مشخصات مقاله | |
ترجمه عنوان مقاله | Woodpecker: تشخیص و کاهش حملات link-flooding از طریق شبکه نرم افزار محور |
عنوان انگلیسی مقاله | Woodpecker: Detecting and mitigating link-flooding attacks via SDN |
انتشار | مقاله سال 2018 |
تعداد صفحات مقاله انگلیسی | 17 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه الزویر |
نوع نگارش مقاله |
مقاله پژوهشی (Research Article) |
مقاله بیس | این مقاله بیس میباشد |
نمایه (index) | Scopus – Master Journal List – JCR |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
3.092 در سال 2017 |
شاخص H_index | 113 در سال 2019 |
شاخص SJR | 0.5 در سال 2019 |
شناسه ISSN | 1389-1286 |
شاخص Quartile (چارک) | Q2 در سال 2019 |
رشته های مرتبط | مهندسی کامپیوتر، فناوری اطلاعات |
گرایش های مرتبط | امنیت اطلاعات، شبکه های کامپیوتری |
نوع ارائه مقاله |
ژورنال |
مجله | شبکه های کامپیوتری – Computer Networks |
دانشگاه | Graduate School at Shenzhen – Tsinghua University – Shenzhen – China |
کلمات کلیدی | حمله Link-flooding، شبکه های تعریف شده توسط نرم افزار، DDoS |
کلمات کلیدی انگلیسی | Link-flooding Attack، DDoS، Software-Defined Networking |
شناسه دیجیتال – doi |
https://doi.org/10.1016/j.comnet.2018.09.021 |
کد محصول | E10652 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Abstract
1- Introduction 2- Related work 3- Threat model 4- Woodpecker design overview 5- Optimal upgrade nodes selection policy 6- Congestion location and attack detection 7- LFA defense measures 8- Evaluation 9- Conclusion and future work References |
بخشی از متن مقاله: |
Abstract Link-flooding attack (LFA), as a new type of DDoS attack, can degrade or even cut off network connectivity of a target area. This attack employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be distinguished by traditional defense technologies. In our scheme, we first select M routers and upgrade them into SDN switches to maximize the network connectivity. Then, we propose a proactive probe approach to rapidly locate the congested links. Next, our scheme employs a global judgment algorithm to determine whether the network is under LFA or not. Finally, Woodpecker employs the core defense measure that based on the centralized traffic engineering to make the traffic balanced and eliminate the routing bottlenecks that are likely to be utilized by the adversary. We evaluate our scheme through comprehensive experiments. The results show that the bandwidth utilization of LFA-attacked links can be reduced by around 50% and that the average packet loss rate and jitter can be effectively decreased under LFA attacks. Introduction Recently, distributed denial of service (DDoS) attacks are the biggest threat to the availability of networks, applications and cloud services. The adversary generally ex5 plores resource asymmetry between the bots and victim servers, and abuses vulnerabilities of many network protocols to launch DDoS attacks [1, 2]. Many effective approaches have been proposed to detect and defend against the DDoS attacks, including Pushback [3], Ingress filter 10 [4], PacketScore [5] and so forth. These methods all need to identify malicious traffic in advance, but this operation is very difficult for link-flooding attack (LFA) — a new type of DDoS attack. Different from the traditional DDoS attacks, LFA floods 15 a well-chosen group of links to cut off the network connections of a target area, instead of attacking the target servers directly. To this end, the adversary first detects the paths from bots to the public servers and constructs a link map accordingly. Then, the adversary floods the 20 selected links by employing a large number of bots to send legitimate, low-density flows to the certain public servers. In this way, these congested links will severely degrade or even cut off the network connections of the target area. We show a simple example of LFA in Figure 1. 25 Over the last few years, LFA has quickly moved from the realm of academic curiosity [6, 7] to real-world incidents. We have already witnessed the real-life demonstration of LFA in the core of the Internet [8, 9]. The target areas of these attacks include internet exchange points, enterprises 30 and campus. Worth still, such an attack may be more frequent and massive due to inability to resist in reality. LFA typically has two remarkable characteristics. Undetectablity: The target area is not directly attacked. Thus the servers in the target area cannot perceive any 35 suspicious traffic. Indistinguishability: The adversary usually employs legitimate, low-rate flows with real IP addresses. Consequently, it is difficult to distinguish malicious flows from legitimate ones. |