Implementation And Defense Of Link Floodling Attack In SDN

Link flooding attack(LFA)indirectly attacks the target node by directly congesting the key links in the network.It has the characteristics of concealment,non detectability and difficult to trace the source,causing serious harm.Software defined Networking(SDN)separates the data control plane,realizes the decoupling of software and hardware,provides network programmability,and can easily obtain the global network state.The emergence of new network architecture SDN provides new ideas for the implementation and defense of LFA attacks,such as frequent and rapid changes in network topology,which makes LFA attacks unable to locate key links;The flow table mechanism is used to redistribute traffic and mitigate LFA attacks.However,the existing defense schemes against LFA attacks have some disadvantages,such as high complexity of locating congestion links,long time to alleviate congestion by rerouting and cumbersome tracing malicious nodes.This paper mainly studies the implementation and defense strategy of LFA attack under Sdn.Firstly,an automatic system that can launch LFA attack against a specific target area under SDN is designed,and the LFA attack experimental environment is deployed.Secondly,taking advantage of the visible global topology of SDN,it realizes the accurate detection of LFA attack and distinguishes LFA attack from ordinary network congestion.Then,with the help of SDN’s unique flow table mechanism,the rerouting scheme is used to quickly alleviate the LFA attack and prevent it from causing serious damage.Finally,the network traffic information can be easily obtained through SDN,which realizes the traceability of malicious nodes in LFA attack and completely solves LFA attack.The main work and innovations of this paper are as follows:(1)An automatic attack system is designed and implemented to launch LFA attack on the designated area.In order to launch LFA attack,the system first introduces the concept of link criticality,obtains the shortest path from the target area to all other nodes through dijestra algorithm,and then finds out all key links in the area.Secondly,the user-defined algorithm calculates the total path from the target node to all other nodes,defines the congestion degree,and determines the congestion target,Finally,an allocation algorithm is designed to allocate the set of bait servers to interact with and the traffic size to be provided by each zombie host.Finally,the zombie host and bait server cooperate to complete the LFA attack.At the same time,we built the SDN network platform and tested the function of the automatic attack system.The results show that the attacker only needs to input the network topology,the target area to be attacked and the resources owned by the system.The system will give the specific allocation scheme of the zombie host,congest the key links in the target area and damage the communication.(2)The detection and mitigation scheme of LFA attack is proposed.Firstly,the remarkable characteristics of direct LFA attack(directly attacking the key link to make it congested)and indirect LFA attack(attacking the surrounding of the target area to isolate it from the external network)are mined to distinguish the congestion caused by LFA attack from the ordinary network link congestion,so as to achieve the purpose of accurately detecting LFA attack.Secondly,the standby paths of all traffic on the congestion link are calculated.If all standby paths pass through other congestion links,no standby path is available,resulting in no rerouting,and an alarm can be sent to the SDN controller.Otherwise,the rerouting scheme is adopted to reroute the traffic on the congested link to the standby path,so that the key link is no longer congested,temporarily restore the communication capacity of the target area,and slow down the LFA attack.Finally,the function test and performance test of LFA attack detection and mitigation scheme are carried out in the above experimental platform.The results show that because SDN has a global network topology,it can easily obtain the link state,so it can accurately and quickly detect LFA attacks,and it only takes 1.11 s to complete the re routing to slow down LFA attacks.(3)A tracing scheme of LFA attack is proposed.Using the common behavior that zombie hosts always appear on congested critical links,through multiple rounds of statistics and analysis of the host nodes on each critical link,all malicious nodes can be traced.Combined with the flow table mechanism of SDN,it can quickly and accurately eliminate malicious packets and malicious traffic,and completely solve the LFA attack.Experiments show that after five rounds of rolling attacks,the accuracy of tracing malicious nodes can reach 88%,and with the increase of the number of rounds,it can trace malicious nodes with higher accuracy.