Active Link Obfuscation to Thwart Link-flooding Attacks for Internet of Things

Ding, Xuyang; Xiao, Feng; Zhou, Man; Wang, Zhen

doi:10.1109/trustcom50675.2020.00040

Cited by 9 publications

(4 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the approaches [9,10] have not mentioned the attacked link detection which is a prerequisite in performing obfuscation. In addition, the ICMP probing fow detection [5,6] Hence, the above approaches are insufcient in defending against the initial attack stage with the stealthier PR probing. Consequently, they can leave some undefended and vulnerable PRs for the adversary, which can be confrmed by the evaluation results in Section 5.6.…”

Section: Mtdmentioning

confidence: 99%

“…First, the MTD approach may leave non-changed routes involving the PRs and cannot diverge the critical PRs [13,16,34,35]. In addition, the topology obfuscations [5,6,9,10] do not change the underlying routes and host addresses, which makes the decoys to be refooded. Second, the trafc throttling approaches are hard to detect randomized testing fooding at low rate [7,8,11,12].…”

Section: Defenses Against the Renaissance Attack Stagementioning

confidence: 99%

“…Hence, at frst, the adversary usually prefers to probe PRs at the initial stage of the crossfre attack and later speculate on some vulnerable PRs at the renaissance stage of the attack. However, at the initial attack stage, the existing defense approaches can leave PRs undefended and vulnerable due to the following reasons: (a) hardness of probing [5,6] and fooding [7,8] detection for the stealthier ICMP or fooding trafc sent from the bots at a low rate, (b) non-changed routes and decoys' addresses that can be speculated for the network topology obfuscation [5,6,9,10] and ICMP detection [11,12] approaches, and (c) the impossibility in diverging overloaded trafc on the critical PRs for the route mutation [13] and trafc throttling [7,8,14] approaches. In addition, these approaches do not protect the vulnerable PRs from being speculated and hence have not been concerned with such a renaissance attack stage.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Persistent Route Diversification Mechanism for Defending against Stealthy Crossfire Attack

Zhou

Yang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Computer networks are facing the challenge of stealthy crossfire attacks that flood through persistent routes (PRs) towards their decoys at a low rate for disrupting end-to-end connectivity of the target. At first, the PRs can be stealthily probed at the initial stage of the attack. Later, some undefended and vulnerable PRs can be speculated at the renaissance stage of the attack, which yet remains unconcerned. To achieve an effective defense against the two-stage attacks, this paper investigates a new persistent route diversification defense (PRDD) mechanism to mitigate each identified PR under the attacks. The PRDD effectively stops the flooding on the PRs to mitigate their congestion. Meanwhile, it makes the adversary unable to probe or speculate the PRs under their corresponding attack stages. Thus, it disables every flooding choice for the adversary, avoiding the attacks. The PRDD is designed with scalable algorithmic complexity in computation and overhead. The PRDD is extensively assessed using NS-3 and Mininet, and the results show the following. (a) It is more effective in mitigating more attacked PRs compared with the existing solutions. (b) The defense performance of the PRDD remains highly scalable in computation, while maintaining an acceptable overhead.

show abstract

Section: Mtdmentioning

confidence: 99%

Section: Defenses Against the Renaissance Attack Stagementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Persistent Route Diversification Mechanism for Defending against Stealthy Crossfire Attack

Zhou

Yang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…These countermeasures aim to hide potential bottleneck links and nodes while preserving the utility of path-tracing tools. However, a study [60] that after analyzing three state-of-theart proactive network obfuscation defenses: NetHide [59], Trassare et al's solution [61], and LinkBait [62] identified four common weaknesses that significantly compromise the security and utility of the exposed virtual topologies. Such instances are indicative of the fact that tackling such attacks is a multifaceted endeavor that requires very careful examination.…”

mentioning

confidence: 99%

Security in Cloud-Native Services: A Survey

Theodoropoulos,

Rosa,

Benzaid

et al. 2023

JCP

View full text Add to dashboard Cite

Cloud-native services face unique cybersecurity challenges due to their distributed infrastructure. They are susceptible to various threats like malware, DDoS attacks, and Man-in-the-Middle (MITM) attacks. Additionally, these services often process sensitive data that must be protected from unauthorized access. On top of that, the dynamic and scalable nature of cloud-native services makes it difficult to maintain consistent security, as deploying new instances and infrastructure introduces new vulnerabilities. To address these challenges, efficient security solutions are needed to mitigate potential threats while aligning with the characteristics of cloud-native services. Despite the abundance of works focusing on security aspects in the cloud, there has been a notable lack of research that is focused on the security of cloud-native services. To address this gap, this work is the first survey that is dedicated to exploring security in cloud-native services. This work aims to provide a comprehensive investigation of the aspects, features, and solutions that are associated with security in cloud-native services. It serves as a uniquely structured mapping study that maps the key aspects to the corresponding features, and these features to numerous contemporary solutions. Furthermore, it includes the identification of various candidate open-source technologies that are capable of supporting the realization of each explored solution. Finally, it showcases how these solutions can work together in order to establish each corresponding feature. The insights and findings of this work can be used by cybersecurity professionals, such as developers and researchers, to enhance the security of cloud-native services.

show abstract