A Novel Framework for Modeling and Mitigating Distributed Link Flooding Attacks

TL;DR

This paper introduces a new analytical framework for detecting and mitigating distributed link-flooding attacks by modeling attacker-target associations and dynamically rerouting traffic to expose malicious sources without disrupting normal traffic.

Contribution

It presents a novel framework combining relational algebra modeling with online Traffic Engineering to detect and mitigate distributed link-flooding attacks effectively.

Findings

Framework successfully detects malicious bots in simulations

Traffic rerouting reduces attack effectiveness without harming normal traffic

Analytical model accurately predicts attack mitigation outcomes

Abstract

Distributed link-flooding attacks constitute a new class of attacks with the potential to segment large areas of the Internet. Their distributed nature makes detection and mitigation very hard. This work proposes a novel framework for the analytical modeling and optimal mitigation of such attacks. The detection is modeled as a problem of relational algebra, representing the association of potential attackers (bots) to potential targets. The analysis seeks to optimally dissolve all but the malevolent associations. The framework is implemented at the level of online Traffic Engineering (TE), which is naturally triggered on link-flooding events. The key idea is to continuously re-route traffic in a manner that makes persistent participation to link-flooding events highly improbable for any benign source. Thus, bots are forced to adopt a suspicious behavior to remain effective, revealing their presence. The load-balancing objective of TE is not affected at all. Extensive simulations on various topologies validate our analytical findings.