STRIDE: sanctuary trail -- refuge from internet DDoS entrapment
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
CoDef: collaborative defense against large-scale link-flooding attacks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
| Hi-index | 0.01 |
Malware-contaminated hosts organized as a “bot network” can target and flood network links (e.g., routers). Yet, none of the countermeasures to link flooding proposed to date have provided dependable link access (i.e., bandwidth guarantees) for legitimate traffic during such attacks. In this paper, we present a router subsystem called FLoc (Flow Localization) that confines attack effects and provides differential bandwidth guarantees at a congested link: (1) packet flows of uncontaminated domains (i.e., Autonomous Systems) receive better bandwidth guarantees than packet flows of contaminated ones, and (2) legitimate flows of contaminated domains are guaranteed substantially higher bandwidth than attack flows. FLoc employs new preferential packet-drop and traffic-aggregation policies that limit “collateral damage” and protect legitimate flows from a wide variety of flooding attacks. We present FLoc’s analytical model for dependable link access, a router design based on it, and illustrate FLoc’s effectiveness using simulations of different flooding strategies and comparisons with other flooding defense schemes.