Wang et al., 2018 - Google Patents
Detecting and mitigating target link-flooding attacks using SDNWang et al., 2018
- Document ID
- 2258161533239968309
- Author
- Wang J
- Wen R
- Li J
- Yan F
- Zhao B
- Yu F
- Publication year
- Publication venue
- IEEE Transactions on dependable and secure computing
External Links
Snippet
DDoS attacks have caused very serious damage to enterprise networks. Recently, a new kind of DDoS attack called link-flooding attack (LFA), has surfaced and is already being used by attackers to flood and congest network critical links. LFA is very difficult to detect …
- 230000000116 mitigating 0 title description 8
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/08—Configuration management of network or network elements
- H04L41/0803—Configuration setting of network or network elements
- H04L41/0813—Changing of configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/08—Configuration management of network or network elements
- H04L41/0893—Assignment of logical groupings to network elements; Policy based network management or configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/12—Arrangements for maintenance or administration or management of packet switching networks network topology discovery or management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
- H04L43/0876—Network utilization
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/22—Arrangements for maintenance or administration or management of packet switching networks using GUI [Graphical User Interface]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/06—Arrangements for maintenance or administration or management of packet switching networks involving management of faults or events or alarms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/22—Alternate routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/48—Routing tree calculation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/02—Arrangements for maintenance or administration or management of packet switching networks involving integration or standardization
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/14—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Detecting and mitigating target link-flooding attacks using SDN | |
| Wang et al. | Woodpecker: Detecting and mitigating link-flooding attacks via SDN | |
| Fawcett et al. | Tennison: A distributed SDN framework for scalable network security | |
| Meier et al. | {NetHide}: Secure and practical network topology obfuscation | |
| EP3223487B1 (en) | Network-based approach for training supervised learning classifiers | |
| KR101917062B1 (en) | Honeynet method, system and computer program for mitigating link flooding attacks of software defined network | |
| US10581901B2 (en) | Increased granularity and anomaly correlation using multi-layer distributed analytics in the network | |
| Chung et al. | NICE: Network intrusion detection and countermeasure selection in virtual network systems | |
| Bhatia et al. | Distributed denial of service attacks and defense mechanisms: current landscape and future directions | |
| Wang et al. | Towards mitigating link flooding attack via incremental SDN deployment | |
| US11606387B2 (en) | Techniques for reducing the time to mitigate of DDoS attacks | |
| Gkounis et al. | On the interplay of link-flooding attacks and traffic engineering | |
| US20180077182A1 (en) | Learning internal ranges from network traffic data to augment anomaly detection systems | |
| Rafique et al. | CFADefense: A security solution to detect and mitigate crossfire attacks in software-defined IoT-edge infrastructure | |
| Cui et al. | PLAN: Joint policy-and network-aware VM management for cloud data centers | |
| Gkounis | Cross-domain DoS link-flooding attack detection and mitigation using SDN principles | |
| Kim et al. | BottleNet: hiding network bottlenecks using SDN-based topology deception | |
| Rauf et al. | Formal approach for resilient reachability based on end-system route agility | |
| Xie et al. | Mitigating LFA through segment rerouting in IoT environment with traceroute flow abnormality detection | |
| Etxezarreta et al. | Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey | |
| Gillani et al. | In-design resilient SDN control plane and elastic forwarding against aggressive DDoS attacks | |
| Krishnan et al. | A review of security, threats and mitigation approaches for SDN architecture | |
| Kim et al. | EqualNet: A Secure and Practical Defense for Long-term Network Topology Obfuscation. | |
| Demırcı et al. | Virtual security functions and their placement in software defined networks: A survey | |
| Ding et al. | Active link obfuscation to thwart link-flooding attacks for internet of things |