Towards Defeating the Crossfire Attack using SDN

Gkounis, Dimitrios; Kotronis, Vasileios; Dimitropoulos, Xenofontas

doi:10.48550/arxiv.1412.2013

Cited by 2 publications

(3 citation statements)

References 4 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the attacker restricts its attacks to a single cut-set E sm or E mt , then the router can choose its policy accordingly, for instance f e = 1 for e ∈ E sm , and f e = 0.25 for e ∈ E mt . Note that across each cut-set, this route satisfies (2). Attacking only E sm , the attacker can block 1 unit of traffic, but attacking only E mt , the attacker can block 1.25 units of traffic.…”

Section: Equilibriamentioning

confidence: 99%

“…The problem formulation considered here is motivated by the so-called Crossfire attack in which an attacker persistently degrades network connectivity by targeting a selected set of links within the network, while adjusting to changes in routing policies [1]. The defense against such attacks has been the subject of recent work [2], [3], [4], [5].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks

Grimsman¹,

Hespanha²,

Marden³

2020

Preprint

View full text Add to dashboard Cite

We consider a two-player zero-sum network routing game in which a router wants to maximize the amount of legitimate traffic that flows from a given source node to a destination node and an attacker wants to block as much legitimate traffic as possible by flooding the network with malicious traffic. We address scenarios with asymmetric information, in which the router must reveal its policy before the attacker decides how to distribute the malicious traffic among the network links, which is naturally modeled by the notion of Stackelberg equilibria. The paper focuses on parallel networks, and includes three main contributions: we show that computing the optimal attack policy against a given routing policy is an NP-hard problem; we establish conditions under which the Stackelberg equilibria lead to no regret; and we provide a metric that can be used to quantify how uncertainty about the attacker's capabilities limits the router's performance.

show abstract

Section: Equilibriamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks

Grimsman¹,

Hespanha²,

Marden³

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…A novel class of extreme link-flooding DDoS (Distributed Denial of Service) attacks [1] is the Crossfire attack, which is designed to cut off entire geographical areas such as cities and even countries from the Internet by simultaneously targeting a selected set of network links [2], [3]. The most intriguing property of this target-area link-flooding attack is the usage of legitimate traffic flows to achieve its devastating impact by making the attack particularly difficult to detect and, consequently, to mitigate [4].…”

Section: Introduction: the Crossfire Attackmentioning

confidence: 99%

Detecting Target-Area Link-Flooding DDoS Attacks Using Traffic Analysis and Supervised Learning

Rezazad

Brust

Akbari³

et al. 2018

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

A novel class of extreme link-flooding DDoS (Distributed Denial of Service) attacks is designed to cut off entire geographical areas such as cities and even countries from the Internet by simultaneously targeting a selected set of network links. The Crossfire attack is a target-area link-flooding attack, which is orchestrated in three complex phases. The attack uses a massively distributed large-scale botnet to generate low-rate benign traffic aiming to congest selected network links, so-called target links. The adoption of benign traffic, while simultaneously targeting multiple network links, makes detecting the Crossfire attack a serious challenge. In this paper, we present analytical and emulated results showing hitherto unidentified vulnerabilities in the execution of the attack, such as a correlation between coordination of the botnet traffic and the quality of the attack, and a correlation between the attack distribution and detectability of the attack. Additionally, we identified a warm-up period due to the bot synchronization. For attack detection, we report results of using two supervised machine learning approaches: Support Vector Machine (SVM) and Random Forest (RF) for classification of network traffic to normal and abnormal traffic, i.e, attack traffic. These machine learning models have been trained in various scenarios using the link volume as the main feature set.

show abstract

Towards Defeating the Crossfire Attack using SDN

Cited by 2 publications

References 4 publications

Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks

Stackelberg Equilibria for Two-Player Network Routing Games on Parallel Networks

Detecting Target-Area Link-Flooding DDoS Attacks Using Traffic Analysis and Supervised Learning

Contact Info

Product

Resources

About