Research On Key Technologies Of Link Flooding Attack Defense Mechanism Based On Moving Target Defense

With the rapid development and massive popularity of the Internet,network attacks are also increasing,and network security has become a serious challenge facing countries today.Link Flooding Attack(LFA)is a typical type of Distributed Denial of Service(DDo S)attack,which can cause a large area of network service interruption by sending a large amount of data to the target area to block the network critical links,causing great harm.Traditional LFA defense methods are mostly static,which rely on a priori knowledge and have serious passivity and lag,and are easily identified and bypassed by attackers,making it difficult to effectively deal with organized and high-intensity dynamic LFA.network vulnerability exposure,improve the complexity and cost of network attacks,and can significantly reduce the destructiveness of network attacks.The thesis introduces MTD idea into LFA defense,combines P4 programmable data plane technology,and studies LFA dynamic defense mechanism based on Software-defined Networking(SDN),which is important for securing network.The main research contents of the thesis are as follows:(1)To address the limitations of traditional static traffic filtering methods,a dynamic traffic filtering method for LFA based on MTD is proposed,which dynamically selects attack traffic for filtering by periodically deploying filtering rules,making it difficult for attacks to launch effective attacks and making it more difficult for attackers to attack.First,to address the problem that traditional SDNs are difficult to cope with new attack methods,the method is implemented based on P4 programmable switches and virtualized network functions(VNFs),and takes advantage of the customizable features of the P4 programmable data plane pipeline to design traffic filtering rules and deploy them flexibly in the network through VNFs.Second,to address the problem of limited packet processing logic that can be achieved by the P4 programmable pipeline,an LFA traffic filtering engine is designed,which consists of a programmable switch and a filtering server,both of which work together to complete traffic filtering.Finally,for different LFA attack flows,the filtering paradigm is designed for different attack flows,which is divided into two types of filtering rules based on programmable switch filtering and combined with server filtering according to whether they can be transformed into "match-action" mode.(2)In MTD defense,defenders need to construct appropriate filtering strategies to minimize the defense overhead while ensuring network security.To address this problem,the thesis constructs an optimal filtering strategy for LFA traffic filtering based on game theory.First,by analyzing the LFA traffic filtering attack and defense game process,and assuming that both attackers and defenders know each other’s information and take actions in no particular order,a traffic filtering game model based on a complete information static game is constructed.Second,by quantifying the offensive and defensive utilities and formally defining the relevant elements,we solve the utility functions of both attackers and defenders.Finally,the optimal filtering strategy selection algorithm is designed by analyzing the equilibrium of the traffic filtering attack and defense game,and the Nash equilibrium of the game is solved according to this algorithm as the optimal filtering strategy.(3)The overall architecture of the defense system is designed based on the above method,and the effectiveness and performance are verified.A simulation experimental platform is constructed based on the BMv2 switch and the Mininet network simulation environment.The experimental results show that the proposed method can be effective for mitigating link flooding attacks and ensuring that normal network service requests are not interrupted.Comparing the method with static traffic filtering methods and analyzing the experimental results by evaluating relevant network performance metrics,the results show that the method has higher performance in terms of delay bandwidth and other aspects with less overhead.