Abstract

Link flooding attack (LFA) is an attack based on network topology information. It has been one of the major threats to the Internet due to its low cost and high concealability feature. Existing active defenses against LFA either rely on additional methods to detect malicious traffic or lower the usefulness of network diagnostic tools for benign purpose. In this paper, a lightweight, low-loss network topology obfuscation scheme is proposed. We have designed a set of efficient algorithms that can calculate a secure virtual topology for a large topology of hundreds of nodes in a few seconds, hiding important links in the network while luring attackers to preset honey links. Then, we control different nodes to respond to the probe packets in accordance with the virtual topology. There is no need to reroute flows or add additional header information in the forwarding process, so we can capture and modify the packets at the line-rate. We implemented the prototype of NetObfu in the SDN environment, and evaluated it through a large scale of experiments with different real topologies. The results confirmed the effectiveness and efficiency of our solution.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Mitigating LFA through segment rerouting in IoT environment with traceroute flow abnormality detection
Lixia Xie ... Ze Hu
Journal of Network and Computer Applications | VOL. 164
Lixia Xie, et. al.Lixia Xie ... Ze Hu
07 May 2020
Mitigating Link-Flooding Attack with Segment Rerouting in SDN
Lixia Xie ... Ying Ding
-
Lixia Xie, et. al.Lixia Xie ... Ying Ding
01 Jan 2019
RELIABLE COMMUNICATION ON EMULATED CHANNELS RESILIENT TO TRANSIENT FAULTS
Yukiko Yamauchi ... Doina Bein
International Journal of Foundations of Computer Science | VOL. 22
Yukiko Yamauchi, et. al.Yukiko Yamauchi ... Doina Bein
01 Aug 2011
Reliable Communication on Emulated Channels Resilient to Transient Faults
Doina Bein ... Yukiko Yamauchi
-
Doina Bein, et. al.Doina Bein ... Yukiko Yamauchi
01 Dec 2009
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Navigating Challenging Terrain Surrounding DoD Response to Homeland Attacks on Critical Infrastructure: Case Studies of Prior Incidents Utilizing an Extended Taxonomy of Cyber Harms
Louis Nolan ... Deanna House
Computers & Security | VOL. -
Louis Nolan, et. al.Louis Nolan ... Deanna House
01 Nov 2024
Covert timing channel detection based on isolated binary trees
Yuwei Lin ... Xiaolong Zhuang
Computers & Security | VOL. -
Yuwei Lin, et. al.Yuwei Lin ... Xiaolong Zhuang
01 Nov 2024
RanSMAP: Open dataset of Ransomware Storage and Memory Access Patterns for creating deep learning based ransomware detectors
Manabu Hirano ... Ryotaro Kobayashi
Computers & Security | VOL. -
Manabu Hirano, et. al.Manabu Hirano ... Ryotaro Kobayashi
01 Nov 2024
Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks
Shifa Shoukat ... Muhammad Adil
Computers & Security | VOL. -
Shifa Shoukat, et. al.Shifa Shoukat ... Muhammad Adil
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.