Mitigating while Accessing: A Lightweight Defense Framework Against Link Flooding Attacks in SDN

Link flooding attack(LFA) is a type of covert distributed denial of service(DDoS) attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet. Recently, the proliferation of Internet of Things(IoT) has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs. In LFAs, attackers typically utilize low-speed flows that do not reach the victims, making the attack difficult to detect. Traditional LFA defense methods mainly reroute the attack traffic around the congested link, which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic. To address these challenges, we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale. This framework is lightweight and can be deployed at border switches of the network in a distributed manner, which ensures the scalability of our defense system. The performance of our framework is assessed in an experimental environment. The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.