Wanqin Cao,Yunhui Huang,Dezheng Li,Feng Yang,Xiaofeng Jiang,Jian Yang

DOI: https://doi.org/10.1109/imcec51613.2021.9482363

2021-01-01

Abstract:Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.

Junchi Xing,Jingling Cai,Boyang Zhou,Chunming Wu

DOI: https://doi.org/10.1109/iscc47284.2019.8969595

2019-01-01

Abstract:Recently, link flooding attacks (LFA) have been observed as a serious threat for cutting off the Internet connectivity through congesting critical links. A LFA typically utilizes legitimate and low-rate flows, which makes it extremely hard to be detected and, subsequently, to be mitigated. In this paper, we present LF-Shield, that is a deep convolutional neural network (ConvNet) based countermeasure to accurately detect and efficiently mitigate LFAs using software-defined network (SDN) paradigm. LF-Shield can identify malicious bots that launch LFA flows by extracting end-hosts' traffic features and afterwards, classifying the type of end-hosts based on deep ConvNet. Then, LF-Shield mitigates LFAs without affecting legitimate end-hosts through blocking the classified malicious bots and limiting the bandwidths of inactive or newly-accessed end-hosts. A LF-Shield prototype is implemented for evaluating its performance by several experiments. The experimental results demonstrate that LF-Shield can identify malicious bots with an accuracy of 96.4% and mitigate LFAs with the 93.1% reduction in link degradation ratio, with negligible impact on legitimate end-hosts.

Chang Xu,Guoxie Jin,Rongxing Lu,Liehuang Zhu,Xiaodong Shen,Yunguo Guan,Kashif Sharif

DOI: https://doi.org/10.1109/tsc.2024.3453764

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:The rapid development of blockchain technology has led to a constant increase in its financial and technological value. However, this has also led to malicious attacks. Distributed denial-of-service attacks pose a considerable threat to blockchain technology out of many attacks due to its effectiveness and distributed nature. To protect the blockchain from DDoS attacks, researchers have proposed a large number of defensive schemes. However, these schemes are not well-suited for use in practical situations. In this work, we propose a DDoS attack detection scheme based on centralized federated learning, where multiple participating nodes locally train models and upload them to a central node for aggregation. Additionally, we propose a more suitable method for blockchain scenarios, using decentralized federated learning technology, where multiple nodes exchange models in a peer-to-peer manner to complete model training without a central server. We simulate DDoS attacks in blockchain and generate a large dataset by combining it with traditional network layer DDoS attack data to evaluate the effectiveness of our schemes. The experimental results show that the proposed schemes perform well in classification accuracy, demonstrating that our techniques can detect DDoS attacks effectively.

computer science, information systems, software engineering

Tong Liu,Fariza Sabrina,Julian Jang-Jaccard,Wen Xu,Yuanyuan Wei

DOI: https://doi.org/10.3390/s22010032

2021-12-22

Abstract:A smart public transport system is expected to be an integral part of our human lives to improve our mobility and reduce the effect of our carbon footprint. The safety and ongoing maintenance of the smart public transport system from cyberattacks are vitally important. To provide more comprehensive protection against potential cyberattacks, we propose a novel approach that combines blockchain technology and a deep learning method that can better protect the smart public transport system. By the creation of signed and verified blockchain blocks and chaining of hashed blocks, the blockchain in our proposal can withstand unauthorized integrity attack that tries to forge sensitive transport maintenance data and transactions associated with it. A hybrid deep learning-based method, which combines autoencoder (AE) and multi-layer perceptron (MLP), in our proposal can effectively detect distributed denial of service (DDoS) attempts that can halt or block the urgent and critical exchange of transport maintenance data across the stakeholders. The experimental results of the hybrid deep learning evaluated on three different datasets (i.e., CICDDoS2019, CIC-IDS2017, and BoT-IoT) show that our deep learning model is effective to detect a wide range of DDoS attacks achieving more than 95% F1-score across all three datasets in average. The comparison of our approach with other similar methods confirms that our approach covers a more comprehensive range of security properties for the smart public transport system.

