鏈結洪氾攻擊(Link Flooding Attack, LFA)是一種新型態的DDoS攻擊，其針對目標區域透過合法的低密度資料流來壅塞特定的目標鏈路，可以降低甚至癱瘓整個目標區域中伺服器的服務。因為SDN具備集中控制和可程式化的好處，能夠快速管理和配置網路，故在SDN解決LFA會較容易且有效，然而在傳統網路過渡至SDN的過程中會存在混合SDN的網路架構，因此如此在混合SDN中防禦LFA就是一個非常重要的議題。因此我們提出了一個稱為Hybrid Network LFA Defender(HNLD)，其透過將混合SDN網路中分區來防禦LFA的攻擊。HNLD內有兩種機制Congestion Avoidance Rerouting(CAR)和Attack Cheating Rerouting (ACR)。透過改變目標鏈結的路由成本不同，間接改變路由引起流量，前者引導流量來保護流量不受攻擊影響，而後者則是引導流量來保護目標鏈結不被攻擊佔據並阻擋攻擊持續加速。模擬結果顯示：(1)混合SDN中若有20%網路節點為SDN交換器就可以有效偵測混合SDN中LFA；(2)透過CAR方案能夠有效拖延壅塞時間成功防禦攻擊，透過ACR方案則能夠有效阻擋攻擊流成功阻擋攻擊；(3)當混合SDN中有20%網路節點為SDN交換器時，HNLD能有效阻擋75%的LFA。

Link Flooding Attack (LFA) is a new type of DDoS attack that targets a specific low-density data stream to target a specific target link. It can reduce or even palsy the server in the entire target area. Because SDN has the advantages of centralized control and programmability, it can quickly manage and configure the network. Therefore, it is easier and more effective to solve LFA in SDN. However, in the process of traditional network transition to SDN, there will be a hybrid SDN network architecture. Therefore, defending LFA in hybrid SDN is a very important issue. So we proposed a system called Hybrid Network LFA Defender (HNLD), which defends against LFA by partitioning the hybrid SDN network. There are two mechanisms within the HNLD, Congestion Avoidance Rerouting (CAR) and Attack Cheating Rerouting (ACR). By changing the routing cost of the target link, the indirect change of routing causes traffic changes. The former directs traffic to protect traffic from attacks, while the latter directs traffic to protect the target link from being attacked and blocks the attack from accelerating. The simulation results show that: (1) If 20% of the network nodes in the hybrid SDN are SDN switches, the LFA in the hybrid SDN can be effectively detected; (2) the CAR scheme can effectively delay the congestion prevention attack, and the ACR solution can Effectively block the attack stream from successfully blocking the attack; (3) When 20% of the network nodes in the hybrid SDN are SDN switches, HNLD can effectively block 75% of LFA.

[1] M. S. Kang, S. B. Lee, and V. D. Gligor, “The Crossfire Attack,” IEEE Symposium on Security and Privacy, pp. 127-141, 2013.
[2] L. Xue, X. Ma, X. Luo, E. W. W. Chan, T. T. N. Miu, and G. Gu, “LinkScope: Toward Detecting Target Link Flooding Attacks,” IEEE Transactions on Information Forensics and Security, pp. 2423-2438, 2018.
[3] T. Hirayama, K. Toyoda, and I. Sasase, “Fast Target Link Flooding Attack Detection Scheme by Analyzing Traceroute Packets Flow,” IEEE International Workshop on Information Forensics and Security, pp. 1-6, 2015.
[4] C. Liaskos, V. Kotronis and X. Dimitropoulos, “A novel framework for modeling and mitigating distributed link flooding attacks,” IEEE International Conference on Computer Communications, pp. 1-9, 2016.
[5] J. Wang, R. Wen, J. Li, F. Yan, B. Zhao, and F. Yu, “Detecting and Mitigating Target Link-Flooding Attacks Using SDN,” IEEE Transactions on Dependable and Secure Computing. doi: 10.1109/TDSC.2018.2822275
[6] J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu, “Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis,” IEEE Transactions on Information Forensics and Security, pp. 1838-1853, 2018.
[7] A. Aydeger, N. Saputro, K. Akkaya, and M. Rahman, “Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense,” IEEE Conference on Local Computer Networks, pp. 627-630, 2016.
[8] J. Kim and S. Shin, “Software-Defined HoneyNet: Towards Mitigating Link Flooding Attacks,” Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 99-100, 2017.
[9] L. Wang, Q. Li, Y. Jiang, and J. Wu, “Towards mitigating Link Flooding Attack via incremental SDN deployment,” IEEE Symposium on Computers and Communication, pp. 397-402, 2016.
[10] “Software-defined networking: The new norm for networks”, ONF White Paper, 2012.
[11] R. Amin, M. Reisslein, and N. Shah, “Hybrid SDN Networks: A Survey of Existing Approaches,” IEEE Communications Surveys & Tutorials, pp. 3259-3306, 2018.
[12] K. Poularakis, G. Iosifidis, G. Smaragdakis, and L. Tassiulas, “One Step at a Time: Optimizing SDN Upgrades in ISP Networks,” IEEE Conference on Computer Communications, pp. 1-9, 2017.
[13] J. Núñez-Martínez, J. Baranda, and J. Mangues-Bafalluy, “A Service-based Model for The Hybrid Software Defined Wireless Mesh Backhaul of Small Cells,” International Conference on Network and Service Management, pp. 390-393, 2015.
[14] T. Das, M. Caria, A. Jukan, and M. Hoffmann, “Insights on SDN Migration Trajectory,” IEEE International Conference on Communications, pp. 5348-5353, 2015.
[15] D. Levin, M. Canini, S. Schmid, F. Schaffert, A. Feldmann, “Panopticon: Reaping the benefits of incremental SDN deployment in enterprise networks”, Proc. USENIX Annu. Tech. Conf., pp. 333-345, 2014.
[16] L. He, X. Zhang, Z. Cheng, and Y. Jiang, “Design and Implementation of SDN/IP Hybrid Space Information Network Prototype,” IEEE International Conference on Communications, pp. 1-6, 2016.
[17] M. Caria and A. Jukan, “The Perfect Match: Optical Bypass and SDN Partitioning,” IEEE International Conference on High Performance Switching and Routing, pp. 1-6, 2015.
[18] M. Caria, T. Das, A. Jukan, and M. Hoffmann, “Divide and Conquer: Partitioning OSPF Networks with SDN,” IEEE International Symposium on Integrated Network Management, pp. 467-474, 2015.
[19] M. Caria, A. Jukan, and M. Hoffmann, “SDN Partitioning: A Centralized Control Plane for Distributed Routing Protocols,” IEEE Transactions on Network and Service Management, pp. 381-393, 2016.
[20] S. Song, J. Lee, K. Son, H. Jung and J. Lee, “A congestion avoidance algorithm in SDN environment,” International Conference on Information Networking (ICOIN), pp. 420-423, 2016.