A Deep ConvNet-Based Countermeasure to Mitigate Link Flooding Attacks Using Software-Defined Networks

“…In tradition, detecting LFA can be classified into two types mentioned above. There are two studies that use deep learning methods to detect LFA [ 11 , 12 ]. There are normal traffic and anomalous traffic when the attack happens, so this category of deep learning method classifies two types of traffic by artificial neural networks.…”

“…In [ 11 ], the authors suggest an LFA attack detection scheme for SDN called Cyberpulse that leverages LFA traffic flow statistics to train the ANN module and then classifies them as normal and abnormal flows. The authors of [ 12 ] propose an attack detection scheme for SDN called LF-Shield that also utilizes LFA traffic statistics to train the CNN module and then classifies them as normal and abnormal flows.…”

“…The previous work focusing on mitigating LFA can be classified into two types: traffic rerouting [ 1 , 10 ] and blacklist [ 4 , 5 , 8 , 11 , 12 , 13 ]. When LFA occurs, the target links are congested continuously.…”

“…On the other hand, in [ 9 , 10 ] the authors attempt to monitor the traceroute packets, which are launched by the attacker to acquire the topology and attacks on target links. The second LFA defending step is to mitigate LFA by rerouting traffic [ 1 , 10 ] or blocking malicious traffic [ 4 , 5 , 8 , 11 , 12 , 13 ] in order to deter the attack, to relieve the harm, and to recover the attacked network to a normal status. The traffic rerouting methods reroute flows that originally travel through the target links to relieve their congestions.…”

“…To overcome the changing attack characteristics of LFA, numerous artificial intelligence (AI) methodologies [ 11 , 12 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 ] are introduced to defend against LFA through end-to-end functionality (Input: network status; Output: defending action) without any manual intervention [ 26 , 27 , 28 , 29 , 30 ]. The AI-based methodologies, therefore, reduce the inefficient labor cost, subjective judgment, and self-learning regarding the changing attack characteristics of LFA in a timely manner.…”

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

“…In tradition, detecting LFA can be classified into two types mentioned above. There are two studies that use deep learning methods to detect LFA [ 11 , 12 ]. There are normal traffic and anomalous traffic when the attack happens, so this category of deep learning method classifies two types of traffic by artificial neural networks.…”

“…In [ 11 ], the authors suggest an LFA attack detection scheme for SDN called Cyberpulse that leverages LFA traffic flow statistics to train the ANN module and then classifies them as normal and abnormal flows. The authors of [ 12 ] propose an attack detection scheme for SDN called LF-Shield that also utilizes LFA traffic statistics to train the CNN module and then classifies them as normal and abnormal flows.…”

“…The previous work focusing on mitigating LFA can be classified into two types: traffic rerouting [ 1 , 10 ] and blacklist [ 4 , 5 , 8 , 11 , 12 , 13 ]. When LFA occurs, the target links are congested continuously.…”

“…On the other hand, in [ 9 , 10 ] the authors attempt to monitor the traceroute packets, which are launched by the attacker to acquire the topology and attacks on target links. The second LFA defending step is to mitigate LFA by rerouting traffic [ 1 , 10 ] or blocking malicious traffic [ 4 , 5 , 8 , 11 , 12 , 13 ] in order to deter the attack, to relieve the harm, and to recover the attacked network to a normal status. The traffic rerouting methods reroute flows that originally travel through the target links to relieve their congestions.…”

“…To overcome the changing attack characteristics of LFA, numerous artificial intelligence (AI) methodologies [ 11 , 12 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 ] are introduced to defend against LFA through end-to-end functionality (Input: network status; Output: defending action) without any manual intervention [ 26 , 27 , 28 , 29 , 30 ]. The AI-based methodologies, therefore, reduce the inefficient labor cost, subjective judgment, and self-learning regarding the changing attack characteristics of LFA in a timely manner.…”

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

A survey of link flooding attacks in software defined network ecosystems

A Blockchain Based Link-Flooding Attack Detection Scheme