Siyu Cheng,Dong Jin,Yuanyi Ma,Shuangwu Chen,Huasen He,Jian Yang

DOI: https://doi.org/10.1109/tnse.2024.3393513

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Link Flooding Attack (LFA) is a new genre of DDoS attacks that aims to isolate the target area by paralyzing the critical links. To defend against LFA, we propose a novel LFA detection and mitigation system named LinkGuard using SDN. The changes in link state generally follow certain spatio-temporal patterns, whereas LFA is usually an unexpected or abrupt action that may break the normal traffic pattern. Based on this idea, we conceive an LFA detection method using an attention-based spatio-temporal graph convolutional network, which can infer the abnormal performance degradation induced by LFA. However, it is hard to get enough attack data for model training in reality. To tackle this difficulty, we propose an extreme value theory based model to estimate the probability that the performance degradation is caused by an extreme LFA event. In this way, the detection model can work without any prior knowledge of LFA. We further propose a mitigation method based on traffic rerouting and filtering to purify the LFA. We construct a test bed using a cluster of virtual machines and real network traffic to evaluate the performance. Extensive experiments demonstrate that LinkGuard can accurately detect LFA attacks and can effectively relieve the performance degradation caused by LFA.

Wei Guo,Jin Xu,Yukui Pei,Liuguo Yin,Chunxiao Jiang

DOI: https://doi.org/10.1109/ICCWorkshops50388.2021.9473586

2021-01-01

Abstract:DDoS attacks have plagued the Internet for more than 20 years, and it is becoming even violent with the development of IoT. Therefore, it is an essential defense method to trace back DDoS sources. Traditional IP traceback methods have different limitations in a large storage space, increasing marking cost, and low credibility. To solve these problems, a lightweight DDoS attack blockchain-based tracing scheme (LDBT) is proposed, which can deny malicious traffic access to the LAN. First, to avoid secondary DDoS attacks caused by excessive recording information, a digest method is presented and installed on all routers in the LAN. It is used to transfer a huge number of packets to a fixed format, which can keep the scheme lightweight regardless of whether DDoS occurs or not. Second, we present a trusted fuzzy tracing method that searches for DDoS sources efficiently. Under the proposed scheme, the digest data are reliable owing to the decentralization and immutability of the blockchain platform. It also overcomes the problem that edge routers cannot provide precise detection information because the digest is only used to track. Experimental results show that the scheme searches the sources of malicious traffic with high accuracy, and the communication overhead constantly remains at a low level of 80 KB/s. Furthermore, the tracing time of our scheme increases linearly instead of an exponential growth by the hop count.

Jieren Cheng,Xinzhi Yao,Hui Li,Hao Lu,Naixue Xiong,Ping Luo,Le Liu,Hao Guo,Wen Feng

DOI: https://doi.org/10.32604/csse.2022.025668

IF: 4.397

2022-01-01

Computer Systems Science and Engineering

Abstract:Distributed Denial of Service (DDoS) attacks is always one of the major problems for service providers. Using blockchain to detect DDoS attacks is one of the current popular methods. However, the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks. This paper proposes a blockchain-based collaborative detection method for DDoS attacks. First, the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions (SGX), which provides high security for uploading the DDoS attack detection model to the blockchain. Secondly, the service provider uploads the encrypted model to Inter Planetary File System (IPFS) and then a corresponding Content-ID (CID) is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain. In addition, due to the small amount of model data, the time cost of uploading the DDoS attack detection model is greatly reduced. Finally, through the blockchain and smart contracts, the CID is distributed to other service providers, who can use the CID to download the corresponding DDoS attack detection model from IPFS. Blockchain provides a decentralized, trusted and tamper-proof environment for service providers. Besides, smart contracts and IPFS greatly improve the distribution efficiency of the model, while the distribution of CID greatly improves the efficiency of the transmission on the blockchain. In this way, the purpose of collaborative detection can be achieved, and the time cost of transmission on blockchain and IPFS can be considerably saved. We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain, and use IPFS to greatly reduce the cost of the distribution model. In the experiment, compared with most blockchain-based method for DDoS attack detection, the proposed model using blockchain distribution shows the advantages of low cost and latency. The remote authentication mechanism of Intel SGX provides high security and integrity, and ensures the availability of distributed models.

computer science, theory & methods, hardware & architecture

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Zhiqi Feng,Yongli Li,Xiaochen Ma

