Link Flooding Attacks (LFA) are a devastating type of stealthy denial of service attack that congests critical network links and can completely isolate the victim's network. In this work, we present a systematic survey of LFA patterns on all the layers of the Software Defined Network (SDN) ecosystem, along with a comparative analysis of mitigation techniques. The paper starts by examining different LFA types, techniques, and behaviors in wired and wireless SDNs. Next, an in-depth analysis of mitigation techniques is presented along with their suitability for each of the SDN variants. Subsequently, the significance of a pattern matching and machine learning-based detection and mitigation approaches as a defense against these attacks is highlighted. The paper also contributes by discussing the vulnerabilities of in-band SDNs against LFA when the interface of the data/control plane is attacked by saturating shared strategic links through stealth flows.

链路泛洪攻击（LFA）是一种破坏性的隐式拒绝服务攻击，它使关键网络链路拥塞，可以完全隔离受害者的网络。在这项工作中，我们对软件定义网络（SDN）生态系统所有层上的LFA模式进行了系统的调查，同时对缓解技术进行了比较分析。本文从研究有线和无线SDN中的不同LFA类型，技术和行为开始。接下来，将对缓解技术进行深入分析，以及它们对每种SDN变体的适用性。随后，强调了模式匹配和基于机器学习的检测和缓解方法作为防御这些攻击的重要性。