A survey of link flooding attacks in software defined network ecosystems

Link Flooding Attacks (LFA) are a devastating type of stealthy denial of service attack that congests critical network links and can completely isolate the victim's network. In this work, we present a systematic survey of LFA patterns on all the layers of the Software Defined Network (SDN) ecosystem, along with a comparative analysis of mitigation techniques. The paper starts by examining different LFA types, techniques, and behaviors in wired and wireless SDNs. Next, an in-depth analysis of mitigation techniques is presented along with their suitability for each of the SDN variants. Subsequently, the significance of a pattern matching and machine learning-based detection and mitigation approaches as a defense against these attacks is highlighted. The paper also contributes by discussing the vulnerabilities of in-band SDNs against LFA when the interface of the data/ control plane is attacked by saturating shared strategic links through stealth flows.