鏈結洪泛攻擊(Link Flooding Attack, LFA)主要以目標區域內的多台伺服器作為目標，此攻擊會堵塞目標鏈結—目標區域與外部區域間的鏈結，因為利用低速且大量的流量來偽裝成正常流量，而造成偵測不易。為了設計出良好的LFA防禦機制，必需有多元且完整之攻擊。以往LFA使用的攻擊方式有兩種，一種是佈署機器人在不斷地互相傳輸流量；另一種是調整拓樸中目標鏈結的使用率，模擬被攻擊時使用率提高的狀況，然而這些方法極需仰賴設計者自身的豐富經驗。
為了提供LFA防禦系統更符合的攻擊型態，本研究提出了一種針對LFA的產生方法DLAG (Deep Learning Attack Generator)，其運用深度學習中的生成對抗網路架構(Generative Adversarial Network, GAN)，並使用卷積神經網路(Convolutional Nerual Network, CNN)及長短期記憶演算法(Long Short-Term Memory, LSTM)，分別降低計算的維度及產生出具有時間序列的LFA，產生出的攻擊會自動找出防禦機制的脆弱處，盡可能避開被偵測到之可能性。實驗結果顯示DLAG 在有8條目標鏈結的拓樸下，能夠產生出避開防禦機制的攻擊流量可達92.45%，大幅優於模糊測試中隨機攻擊之20.35%，且不論多少數量的目標鏈結，DLAG都能保持90%以上的避開機率。

Link Flooding Attack (LFA) will not only attack one server but a target area, which include several servers. By sending large-volume, stealthy and low-rate traffic to flood target links, which are the important links connect between target area and outside servers. As disguise normal traffic, LFA is hard to detect. In order to design a better LFA defense model, there should be multiple attack for testing. Simulation LFA are concluded in two types, one is to use bots sending traffic constantly, another is to adjust utizilation of target links to simulation the links are attacked. However, those ways need much experience of the designers.
In order to provide LFA defense model a more correspondant attack simualation, Deep Learning Attack Generator (DLAG) is the model in connection with generating LFA. The structure of DLAG is Generative Adversarial Network(GAN), and conclude Convolutional Nerual Network (CNN) and Long Short-Term Memory (LSTM), the former is to lower dimension in caculating, the latter is to generate LFA with time sequence, which may find the vulnerability in defense model, and bypass the target links may be detected.
The result is shown that in the topology with eight target links, the bypassing rate in DLAG is up to 92.45%, and this is better than fuzz testing 20.35%, which attack randomly. Moreover, no matter how many target links are there in the topology, the bypassing rate in DLAG may keep as 90%.

[1]J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu, "Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis," IEEE Transactions on Information Forensics and Security, vol. 13, no. 7, pp. 1838-1853, 2018.
[2]A. Aydeger, N. Saputro, K. Akkaya, and M. Rahman, "Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense," in 2016 IEEE 41st Conference on Local Computer Networks (LCN), 2016, pp. 627-630.
[3]M. Aamir and M. Arif, “Study and Performance Evaluation on Recent DDoS Trends of Attack & Defense,” International Journal of Information Technology and Computer Science, vol. 5, no. 8, pp. 54-65, 2013.
[4]C. Liaskos and S. Ioannidis, “Network Topology Effects on the Detectability of Crossfire Attacks,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 7, pp. 1682-1695, 2018.
[5]M. S. Kang, S. B. Lee, and V. D. Gligor, “The Crossfire Attack,” IEEE Symposium on Security and Privacy, pp. 127-141, 2013.
[6]W. Lei, L. Qing, J. Yong, and W. Jianping, "Towards mitigating Link Flooding Attack via incremental SDN deployment," in 2016 IEEE Symposium on Computers and Communication (ISCC), 2016, pp. 397-402.
[7]T. Hirayama, K. Toyoda, and I. Sasase, "Fast target link flooding attack detection scheme by analyzing traceroute packets flow," in 2015 IEEE International Workshop on Information Forensics and Security (WIFS), 2015, pp. 1-6.
[8]K. Sakuma, H. Asahina, S. Haruta, and I. Sasase, "Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination," in 2017 23rd Asia-Pacific Conference on Communications (APCC), 2017, pp. 1-6.
[9]J. Wang, R. Wen, J. Li, F. Yan, B. Zhao, and F. Yu, "Detecting and Mitigating Target Link-Flooding Attacks Using SDN," IEEE Transactions on Dependable and Secure Computing, pp. 1-1, 2018.
[10]L. Xue, X. Ma, X. Luo, E. W. W. Chan, T. T. N. Miu and G. Gu, "LinkScope: Toward Detecting Target Link Flooding Attacks," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2423-2438, Oct. 2018
[11]C. Liaskos, V. Kotronis, and X. Dimitropoulos, "A novel framework for modeling and mitigating distributed link flooding attacks," in IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016, pp. 1-9
[12]R. U. Rasool, U. Ashraf, K. Ahmed, H. Wang, W. Rafique, and Z. Anwar, "Cyberpulse: A Machine Learning Based Link Flooding Attack Mitigation System for Software Defined Networks," IEEE Access, vol. 7, pp. 34885-34899, 2019.
[13]Y. Luan and S. Lin, "Research on Text Classification Based on CNN and LSTM," 2019 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA), Dalian, China, 2019, pp. 352-355, doi: 10.1109/ICAICA.2019.8873454.
[14]https://en.wikipedia.org/wiki/Fuzzing