Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches

Huancheng Zhou, Sungmin Hong, Yangyang Liu, Xiapu Luo, Weichao Li, Guofei Gu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Link-flooding attacks (LFAs) can cut off the Internet connection to selected server targets and are hard to mitigate because adversaries use normal-looking and low-rate flows and can dynamically adjust the attack strategy. Traditional centralized defense systems cannot locally and efficiently suppress malicious traffic. Though emerging programmable switches offer an opportunity to bring defense systems closer to targeted links, their limited resource and lack of support for runtime reconfiguration limit their usage for link-flooding defenses. We present Mew, a resource-efficient and runtime adaptable link-flooding defense system. Mew can counter various LFAs even when a massive number of flows are concentrated on a link, or when the attack strategy changes quickly. We design a distributed storage mechanism and a lossless state migration mechanism to reduce the storage bottleneck of programmable networks. We develop cooperative defense APIs to support multi-grained co-detection and co-mitigation without excessive overhead. Mew's dynamic defense mechanism can constantly analyze network conditions and activate corresponding defenses without rebooting devices or interrupting other running functions. We develop a prototype of Mew by using real-world programmable switches, which are located in five cities. Our experiments show that the real-world prototype can defend against large-scale and dynamic LFAs effectively.
Original languageEnglish
Title of host publicationProceedings of the IEEE Symposium on Security and Privacy (S&P)
PublisherIEEE
Pages3178-3192
ISBN (Electronic)10.1109/SP46215.2023.00093
Publication statusPublished - May 2023
Event44th IEEE Symposium on Security and Privacy (S&P) - , United States
Duration: 22 May 202325 May 2023

Conference

Conference44th IEEE Symposium on Security and Privacy (S&P)
Country/TerritoryUnited States
Period22/05/2325/05/23

Fingerprint

Dive into the research topics of 'Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches'. Together they form a unique fingerprint.

Cite this