Software defined network moving target defense mechanism against link flooding attacks

XIE Lixia;DING Ying;School of Computer Science and Technology,Civil Aviation University of China;  

This paper presents a software defined network(SDN)based defense mechanism to detect and mitigate a new distributed denial of service(DDoS) attack named Crossfire. An SDN traffic-level centralized monitoring and shunt control model was defined based on the Crossfire characteristics for the defense mechanism.The SDN re-routing strategy was used to resolve the congestion load of the attacked link with flexible traffic scheduling used to alleviate the congestion and avoid critical link interruption that could seriously interfere with network service.The SDN mobile target defense mechanism was used to dynamically adjust the network configuration and network behavior to induce the attacker to adjust the attack traffic;thereby improving the attack detection efficiency of the bait server.Tests show that this mechanism can effectively defend against Crossfire attacks and that the SDN defense mechanism and rerouting strategy does not require significant overhead.

【Fund】： 国家自然科学基金民航联合研究基金项目(U1833107);; 中央高校基本科研业务费项目(ZYGX2018028)
【CateGory Index】： TP393.08

Download(CAJ format) Download(PDF format)

CAJViewer7.0 supports all the CNKI file formats; AdobeReader only supports the PDF format.