Active Link Obfuscation to Thwart Link-flooding Attacks for Internet of Things

The DDoS attack is a serious threat to Internet of Things (IoT). As a new class of DDoS attack, Link-flooding attack (LFA) disrupts connectivity between legitimate IoT devices and target servers by flooding only a small number of links. In this paper, we propose an active LFA mitigation mechanism, called Linkbait, that is a proactive and preventive defense to throttle LFA for IoT. We propose a link obfuscation algorithm in Linkbait that selectively reroutes probing flows to hide target links from adversaries and mislead them to identify bait links as target links. To block attack traffic and further reduce the impact in IoT, we propose a compromised IoT devices detection algorithm that extracts unique traffic patterns of LFA for IoT and leverages support vector machine (SVM) to identify attack traffic. We evaluate the performance of Linkbait by using both real-world experiments and large-scale simulations. The experimental results demonstrate the effectiveness of Linkbait.