Distributed denial of service (DDoS) attacks are a constant threat for services in the Internet. This year, the record for the largest DDoS attack ever observed was set at 1.7 Tbps. Meanwhile, detection and mitigation mechanisms are still lacking behind. Many mitigation systems require the assistance by the victim - or the victim's administrator themself has to become active to mitigate attacks. We introduced a system that can detect attacks, identify attackers, and mitigate the attacks purely within the network infrastructure. With the improved flexibility of software-defined networks, new possibilities to mitigate such attacks can be implemented. In addition to our short paper on the mitigation of reflective DDoS attacks on LCN 2018, we also like to demonstrate our work on mitigating flooding attacks presented at LCN 2017 and our mitigation of slow DDoS attacks. In our demo, we show how these systems can be combined and how they work when faced with such different attacks.
翻译:许多减灾系统需要受害者的援助,或者受害者本人的管理者自己必须积极减少袭击。我们引入了一个系统,可以探测袭击,识别袭击者,并完全在网络基础设施内减轻袭击。随着软件定义网络的灵活性的提高,可以实施新的减轻袭击的可能性。除了我们关于减轻对LCN 2018的反射DDoS袭击的简短文件外,我们还想展示我们在2017年LCN 上提出的减轻洪水袭击和减缓缓慢的DDoS袭击的工作。在演示中,我们展示了这些系统是如何结合的,以及在面对不同袭击时如何发挥作用。