Abstract: Link-flooding attacks have the potential to disconnect even entire countries from the Internet. Moreover, newly proposed indirect link-flooding attacks, such as “Crossfire”, are extremely hard to expose and, subsequently, mitigate effectively. Traffic Engineering (TE) is the network’s natural way of mitigating link overload events, balancing the load and restoring connectivity. Thus, an interplay between the attacker and the network TE is formed. This raises the question:
"Can there be a definitive winner, i.e., undetectable attackers or invincible TE schemes?"
Should you accept this mission (:D) you will be given state-of-the-art control over the network flow routing, i.e., you will be working in a Software-Defined Network.
The Crossfire is a new link-flooding attack variant that separates two node areas without directing traffic to any of them, as shown below:
Regardless of the cause of link-flooding, the Traffic Engineering (TE) process naturally kicks-in to alleviate the congestion and restore connectivity.
Thus, a cyclic interaction between the network (admin) and the attacker is formed:
The attacker floods a link l1. The defender then re-routes traffic (TE2). The attacker updates the selected decoy servers, flooding link l2. The defender replies with TE3 and the attacker floods link l3, and so on.
Notice that the affected area should contains the target--unless you want to confuse the detector ;) ! Thus, the intersection of affected areas may eventually yield the persistent target (and the existence of the attack).
Pick one task! (If you work as a team, pick both). Complexity and further details to be discussed @ Teams.
New book published: C. Liaskos, A. Tsioliaridou (Liaskos, C. Editor) (2024): Analysis of Wireless and Wired SDNs, Kallipos+, NTUA Publications, 2024. (https://dx.doi.org/10.57713/kallipos-377)
New UoI student publications!: