STOP: A Service Oriented Internet Purification Against Link Flooding Attacks

Abstract

Internet purification is a necessary technique to defend against Distributed Denial-of-Service (DDoS) attack. It can help Internet Service Provider (ISP) to completely and precisely scrub attack traffic through establishing the sender-receiver pair based filtering rules in networks. However, when faced with the Link Flooding Attacks (LFA), a new kind of DDoS, existing relevant schemes suffer the drawbacks, including the weak willingness of defense cooperation between Autonomous Systems (ASes), lower filtering efficiency and poor robustness. For this, we propose STOP, a service-oriented Internet purification technique designed to defend against LFA. In STOP, malicious traffic filtering is viewed as a value-added service and each filter contributor (i.e., AS) can get some benefit from it. This helps ASes to strengthen the willing of defense cooperation. Moreover, we devise a filter recommendation algorithm to maximize the filtering efficiency, with minimum service cost and bandwidth damages. Furthermore, in the face of the strategic threats that aim to paralyze or bypass STOP, we devise relevant defense techniques to make it more robust. Through rigorous mathematical analysis and extensive experiments based on real-world topology, we demonstrate that compared with prior work, STOP increases the filtering efficiency by 12%.