Optimal filter assignment policy against link flooding attack
A Link Flooding Attack (LFA) is a special type of Denial-of-Service (DoS) attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, user traffic cannot reach the server. As a result, DoS and degradation...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-03-01
|
| Series: | High-Confidence Computing |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2667295224000345 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850046607154741248 |
|---|---|
| author | Rajorshi Biswas Jie Wu Wei Chang Pouya Ostovari |
| author_facet | Rajorshi Biswas Jie Wu Wei Chang Pouya Ostovari |
| author_sort | Rajorshi Biswas |
| collection | DOAJ |
| description | A Link Flooding Attack (LFA) is a special type of Denial-of-Service (DoS) attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, user traffic cannot reach the server. As a result, DoS and degradation of Quality-of-Service (QoS) occur. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim. The victim can protect its legitimate traffic by using a special type of router called filter router (FR). An FR can receive server filters and apply them to block a link incident to it. An FR probabilistically appends its own IP address to packets it forwards, and the victim uses that information to discover the traffic topology. By analyzing traffic rates and paths, the victim identifies some links that may be congested. The victim needs to select some of these possible congested links (PCLs) and send a filter to the corresponding FR so that legitimate traffic avoids congested paths. In this paper, we formulate two optimization problems for blocking the least number of PCLs so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non-congested shortest path in the first problem. We extend the first problem to a scenario where there are some users whose shortest paths are all congested. We transform the original problem to the vertex separation problem to find the links to block. We use a custom-built Java multi-threaded simulator and conduct extensive simulations to support our solutions. |
| format | Article |
| id | doaj-art-39bf0f6eadbe41e687ab7989b3f8011d |
| institution | DOAJ |
| issn | 2667-2952 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Elsevier |
| record_format | Article |
| series | High-Confidence Computing |
| spelling | doaj-art-39bf0f6eadbe41e687ab7989b3f8011d2025-08-20T02:54:25ZengElsevierHigh-Confidence Computing2667-29522025-03-015110023110.1016/j.hcc.2024.100231Optimal filter assignment policy against link flooding attackRajorshi Biswas0Jie Wu1Wei Chang2Pouya Ostovari3Information Sciences and Technology, Penn State University (Berks), Reading 19610, USA; Corresponding author.Department of Computer and Information Sciences, Temple University, Philadelphia 19122, USADepartment of Computer Science, Saint Joseph’s University, Philadelphia 19131, USAKLA Corporation, Milpitas 95035, USAA Link Flooding Attack (LFA) is a special type of Denial-of-Service (DoS) attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, user traffic cannot reach the server. As a result, DoS and degradation of Quality-of-Service (QoS) occur. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim. The victim can protect its legitimate traffic by using a special type of router called filter router (FR). An FR can receive server filters and apply them to block a link incident to it. An FR probabilistically appends its own IP address to packets it forwards, and the victim uses that information to discover the traffic topology. By analyzing traffic rates and paths, the victim identifies some links that may be congested. The victim needs to select some of these possible congested links (PCLs) and send a filter to the corresponding FR so that legitimate traffic avoids congested paths. In this paper, we formulate two optimization problems for blocking the least number of PCLs so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non-congested shortest path in the first problem. We extend the first problem to a scenario where there are some users whose shortest paths are all congested. We transform the original problem to the vertex separation problem to find the links to block. We use a custom-built Java multi-threaded simulator and conduct extensive simulations to support our solutions.http://www.sciencedirect.com/science/article/pii/S2667295224000345BotnetDDoS defenseQuality-of-serviceFilter routerLink flooding attackNetwork security |
| spellingShingle | Rajorshi Biswas Jie Wu Wei Chang Pouya Ostovari Optimal filter assignment policy against link flooding attack High-Confidence Computing Botnet DDoS defense Quality-of-service Filter router Link flooding attack Network security |
| title | Optimal filter assignment policy against link flooding attack |
| title_full | Optimal filter assignment policy against link flooding attack |
| title_fullStr | Optimal filter assignment policy against link flooding attack |
| title_full_unstemmed | Optimal filter assignment policy against link flooding attack |
| title_short | Optimal filter assignment policy against link flooding attack |
| title_sort | optimal filter assignment policy against link flooding attack |
| topic | Botnet DDoS defense Quality-of-service Filter router Link flooding attack Network security |
| url | http://www.sciencedirect.com/science/article/pii/S2667295224000345 |
| work_keys_str_mv | AT rajorshibiswas optimalfilterassignmentpolicyagainstlinkfloodingattack AT jiewu optimalfilterassignmentpolicyagainstlinkfloodingattack AT weichang optimalfilterassignmentpolicyagainstlinkfloodingattack AT pouyaostovari optimalfilterassignmentpolicyagainstlinkfloodingattack |