DOI: https://doi.org/10.1186/s40854-023-00490-6

IF: 6.793

2023-01-01

Financial Innovation

Abstract:With the high-speed development of decentralized applications, account-based blockchain platforms have become a hotbed of various financial scams and hacks due to their anonymity and high financial value. Financial security has become a top priority with the sustainable development of blockchain-based platforms because of an increasing number of cyber attacks, which have resulted in a huge loss of crypto assets in recent years. Therefore, it is imperative to study the real-time detection of cyber attacks to facilitate effective supervision and regulation. To this end, this paper proposes the weighted and extended isolation forest algorithms and designs a novel framework for the real-time detection of cyber-attack transactions by thoroughly studying and summarizing real-world examples. Furthermore, this study develops a new detection approach for locating the compromised address of a cyber attack to resolve the data scarcity of hack addresses and reduce time consumption. Moreover, three experiments are carried out not only to apply on different types of cyber attacks but also to compare the proposed approach with the widely used existing methods. The results demonstrate the high efficiency and generality of the proposed approach. Finally, the lower time consumption and robustness of our method were validated through additional experiments. In conclusion, the proposed blockchain-oriented approach in this study can handle real-time detection of cyber attacks and has significant scope for applications.

Qian Wang,Feng Xiao,Man Zhou,Zhibo Wang,Qi Li,Zhetao Li

2017-01-01

Abstract:Link-flooding attack (LFA) has emerged as a serious threat to Internet which cuts off connections between legitimate hosts and targeted servers by flooding only a few links (e.g., target links). Several mechanisms have been proposed to mitigate LFA, however, they can only mitigate LFA after target links have been compromised by adversaries. Based on the fact that adversaries rely on network linkmap to discover weakness of the network, in this paper, we propose an active LFA mitigation mechanism, called Linkbait, that actively and preventively mitigates LFA by providing a fake linkmap to adversaries. Inspired by Moving Target Defense (MTD), we propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to consider some bait links as target links. By providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA even without identifying bots and does not affect flows from legitimate hosts. In order to further reduce the junk traffic generated by adversaries from entering the network, we propose a bot detection algorithm in Linkbait that extracts unique traffic patterns from LFA and leverages Support Vector Machine to accurately distinguish bots from legitimate hosts. Finally, we evaluate the feasibility of implementing Linkbait in real Internet, and evaluate its performance by using both a real-world testbed and large-scale simulations. The analyses and experiments results demonstrate the effectiveness of Linkbait.

Hancun Sun,Xu Chen,Yantian Luo,Wei Feng,Yunfei Chen,Ning Ge

DOI: https://doi.org/10.1109/icct59356.2023.10419782

2023-01-01

Abstract:Link flooding attack (LFA) is a kind of stealthy distributed denial of service (DDoS) attack that has been commonly exploited by attackers to disconnect victims from the Internet by congesting critical links on the paths. With the development of 5G, a massive number of insecure Internet of Things (IoT) devices have been connected to the network, which significantly increases the risk of LFA. Detecting and mitigating LFA is difficult since malicious traffic is of low speed and protocol confirming from legitimate traffic. Traditional LFA detection methods face the challenge of high complexity. Due to the numerous attack sources of LFA, the mainstream traffic engineering-based mitigation methods introduce high signaling communication costs. To over-come these challenges, we propose a novel LFA defense system in software defined networking (SDN) architecture that consists of a distributed relative entropy-based LFA detection method and an optimized rerouting method for LFA mitigation. This framework is lightweight to implement. It can not only reduce the communication overhead of signaling transmission in mitigation, but also avoid the cascading congestion of other links after rerouting. We verify our detection and mitigation method in an experimental testbed. Numerical results show that our method can detect and mitigate LFAs effectively with low cost.

