Active Link Obfuscation to Thwart Link-flooding Attacks for Internet of Things

Xuyang Ding, Feng Xiao, Man Zhou

The DDoS attack is a serious threat to the Internet of Things (IoT). As a new class of DDoS attacks, Link-flooding attack (LFA) disrupts connectivity between legitimate IoT devices and target servers by flooding only a small number of links. Several mechanisms have been proposed to mitigate the sophisticated attack. However, they can only reactively mitigate LFA after target links have been flooded by the adversaries. In this paper, we propose an active LFA mitigation mechanism, called Linkbait, that is a proactive and preventive defense to throttle LFA for IoT. The fact behind Linkbait is that adversaries rely on the set of key links impacting the network connectivity (i.e.,linkmap) to identify target links. Linkbait mitigates the attacks by interfering with linkmap discovery and providing a fake linkmap to adversaries. Inspired by moving target defense (MTD), we propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to identify bait links as target links. By providing the faked linkmap to adversaries, Linkbait can actively mitigate LFA for IoT even without identifying compromised IoT devices while not affecting flows from legitimate IoT devices. To block attack traffic and further reduce the impact in IoT, we propose a compromised IoT devices detection algorithm that extracts unique traffic patterns of LFA for IoT and leverages support vector machine (SVM) to identify attack traffic. We evaluate the performance of Linkbait by using both real-world experiments and large-scale simulations. The experimental results demonstrate the effectiveness of Linkbait.

Knowledge Graph

arrow_drop_up

Comments

Sign up or login to leave a comment