What problem does this paper attempt to address?

### Problems the paper attempts to solve The problem that this paper attempts to solve is how to enhance the effectiveness of Distributed Denial - of - Service (DDoS) attacks by using control - plane traffic engineering techniques in BGP (Border Gateway Protocol). Specifically, the paper introduces a new attack method named Maestro, which can concentrate DDoS traffic originating from botnets onto specific transport links, thereby improving the effectiveness of the attack. ### Background and motivation 1. **Distributed Denial - of - Service (DDoS) attacks**: - DDoS attacks usually send traffic from multiple different Internet sources to overwhelm the capacity of the target link or end - host. - Although academia and the economic community have invested a large amount of resources in mitigating DDoS attacks, these attacks still occur frequently, and as the Internet expands to new devices and services, the intensity of the attacks is increasing. 2. **Link Flooding Attack (LFA)**: - LFA is a type of DDoS attack against infrastructure links. This attack requires the existence of a set of destinations such that botnet traffic will pass through the target link when passing through these destinations. - However, due to the limitations of Internet routing, most links are not easily affected by large - scale botnet traffic, especially core links. 3. **BGP Poisoning**: - BGP poisoning is a traffic engineering technique that can change the inbound path of a remote network by publishing more specific prefix routes. - This technique allows an attacker to manipulate the path selection of a remote network, thereby directing traffic to a specific target link. ### Main features of the Maestro attack 1. **Attack principle**: - The attacker needs to control a botnet and a BGP speaker (i.e., an edge router of an Autonomous System AS). - By publishing poisoned prefix routes, the attacker can concentrate botnet traffic onto a specific target link, thereby achieving a DDoS attack on the target link. 2. **Attack steps**: - **Select the target link**: Determine the link to be attacked. - **Publish poisoned advertisements**: Through BGP poisoning technology, publish poisoned routes containing specific ASs, so that the traffic paths of these ASs pass through the target link. - **Concentrate traffic**: Guide the traffic of the botnet to the target link to form high - density malicious traffic. 3. **Algorithm**: - The paper proposes a greedy algorithm for determining which ASs should be poisoned to maximize the inbound botnet traffic on the target link. - This algorithm gradually constructs a poisoned set by iteratively selecting ASs with the highest vertex betweenness for poisoning. ### Experimental results 1. **Evaluating the effectiveness of the attack**: - Through simulation experiments, the paper shows that the Maestro attack can significantly increase the traffic density on the target link and can even expose links that were originally not affected by botnets to the attack. - For example, for a large - scale botnet (such as Mirai), the Maestro attack can increase the traffic density of DDoS attacks by more than 30%, which is equivalent to adding more than 1 million infected hosts. 2. **Defense measures**: - The paper also explores the defense measures that network operators can take to protect their links from the influence of the Maestro attack. - Through simulation experiments, the effectiveness of different defense measures is evaluated, and practical operation suggestions are provided. ### Conclusion This paper, by introducing the Maestro attack, shows how to use BGP poisoning technology to enhance the effectiveness of DDoS attacks, especially attacks against core links. At the same time, the paper also provides effective defense strategies for network operators to deal with this new type of attack.