TY - GEN
T1 - Towards detecting target link flooding attack
AU - Xue, Lei
AU - Luo, Xiapu
AU - Chan, Edmond W.W.
AU - Zhan, Xian
N1 - Funding Information:
We thank the reviewers for their comments and suggestions and Paul Krizak, in particular, for shepherding our paper. This work is supported in part by the CCFTencent Open Research Fund, the Hong Kong GRF (No. PolyU 5389/13E), the National Natural Science Foundation of China (No. 61202396,60903185), and the Open Fund of Key Lab of Digital Signal and Image Processing of Guangdong Province.
Publisher Copyright:
© LISA 2014.All right reserved.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2014
Y1 - 2014
N2 - A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then correlate the performance data and traceroute data to infer the target links or areas. Although the idea is simple, we tackle a number of challenging issues, such as conducting large-scale Internet measurement through noncooperative measurement, assessing the performance on asymmetric Internet paths, and detecting LFA. We have implemented LinkScope with 7174 lines of C codes and the extensive evaluation in a testbed and the Internet show that LinkScope can quickly detect LFA with high accuracy and low false positive rate.
AB - A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then correlate the performance data and traceroute data to infer the target links or areas. Although the idea is simple, we tackle a number of challenging issues, such as conducting large-scale Internet measurement through noncooperative measurement, assessing the performance on asymmetric Internet paths, and detecting LFA. We have implemented LinkScope with 7174 lines of C codes and the extensive evaluation in a testbed and the Internet show that LinkScope can quickly detect LFA with high accuracy and low false positive rate.
KW - Network Security
KW - Noncooperative Internet Measurement
KW - Target Link Flooding Attack
UR - http://www.scopus.com/inward/record.url?scp=85095449681&partnerID=8YFLogxK
M3 - Conference article published in proceeding or book
AN - SCOPUS:85095449681
T3 - 28th Large Installation System Administration Conference, LISA 2014
SP - 81
EP - 96
BT - 28th Large Installation System Administration Conference, LISA 2014
PB - USENIX Association
T2 - 28th Large Installation System Administration Conference, LISA 2014
Y2 - 9 November 2014 through 14 November 2014
ER -