The Crossfire Attack

Kang, Min Suk; Lee, Soo Bum; Gligor, Virgil D.

doi:10.1109/sp.2013.19

Cited by 108 publications

(38 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is easily guessed that the sufficient detection accuracy cannot be maintained if the sending interval is further lengthened. However, the attacker cannot unduly lengthen the sending interval because more than 30% of network topology is dynamically changed [1].…”

Section: Simulation Methodologymentioning

confidence: 99%

“…We assume that each AS has only one router to simplify simulations. In accordance with [1], the number of bots and decoy servers is set to twice as many as the number of ASes. A bot sends traceroutes to all decoy servers three times at any given point in time.…”

Section: Simulation Setupmentioning

confidence: 99%

“…Recently, target link flooding attack (TLFA) which is a new type of DDoS attack has been proposed [1]. This attack cuts off specific links, referred to as target links (TL), over the Internet and disconnects a specific region, referred to as a target area, from other regions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

et al. 2019

View full text Add to dashboard Cite

In this paper, we propose traceroute-based target link flooding attack (TLFA) detection scheme by analyzing hop count to the destination. Since the destinations of the attacker's traceroutes tend to be concentrated around a target link, classifying traceroutes by hop count can highlight attacker's traceroute. Thus, the proposed scheme can detect the attack even if an attacker slowly executes traceroutes and the ratio of legitimate user's traceroutes is high. By computer simulations, we show our scheme has more robustness compared with the conventional scheme.

show abstract

Section: Simulation Methodologymentioning

confidence: 99%

Section: Simulation Setupmentioning

confidence: 99%

See 1 more Smart Citation

Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

et al. 2019

View full text Add to dashboard Cite

show abstract

“…All servers in the target area will then be degraded or even cut off from network connectivity [1]. Furthermore, for the purpose of expanding the effectiveness of attacks and ensuring the indistinguishability of attack traffic from legitimate traffic, LFA dynamically attacks different target links during different periods, which is called a spatiotemporal series attack pattern [2]. For example, LFA attack some set of target links for a while and attack the other set of target links at another time-space.…”

Section: Introductionmentioning

confidence: 99%

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Chen

Lai

Jan

et al. 2021

Sensors

View full text Add to dashboard Cite

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.

show abstract

“…As a new distributed denial of service (DDoS) attacks, low-rate distributed denial of service (L-DDoS) attacks mainly take advantage of some security vulnerabilities of the network protocol or adaptive mechanism to reduce network performance [2]. An intelligent attack-CrossFire is proposed in [3], this attack initiates link attacks at a low rate, and then generates aggregated traffic flow through multiple attack sources to achieve the purpose of blocking services in the data center. It can be known that L-DDoS not only could reduce the service performance of the data center, but also could cause a collapse in the network link.…”

Section: Introductionmentioning

confidence: 99%

A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Wang

2018

Future Internet

View full text Add to dashboard Cite

A data center network is vulnerable to suffer from concealed low-rate distributed denial of service (L-DDoS) attacks because its data flow has the characteristics of data flow delay, diversity, and synchronization. Several studies have proposed addressing the detection of L-DDoS attacks, most of them are only detect L-DDoS attacks at a fixed rate. These methods cause low true positive and high false positive in detecting multi-rate L-DDoS attacks. Software defined network (SDN) is a new network architecture that can centrally control the network. We use an SDN controller to collect and analyze data packets entering the data center network and calculate the Renyi entropies base on IP of data packets, and then combine them with the hidden Markov model to get a probability model HMM-R to detect L-DDoS attacks at different rates. Compared with the four common attack detection algorithms (KNN, SVM, SOM, BP), HMM-R is superior to them in terms of the true positive rate, the false positive rate, and the adaptivity.

show abstract

The Crossfire Attack

Cited by 108 publications

References 52 publications

Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Contact Info

Product

Resources

About