"LISA is where professionals share what's hot in designing, building, and maintaining critical systems."
Tom Limoncelli, author, speaker, and system administrator
"I keep coming back for the technical content and the personal networking opportunities. I attend for career development."
LISA '13 Attendee
"I use LISA to benchmark the SA activities in my company."
LISA '13 Attendee
"LISA is where professionals share what's hot in designing, building, and maintaining critical systems."
Tom Limoncelli, author, speaker, and system administrator
"Information from LISA helps us push the envelope on automation and scaling, allowing a team of four to manage over 3000 Firefox build and test systems running 15 different operating systems."
Amy Rich, Manager of Release Engineering Operations at Mozilla
"LISA is the conference that I send my system administrators to so they can bring the latest tools and techniques back to the rest of the team. Much of our current environment can be traced directly back to LISA."
Cory Lueninghoener, Deputy Group Leader of Production High Performance Computing at Los Alamos National Laboratory
"LISA is the place where industry best practices and cutting-edge research come together to advance system administration."
Nicole Forsgren Velasquez, Utah State University
"LISA is the conference that I send my system administrators to so they can bring the latest tools and techniques back to the rest of the team. Much of our current environment can be traced directly back to LISA."
Cory Lueninghoener, Deputy Group Leader of Production High Performance Computing at Los Alamos National Laboratory
"LISA is where I find direction for evolving the my core professional skills."
Lei Xue, The Hong Kong Polytechnic University; Xiapu Luo, The Hong Kong Polytechnic University Shenzen Research Institute; Edmond W. W. Chan and Xian Zhan, The Hong Kong Polytechnic University
Abstract:
A new class of target link flooding attacks (LFA) can cut off the Internet connections of a target area without being detected because they employ legitimate flows to congest selected links. Although new mechanisms for defending against LFA have been proposed, the deployment issues limit their usages since they require modifying routers. In this paper, we propose LinkScope, a novel system that employs both the end-to-end and the hop-by-hop network measurement techniques to capture abnormal path performance degradation for detecting LFA and then correlate the performance data and traceroute data to infer the target links or areas. Although the idea is simple, we tackle a number of challenging issues, such as conducting large-scale Internet measurement through noncooperative measurement, assessing the performance on asymmetric Internet paths, and detecting LFA. We have implemented LinkScope with 7174 lines of C codes and the extensive evaluation in a testbed and the Internet show that LinkScope can quickly detect LFA with high accuracy and low false positive rate.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {186520,
author = {Lei Xue and Xiapu Luo and Edmond W. W. Chan and Xian Zhan},
title = {Towards Detecting Target Link Flooding Attack},
booktitle = {28th Large Installation System Administration Conference (LISA14)},
year = {2014},
isbn = {978-1-931971-17-1},
address = {Seattle, WA},
pages = {90--105},
url = {https://www.usenix.org/conference/lisa14/conference-program/presentation/xue},
publisher = {USENIX Association},
month = nov,
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us