Protecting internet infrastructure against link flooding attacks: A techno-economic perspective

As an emerging threat, link flooding attacks (LFAs) target and congest core links that constitute Internet routing infrastructure, hence posing a growing threat to networks worldwide. Mitigating and defeating LFAs is particularly challenging for two reasons. First, arising from the end-to-end communication from bots to public servers (e.g., Web servers), the attack traffic flows could be indistinguishable from legitimate ones, and even unobservable to the victim network surrounded by the target links. Therefore, typical flow-filtering countermeasures deployed at the network perimeter become invalid when handling LFAs. Second, the target link and the victim network belong to an autonomous system (AS) different from the source ASs where the attack traffic flows originate. These source ASs, however, have no idea the target link is under attack, whereas they are in charge of routing decisions and thus capable of mitigating LFAs by rerouting the attack traffic flows to bypass the target link. Therefore, inter-AS cooperation is indispensable to defeat LFAs. Unfortunately, the source ASs lack incentives to cooperate because the collateral damage of LFAs to them may be negligible, making it challenging to eradicate LFAs. In this paper, we make the first effort to cope with LFAs from a techno-economic perspective, for accelerating ISPs’ cooperation in defending against LFAs. We propose two novel mechanisms to mitigate LFAs by stimulating the inter-AS cooperation via incentive design and Nash bargaining. Experiments using Internet AS relationship data demonstrate the feasibility and effectiveness of our mechanisms.