ترجمه مقاله نقش ضروری ارتباطات 6G با چشم انداز صنعت 4.0
- مبلغ: ۸۶,۰۰۰ تومان
ترجمه مقاله پایداری توسعه شهری، تعدیل ساختار صنعتی و کارایی کاربری زمین
- مبلغ: ۹۱,۰۰۰ تومان
Abstract
Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks.
Conclusion and Future Work
In this paper, we propose Woodpecker to mitigate a new kind of DDoS attack—LFA. This scheme uses a heuristic algorithm to select a group of switches to upgrade into 1040 SDN-enabled switches. With the help of global view and data plane triggers, Woodpecker can fast locate the congestion and determine whether LFA causes the congestion through the global congestion information. To mitigate the LFA, Woodpecker enforces global traffic engineering 1045 to eliminate the bottleneck links. We evaluate the effectiveness of our scheme with the real topologies and get inspiring results. In our future work, we will migrate Woodpecker to a hardware testbed with an industrial-level controller, and 1050 evaluate the suitability of our system in real life. Moreover, we will increase the versatility of the system to handle more types of DDoS attacks.