Abstract
A new class of target link flooding attacks (LFAs) can cut off the Internet connections of a target area without being detected, because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usage, since they require either additional modules to enhance routers or using the software-defined network to replace the traditional routers. In this paper, we propose a novel framework that employs both the end-to-end and hop-by-hop network measurement techniques to capture the abnormal path performance degradation for detecting LFA and then locate the target links or areas whenever possible, and develop a prototype of the framework named LinkScope . Although using network measurement to capture network anomaly is not new, we tackle a number of challenging issues, such as conducting large-scale Internet path monitoring via non-cooperative measurement so that users do not need to install LinkScope on every host, profiling the performance of asymmetric Internet paths and detecting LFA. The extensive evaluation in a testbed and the Internet shows that with limited bandwidth and computational overhead, LinkScope can achieve timely detection and diagnosis of LFA with high detection rate and low false positive rate.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Information Forensics and Security
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
