Centralized Defense Using Smart Routing Against Link-Flooding Attacks

Recently, two new distributed Link-flooding attacks with high destruction potential have been introduced named the Coremelt and the Crossfire attacks. Unlike the traditional DDoS attacks these two attacks isolate the victim from the rest of internet while the traffic is not sent to it. Moreover, these attacks are indistinguishable since the adversary keeps each per-flow rate, to flood the target network links, low for the Crossfire attack and only legitimate traffic is used for the Coremelt attack. The previous characteristics make these attacks undetectable by the current protection mechanisms in the routers or by intrusion detection systems (IDS). In this paper, we present a new mechanism that detects the sources used by the adversary to perform the attacks. Besides, we went one step further and we try to mitigate the attack even during the detection phase. This mechanism can be enabled by the softwarization mechanism as SDN. By extensive simulation on an ISP topology, and by comparing our work with previous solutions selected from the state of the art. Our results show that our heuristic is up to three times faster than the existing solutions and improve by ten the network stability. We believe that these results can help ISP enablers and designers to counter the link flooding attacks.