Go to DBLP homepageSatShield: In-Network Mitigation of Link Flooding Attacks for LEO Constellation Networks
Abstract: Low Earth orbit (LEO) satellite networks provide global connectivity but are vulnerable to security threats, such as link flooding attacks (LFAs). To defend against such attacks, state-of-the-art approaches employ SDN to acquire a global view of the network, enabling the detection and mitigation of malicious traffic. However, in the LEO constellation networks, the distributed nature of satellites across a large spatial scale introduces significant latency in both the satellite-to-ground and intersatellite links, with latency reaching up to tens of milliseconds, while attack traffic dynamically adapts within submilliseconds. As a result, the existing defense systems face challenges in countering these attacks effectively due to the increased reaction time caused by link latency. In this article, we leverage programmable switches to build a real-time defense system against LFAs in the LEO constellation networks. To achieve this, we analyse the practical constraints encountered in the deployment of LFA attacks against the state-of-the-art LEO satellite systems. We observe that despite the ability of bots to initiate attack traffic from any location worldwide, an anomalous distribution of flow rate on the affected links can still be detected. We propose SatShield, an in-network defense system that filters out suspicious traffic (heavy flows) in the network and mitigates these threats by leveraging programmable packet scheduling. By using SatShield, we are able to achieve real-time identification and rate-limiting of attacks at the line rate on a per-packet basis. We implement SatShield with P4 in a commercial programmable switch and evaluate it with real-world traffic traces. Our evaluation shows that the SatShield autonomously identifies LFA attack flows and rapidly mitigates LFA attacks.
Loading