Modeling and Mitigating the Coremelt Attack

Yang, Guosong; Hosseini, Hossein; Sahabandu, Dinuka; Clark, Andrew; Hespanha, João P.; Poovendran, Radha

doi:10.23919/acc.2018.8431752

Cited by 7 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we investigate the effects of some important parameters and our observations; we compare the performance of our methods with LFAD [ 1 ] with the performance of mitigation accuracy MA t . Notably, there are eight previous works that concern defense against LFA for both detection and mitigation [ 1 , 4 , 5 , 8 , 10 , 11 , 12 , 13 ], while others [ 3 , 6 , 7 , 9 ] only deal with detection. Overall, the study of [ 1 ] performs best in terms of defending against LFA with SDN among the eight previous works cited.…”

Section: Discussionmentioning

confidence: 99%

“…The previous work focusing on mitigating LFA can be classified into two types: traffic rerouting [ 1 , 10 ] and blacklist [ 4 , 5 , 8 , 11 , 12 , 13 ]. When LFA occurs, the target links are congested continuously.…”

Section: Related Workmentioning

confidence: 99%

“…The authors in [ 12 ] drop packets based on the blacklist, and use a max-min fair bandwidth-limiting mechanism to limit the bandwidths. The study in [ 13 ] manages the throughput via the tail drop technique, which means if the aggregate flow rate reaches capacity, the gateway buffers the excess data in a queue, waiting to be transmitted. When the queue is filled to its maximum capacity, the newly arriving flows will be dropped until there is enough room to accept incoming flows and if the network is congested, fewer packets will be sent per RTT.…”

Section: Related Workmentioning

confidence: 99%

“…On the other hand, in [ 9 , 10 ] the authors attempt to monitor the traceroute packets, which are launched by the attacker to acquire the topology and attacks on target links. The second LFA defending step is to mitigate LFA by rerouting traffic [ 1 , 10 ] or blocking malicious traffic [ 4 , 5 , 8 , 11 , 12 , 13 ] in order to deter the attack, to relieve the harm, and to recover the attacked network to a normal status. The traffic rerouting methods reroute flows that originally travel through the target links to relieve their congestions.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Chen

Lai

Jan

et al. 2021

Sensors

View full text Add to dashboard Cite

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Chen

Lai

Jan

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…A defense approach presented in [ 21 ] analyzes only a static case of the Coremelt network-layer attack with a fixed amount of attackers with fixed bandwidth, which we can apply against the application-layer DDoS. Moreover, it suggests dropping some packets from the most bandwidth-intensive users.…”

Section: Related Workmentioning

confidence: 99%

Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat

Gavrić

Bojovic

2022

Sensors

View full text Add to dashboard Cite

The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users’ actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server’s or players’ bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers’ traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack’s devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs.

show abstract

Modeling and Mitigating Link-Flooding Distributed Denial-of-Service Attacks via Learning in Stackelberg Games

Yang

Hespanha

2021

Handbook of Reinforcement Learning and Control

View full text Add to dashboard Cite

Modeling and Mitigating the Coremelt Attack

Cited by 7 publications

References 20 publications

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat

Modeling and Mitigating Link-Flooding Distributed Denial-of-Service Attacks via Learning in Stackelberg Games

Contact Info

Product

Resources

About