Qian Wang,Feng Xiao,Man Zhou,Zhibo Wang,Hongyu Ding

2017-01-01

Abstract:Link-flooding attack (LFA) has emerged as a serious threat to Internet which cuts off connections between legitimate hosts and targeted servers by flooding only a few links (e.g., target links). Several mechanisms have been proposed to mitigate LFA, however, they can only mitigate LFA passively after target links have been compromised by adversaries. Based on the fact that adversaries rely on network linkmap to launch LFA, in this paper, we propose an active LFA mitigation mechanism, called Linkbait, that actively mitigates LFA by providing a fake linkmap to adversaries. Inspired by Moving Target Defense (MTD), we propose a link obfuscation algorithm in Linkbait that selectively reroutes detecting flows to hide target links from adversaries and mislead them to consider some bait links as target links. By providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA even without identifying bots and does not affect flows from legitimate hosts. In order to further reduce the junk traffic generated by adversaries from entering the network, we propose a bot detection algorithm in Linkbait that extracts unique traffic patterns from LFA and leverages Support Vector Machine to accurately distinguish bots from legitimate hosts. Finally, we evaluate the feasibility of implementing Linkbait in real Internet, and evaluate its performance by using both a real-world testbed and large-scale simulations. The analyses and experiments results demonstrate the effectiveness of Linkbait.

Pooja Kumari,Ankit Kumar Jain,Arpit Seth,Raghav

DOI: https://doi.org/10.1007/s11042-024-18842-4

IF: 2.577

2024-03-21

Multimedia Tools and Applications

Abstract:The paper presents an approach for detecting Distributed Denial of Service (DDoS) attacks using machine learning and blockchain technology. With the increasing complexity and frequency of DDoS attacks, network security faces significant challenges. The proposed approach aims to detect DDoS attacks in a real-time environment by applying machine learning algorithms and storing false IP addresses in a blockchain ledger. The decentralized nature of the blockchain network makes it extremely difficult for attackers to tamper with the stored information. By utilizing blockchain to store blacklisted IP addresses and their timestamps, the approach ensures the integrity and correctness of the data. The performance of the proposed approach is evaluated on a combination of CSE-CIC-IDS2018-AWS, CICIDS2017, and CICDoS2016 datasets, demonstrating its effectiveness. The Random Forest model outperforms other models by achieving 99.34% accuracy, indicating that the proposed method accurately identifies DDoS attacks in real-time and securely stores the false IP addresses in a transparent blockchain ledger.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chenxi Li,Jiahai Yang,Ziyu Wang,Fuliang Li,Yang Yang

DOI: https://doi.org/10.1109/GLOCOM.2015.7417159

2015-01-01

Abstract:DDoS flooding attack is one of the top threats to the Internet. However, due to the fast development of the Internet, current detection algorithms are already inadequate to meet the growth of network traffic. In this paper, we propose a lightweight algorithm. We first observe the real Internet traffic, and find that flows of DDoS flooding attack traffic are persistent and synchronous while most flows of normal traffic are short-lived and non-synchronous. According to this difference, we propose our detection algorithm. We label the alarms firstly and then confirm the attack. Our algorithm is lightweight and sensitive to the ongoing attack. However, randomly spoofing the IP address of the attack source to different IP addresses can hide the synchronization of attack flows. Thus, we add a spoofing IP detection algorithm called hop-count filter (HCF) to our algorithm to strengthen the robustness. At last, we evaluate our detection algorithm based on the real Internet traffic from CAIDA. Results show that our detection algorithm has a high accuracy (93.3%), no false positive in attack confirmation and just 1.1% false positive rate in labeling alarms. In addition, we analyze the challenges we may face when dealing with distributed LDoS attack.

Xin Wang,Xiaobo Ma,Jian Qu

DOI: https://doi.org/10.1109/dsa52907.2021.00026

2021-01-01

Abstract:In recent years, a new type of DDoS attacks against backbone routing links have appeared. They paralyze the communication network of a large area by directly congesting the key routing links concerning the network accessibility of the area. This new type of DDoS attacks make it difficult for traditional countermeasures to take effect. This paper proposes and implements an attack detection method based on non-cooperative active measurement. Experiments show that our detection method can efficiently perceive changes of network link performance and assist in identifying such new DDoS attacks. In our testbed, the network anomaly detection accuracy can reach 93.7%.

Xuyang Ding,Feng Xiao,Man Zhou,Zhibo Wang

DOI: https://doi.org/10.1109/trustcom50675.2020.00040

2020-01-01

Abstract:The DDoS attack is a serious threat to Internet of Things (IoT).As a new class of DDoS attack, Link-flooding attack (LFA) disrupts connectivity between legitimate IoT devices and target servers by flooding only a small number of links.In this paper, we propose an active LFA mitigation mechanism, called Linkbait, that is a proactive and preventive defense to throttle LFA for IoT.We propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to identify bait links as target links.To block attack traffic and further reduce the impact in IoT, we propose a compromised IoT devices detection algorithm that extracts unique traffic patterns of LFA for IoT and leverages support vector machine (SVM) to identify attack traffic.We evaluate the performance of Linkbait by using both real-world experiments and large-scale simulations.The experimental results demonstrate the effectiveness of Linkbait.

