensive evaluation in a testbed and the Internet shows that with limited bandwidth and computational overhead, LinkScope can achieve timely detection and diagnosis of LFA with high detection rate and low false positive rate.

Original languageEnglish
Pages (from-to)2423-2438
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume13
Issue number10
DOIs
Publication statusPublished - Oct 2018

Keywords

  • intrusion detection
  • Link-flooding attack
  • network traffic analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this