On the Interplay of Link-Flooding Attacks and Traffic Engineering

Link-flooding attacks have the potential to disconnect even entire countries from the Internet. Moreover, newly proposed indirect link-flooding attacks, such as 'Crossfire', are extremely hard to expose and, subsequently, mitigate effectively. Traffic Engineering (TE) is the network's natural way of mitigating link overload events, balancing the load and restoring connectivity. This work poses the question: Do we need a new kind of TE to expose an attack as well? The key idea is that a carefully crafted, attack-aware TE could force the attacker to follow improbable traffic patterns, revealing his target and his identity over time. We show that both existing and novel TE modules can efficiently expose the attack, and study the benefits of each approach. We implement defense prototypes using simulation mechanisms and evaluate them extensively on multiple real topologies.