Go to DBLP homepageLeading Attackers Astray: Mitigating Link Flooding Attacks through Stub Node Relocation and Insertion
Abstract: Link Flooding Attacks (LFA) exploit network topology knowledge to disrupt connectivity by targeting critical links and nodes. Existing defenses often presuppose an attacker with complete topological awareness and overlook the concentration of attack traffic on specific routers. Furthermore, many countermeasures rely on SDN, which can suffer from performance degradation due to the limited packet processing capabilities of switches. To address these issues, we introduce the GateLFA attacker model, which assumes that attackers lack complete topology knowledge and guide their attacks based on traffic density analysis. We propose the EqualFlow algorithm, which utilizes stub node relocation and insertion to minimize adversarial impact, balance attack traffic, and reduce defense costs. Additionally, we present the Network Topology Obfuscation System, leveraging XDP for high-speed packet processing at the network boundary to overcome the performance challenges of SDN-based solutions. Our experimental results demonstrate that EqualFlow computes high-quality virtual topologies, outperforming existing algorithms across small, medium, and large-scale networks. Moreover, the Network Topology Obfuscation System effectively disrupts prominent topology probing tools through explicit information interference at a 10 Gbps line rate. For implicit interference, the system increases the packet rate of typical traceroute probes by approximately 17% compared to traffic control methods. This research provides an efficient and practical solution for defending against LFA.
External IDs:dblp:conf/smc/WangLZSZF25
Loading