Mitigating LFA through segment rerouting in IoT environment with traceroute flow abnormality detection. (15th August 2020)
- Record Type:
- Journal Article
- Title:
- Mitigating LFA through segment rerouting in IoT environment with traceroute flow abnormality detection. (15th August 2020)
- Main Title:
- Mitigating LFA through segment rerouting in IoT environment with traceroute flow abnormality detection
- Authors:
- Xie, Lixia
Ding, Ying
Yang, Hongyu
Hu, Ze - Abstract:
- Abstract: The Internet of Things (IoT) provides tremendous smart devices that are always connected to and interacting with the Internet. However, the development of IoT also promotes the threat of network attacks due to the billions of IoT devices vulnerable to hackers. Link-flooding attack (LFA) is a new type of DDoS attack used to flood the crucial network links. In IoT environment, LFA can be more easily launched by large-scale low-rate legitimate data flows with quite a low cost and is difficult to detect. Target areas in an enterprise network can be easily isolated since the crucial links are unavailable. Software defined network (SDN) architecture provides new opportunities to address this network security problem with the separation of data plane and control plane. Recently, segment routing (SR), which is an evolution of source routing, has been viewed as a promising technique for flow rerouting and failure recovery. SR is a lightweight easy-deployed scheme known for its flexibility, scalability, and applicability. Therefore, in this paper, we try to mitigate LFA with segment rerouting within the SDN architecture. With the comprehensive network-wide view of the data flows and links, we first design a monitoring mechanism to detect LFA based on the availability of the crucial links and traceroute flows. We consider the traceroute packet flows as time series with white Gaussian noise. A machine-learning-based auto-regression scheme is proposed to detect the abnormalAbstract: The Internet of Things (IoT) provides tremendous smart devices that are always connected to and interacting with the Internet. However, the development of IoT also promotes the threat of network attacks due to the billions of IoT devices vulnerable to hackers. Link-flooding attack (LFA) is a new type of DDoS attack used to flood the crucial network links. In IoT environment, LFA can be more easily launched by large-scale low-rate legitimate data flows with quite a low cost and is difficult to detect. Target areas in an enterprise network can be easily isolated since the crucial links are unavailable. Software defined network (SDN) architecture provides new opportunities to address this network security problem with the separation of data plane and control plane. Recently, segment routing (SR), which is an evolution of source routing, has been viewed as a promising technique for flow rerouting and failure recovery. SR is a lightweight easy-deployed scheme known for its flexibility, scalability, and applicability. Therefore, in this paper, we try to mitigate LFA with segment rerouting within the SDN architecture. With the comprehensive network-wide view of the data flows and links, we first design a monitoring mechanism to detect LFA based on the availability of the crucial links and traceroute flows. We consider the traceroute packet flows as time series with white Gaussian noise. A machine-learning-based auto-regression scheme is proposed to detect the abnormal increase in traceroute packets which indicates the launch of LFA. Then we use segment routing to detour the congested flows and alleviate the burden on the crucial links. Finally. the LFA bots will be identified and the malicious traffic will be blocked. Sufficient evaluations demonstrate that our LFA defense can efficiently detect LFA and preserve the network services, while only introduce a little signaling overhead between the control and data plane. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 164(2020)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 164(2020)
- Issue Display:
- Volume 164, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 164
- Issue:
- 2020
- Issue Sort Value:
- 2020-0164-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-08-15
- Subjects:
- Machine learning -- Internet of things -- Link-flooding attack -- Segment rerouting -- Software-defined network -- Traceroute flow
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2020.102690 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13373.xml