The Internet of Things (IoT) provides tremendous smart devices that are always connected to and interacting with the Internet. However, the development of IoT also promotes the threat of network attacks due to the billions of IoT devices vulnerable to hackers. Link-flooding attack (LFA) is a new type of DDoS attack used to flood the crucial network links. In IoT environment, LFA can be more easily launched by large-scale low-rate legitimate data flows with quite a low cost and is difficult to detect. Target areas in an enterprise network can be easily isolated since the crucial links are unavailable. Software defined network (SDN) architecture provides new opportunities to address this network security problem with the separation of data plane and control plane. Recently, segment routing (SR), which is an evolution of source routing, has been viewed as a promising technique for flow rerouting and failure recovery. SR is a lightweight easy-deployed scheme known for its flexibility, scalability, and applicability. Therefore, in this paper, we try to mitigate LFA with segment rerouting within the SDN architecture. With the comprehensive network-wide view of the data flows and links, we first design a monitoring mechanism to detect LFA based on the availability of the crucial links and traceroute flows. We consider the traceroute packet flows as time series with white Gaussian noise. A machine-learning-based auto-regression scheme is proposed to detect the abnormal increase in traceroute packets which indicates the launch of LFA. Then we use segment routing to detour the congested flows and alleviate the burden on the crucial links. Finally. the LFA bots will be identified and the malicious traffic will be blocked. Sufficient evaluations demonstrate that our LFA defense can efficiently detect LFA and preserve the network services, while only introduce a little signaling overhead between the control and data plane.

物联网（IoT）提供了巨大的智能设备，这些设备始终连接到Internet并与Internet交互。但是，由于数十亿物联网设备容易受到黑客攻击，物联网的发展也加剧了网络攻击的威胁。链路洪泛攻击（LFA）是一种新型DDoS攻击，用于洪泛关键网络链路。在物联网环境中，LFA可以通过低成本的大规模低速率合法数据流轻松启动，并且难以检测。由于关键链接不可用，因此可以轻松隔离企业网络中的目标区域。软件定义网络（SDN）体系结构通过分离数据平面和控制平面，提供了解决此网络安全问题的新机会。最近，分段路由（SR）是源路由的发展，已经被认为是用于流重新路由和故障恢复的有前途的技术。SR是一种轻量级易于部署的方案，以其灵活性，可伸缩性和适用性而闻名。因此，在本文中，我们尝试通过SDN架构中的段重新路由来减轻LFA。借助对数据流和链接的全网络范围的全面了解，我们首先设计了一种监视机制，用于根据关键链接和跟踪路由流的可用性来检测LFA。我们将traceroute数据包流视为具有高斯白噪声的时间序列。提出了一种基于机器学习的自动回归方案，以检测跟踪路由数据包中异常增长，这表明LFA已启动。然后，我们使用段路由绕开拥塞的流量并减轻关键链路的负担。最后。LFA漫游器将被识别，恶意流量将被阻止。充分的评估表明，我们的LFA防御可以有效地检测LFA并保留网络服务，同时仅在控制平面和数据平面之间引入少量信令开销。