2 research outputs found
Active Link Obfuscation to Thwart Link-flooding Attacks for Internet of Things
The DDoS attack is a serious threat to the Internet of Things (IoT). As a new
class of DDoS attacks, Link-flooding attack (LFA) disrupts connectivity between
legitimate IoT devices and target servers by flooding only a small number of
links. Several mechanisms have been proposed to mitigate the sophisticated
attack. However, they can only reactively mitigate LFA after target links have
been flooded by the adversaries. In this paper, we propose an active LFA
mitigation mechanism, called Linkbait, that is a proactive and preventive
defense to throttle LFA for IoT. The fact behind Linkbait is that adversaries
rely on the set of key links impacting the network connectivity (i.e.,linkmap)
to identify target links. Linkbait mitigates the attacks by interfering with
linkmap discovery and providing a fake linkmap to adversaries. Inspired by
moving target defense (MTD), we propose a link obfuscation algorithm in
Linkbait that selectively reroutes probing flows to hide target links from
adversaries and mislead them to identify bait links as target links. By
providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA
for IoT even without identifying compromised IoT devices while not affecting
flows from legitimate IoT devices. To block attack traffic and further reduce
the impact in IoT, we propose a compromised IoT devices detection algorithm
that extracts unique traffic patterns of LFA for IoT and leverages support
vector machine (SVM) to identify attack traffic. We evaluate the performance of
Linkbait by using both real-world experiments and large-scale simulations. The
experimental results demonstrate the effectiveness of Linkbait
Strategic Defense against Stealthy Link Flooding Attacks: A Signaling Game Approach
With the increasing diversity of Distributed Denial-of-Service (DDoS)
attacks, it is becoming extremely challenging to design a fully protected
network. For instance, Stealthy Link Flooding Attack (SLFA) is a variant of
DDoS attacks that strives to block access to a target area by flooding a small
set of links, and it is shown that it can bypass traditional DDoS defense
mechanisms. One potential solution to tackle such SLFAs is to apply Moving
Target Defense (MTD) techniques in which network settings are dynamically
changed to confuse/deceive attackers, thus making it highly expensive to launch
a successful attack. However, since MTD comes with some overhead to the
network, to find the best strategy (i.e., when and/or to what extent) of
applying it has been a major challenge. The strategy is significantly
influenced by the attacker's behavior that is often difficult to guess. In this
work, we address the challenge of obtaining the optimal MTD strategy that
effectively mitigates SLFAs while incurs a minimal overhead. We design the
problem as a signaling game considering the network defender and the attacker
as players. A belief function is established throughout the engagement of the
attacker and the defender during this SLFA campaign, which is utilized to pick
the best response/action for each player. We analyze the game model and derive
a defense mechanism based on the equilibria of the game. We evaluate the
technique on a Mininet-based network environment where an attacker is
performing SLFAs and a defender applies MTD based on equilibria of the game.
The results show that our signaling game-based dynamic defense mechanism can
provide a similar level of protection against SLFAs like the extensive MTD
solution, however, causing a significantly reduced overhead