The DDoS attack is a serious threat to Internet of Things (IoT). As a new class of DDoS attack, Link-flooding attack (LFA) disrupts connectivity between legitimate IoT devices and target servers by flooding only a small number of links. In this paper, we propose an active LFA mitigation mechanism, called Linkbait, that is a proactive and preventive defense to throttle LFA for IoT. We propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to identify bait links as target links. To block attack traffic and further reduce the impact in IoT, we propose a compromised IoT devices detection algorithm that extracts unique traffic patterns of LFA for IoT and leverages support vector machine (SVM) to identify attack traffic. We evaluate the performance of Linkbait by using both real-world experiments and large-scale simulations. The experimental results demonstrate the effectiveness of Linkbait.
翻译:DDoS攻击是对物的互联网的严重威胁。由于一个新的DDoS攻击类别,连环污染攻击(LFA)通过只淹没少量的链接来破坏合法的IOT装置和目标服务器之间的连通性。在本文中,我们提议建立一个活跃的LFA减缓机制,称为Linkbait,这是为IOT而推动LFA的主动和预防性防御。我们提议在Linkbait使用一种连接的模糊算法,有选择地将目标连接从对手手中转移来隐藏目标连接,并误导他们识别诱饵链接作为目标链接。为了阻断攻击交通并进一步减少IOT的影响,我们提议采用一个失密的IOT装置检测算法,为IOT提取LFA的独特交通模式,并运用支持矢量机器(SVM)来识别攻击流量。我们用真实世界实验和大规模模拟来评估Linkbait的性能。实验结果证明了Linkbait的有效性。