Lei Xue,Xiaobo Ma,Xiapu Luo,Edmond W. W. Chan,Tony T. N. Miu,Guofei Gu

DOI: https://doi.org/10.1109/tifs.2018.2815555

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then correlate the performance data and traceroute data to infer the target links or areas. Although the idea is simple, we tackle a number of challenging issues, such as conducting large-scale Internet measurement through noncooperative measurement, assessing the performance on asymmetric Internet paths, and detecting LFA. We have implemented LinkScope with 7174 lines of C codes and the extensive evaluation in a testbed and the Internet show that LinkScope can quickly detect LFA with high accuracy and low false positive rate.

Yen-Hung Chen,Yuan-Cheng Lai,Pi-Tzong Jan,Ting-Yi Tsai

DOI: https://doi.org/10.3390/s21041027

2021-02-03

Abstract:(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network-Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent "continuous/combination attacking action" and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.

Ning Yang,Hao Jiang,Daoxing Guo,Yuan Liu,Guoru Ding,Zhen Chen,Zhaohui Yang

DOI: https://doi.org/10.1109/lcomm.2024.3419829

IF: 3.5529

2024-01-01

IEEE Communications Letters

Abstract:The reliability and accuracy of cooperative spectrum sensing (CSS) in cognitive radio networks (CRNs) are highly dependent on the integrity of the shared spectrum sensing data. However, driven by selfishness and malicious intentions, secondary users (SUs) may launch SSDF attacks, resulting in the damage to the integrity of sensing data, which will seriously affect the performance of CRNs, especially under massive SSDF attacks. Therefore, a blockchain-based CSS model is firstly proposed and a reputation-based consensus mechanism, named proof of reputation (PoR), is designed to enable CSS to countermeasure massive SSDF attacks in an environmentally friendly manner while supporting the operation of blockchain. Secondly, a reputation evaluation scheme based on extended sensing time and transmission result is developed to evaluate the reputation of SUs. In addition, in order to maximize the recognition performance of SSDF attacks, a closed-form expression of the optimal decision threshold constrained by the misjudged probability of honest SU is derived. Finally, the effectiveness and superiority of the proposed PoR consensus algorithm against massive SSDF attacks are demonstrated by comparing the simulation with the existing solutions.

Xin Wang,Xiaobo Ma,Jiahao Peng,Jianfeng Li,Lei Xue,Wenjun Hu,Li Feng

DOI: https://doi.org/10.1109/access.2021.3131503

IF: 3.9

2021-01-01

IEEE Access

Abstract:The emerging link flooding attacks (LFAs) are one type of attacks that attract significant attention in both academia and industry against the routing infrastructure. The attack traffic flows originating from bots (e.g., compromised IoT devices) are deliberately aggregated at upstream critical links and grow intensified, gradually making a network connected to the critical links disconnected. Although LFAs are far more sophisticated than traditional DDoS attacks, whether such sophistication comes without a downside has never been investigated. In this paper, by modeling link flooding attacks and defenses, we tackle a series of questions concerning the practical issues of LFAs. Specifically, from the perspective of attacks, we advance a novel notion of strike precision, and reveal that LFAs may exhibit attack interference (i.e., unexpectedly interfere the connectivity of innocent networks) which might undermine the stealthiness and persistence of LFAs. From the perspective of defenses, we make the first step to study attack intention, i.e., inversely inferring the target network to disconnect based on the identified links under attack. Furthermore, we consider a strong defender who employs traffic engineering to mitigate LFAs, and formulate the game-theoretic interactions between attackers and defenders. The experiment results show that attack interference is pervasive, and our proposed SPAH flooding strategy can substantially lower attack interference and increase strike precision. Moreover, we demonstrate that LFAs can be effectively mitigated based on traffic engineering from a game-theoretic perspective, wherein the defender can adopt non-cooperative measurement techniques to achieve light-weight and multi-protocol-based robust probe deployment.

computer science, information systems,telecommunications,engineering, electrical & electronic