Date of Award

Summer 6-2016

Embargo Period


Degree Type


Degree Name

Doctor of Philosophy (PhD)


Electrical and Computer Engineering


Virgil Gligor


Link-flooding attacks in which an adversary coordinates botnet messages to exhaust the bandwidth of selected network links in the core of the Internet (e.g., Tier-1 or Tier-2 networks) have been a powerful means of denial of service. In the past few years, these attacks have moved from the realm of academic curiosities to real-world incidents. Unfortunately, we have had a limited understanding of this type of attacks and effective countermeasures in the current Internet. In this dissertation, we address this gap in our understanding of link-flooding attacks and propose a two-tier defense approach. We begin by identifying routing bottlenecks as the major cause of the Internet vulnerability to link-flooding attacks. A routing bottleneck is a small set of links whose congestion disrupts the majority of routes taken towards a given set of destination hosts. These bottlenecks appear despite physicalpath diversity and sufficient bandwidth provisioning in normal (i.e., nonattack) mode of operation, and are an undesirable artifact of the current Internet design. We illustrate their pervasiveness for adversary-chosen sets of hosts in various cities and countries around the world via experimental measurements. We then present a real-time adaptive attack for persistent flooding of chosen links in the discovered routing bottlenecks using attack flows that are indistinguishable from legitimate traffic. We demonstrate the feasibility of these strategies and show that disruptions can scale from targeted hosts of a single organization to those of a country. To counter the link-flooding attacks defined in this dissertation, one could remove their root cause, namely the routing bottlenecks. However, this would affect the cost-minimizing policy that underlies the current Internet, change its routing architecture, and possibly affect communication costs. Instead, we propose an attack-deterrence mechanism that represents a first line of defense against link-flooding attacks by cost-sensitive adversaries. In the proposed defense, most link-flooding attacks are handled by the low-cost, single-domain based mechanism. As a second line of defense, which targets cost-insensitive adversaries that are undeterred, we propose the use of a multi-domain coordinated defense mechanism that is harder to orchestrate in the current Internet.