دانلود رایگان مقاله انگلیسی Woodpecker: تشخیص و کاهش حملات link-flooding از طریق شبکه نرم افزار محور - الزویر 2018

عنوان فارسی
Woodpecker: تشخیص و کاهش حملات link-flooding از طریق شبکه نرم افزار محور
عنوان انگلیسی
Woodpecker: Detecting and mitigating link-flooding attacks via SDN
صفحات مقاله فارسی
0
صفحات مقاله انگلیسی
17
سال انتشار
2018
نشریه
الزویر - Elsevier
فرمت مقاله انگلیسی
PDF
نوع مقاله
ISI
نوع نگارش
مقالات پژوهشی (تحقیقاتی)
رفرنس
دارد
پایگاه
اسکوپوس
کد محصول
E10652
رشته های مرتبط با این مقاله
مهندسی کامپیوتر، فناوری اطلاعات
گرایش های مرتبط با این مقاله
امنیت اطلاعات، شبکه های کامپیوتری
مجله
شبکه های کامپیوتری - Computer Networks
دانشگاه
Graduate School at Shenzhen - Tsinghua University - Shenzhen - China
کلمات کلیدی
حمله Link-flooding، شبکه های تعریف شده توسط نرم افزار، DDoS
doi یا شناسه دیجیتال
https://doi.org/10.1016/j.comnet.2018.09.021
۰.۰ (بدون امتیاز)
امتیاز دهید
چکیده

Abstract


Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks.

نتیجه گیری

Conclusion and Future Work


In this paper, we propose Woodpecker to mitigate a new kind of DDoS attack—LFA. This scheme uses a heuristic algorithm to select a group of switches to upgrade into 1040 SDN-enabled switches. With the help of global view and data plane triggers, Woodpecker can fast locate the congestion and determine whether LFA causes the congestion through the global congestion information. To mitigate the LFA, Woodpecker enforces global traffic engineering 1045 to eliminate the bottleneck links. We evaluate the effectiveness of our scheme with the real topologies and get inspiring results. In our future work, we will migrate Woodpecker to a hardware testbed with an industrial-level controller, and 1050 evaluate the suitability of our system in real life. Moreover, we will increase the versatility of the system to handle more types of DDoS attacks.


بدون دیدگاه