Towards detecting target link flooding attack

Lei Xue, Xiapu Luo, Edmond W.W. Chan, Xian Zhan

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

25 Citations (Scopus)

Abstract

A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then correlate the performance data and traceroute data to infer the target links or areas. Although the idea is simple, we tackle a number of challenging issues, such as conducting large-scale Internet measurement through noncooperative measurement, assessing the performance on asymmetric Internet paths, and detecting LFA. We have implemented LinkScope with 7174 lines of C codes and the extensive evaluation in a testbed and the Internet show that LinkScope can quickly detect LFA with high accuracy and low false positive rate.

Original languageEnglish
Title of host publication28th Large Installation System Administration Conference, LISA 2014
PublisherUSENIX Association
Pages81-96
Number of pages16
ISBN (Electronic)9781931971171
Publication statusPublished - 2014
Event28th Large Installation System Administration Conference, LISA 2014 - Seattle, United States
Duration: 9 Nov 201414 Nov 2014

Publication series

Name28th Large Installation System Administration Conference, LISA 2014

Conference

Conference28th Large Installation System Administration Conference, LISA 2014
Country/TerritoryUnited States
CitySeattle
Period9/11/1414/11/14

Keywords

  • Network Security
  • Noncooperative Internet Measurement
  • Target Link Flooding Attack

ASJC Scopus subject areas

  • Management of Technology and Innovation
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Towards detecting target link flooding attack'. Together they form a unique fingerprint.

Cite this