Mitigating DDoS Attacks in LEO Satellite Networks Through Bottleneck Minimize Routing

Abstract

In this paper, we focus on defending against distributed denial-of-service (DDoS) attacks in a low-earth-orbit (LEO) satellite network (LSN). To enhance the security of LSN, we propose the K-Bottleneck Minimize routing method. The algorithm ensures path diversity while avoiding vulnerable bottleneck paths, which significantly increases the cost for attackers. Additionally, the attacker’s detectability is reduced. The results show that the algorithm avoids the bottleneck paths that are vulnerable to attacks, improves the attacker’s cost by about 13.1% and 16.6% on average and median, and improves the detectability of attackers by 48.5% and 45.4% on average and median. The algorithm generates multiple non-overlapping inter-satellite paths, preventing the exploitation of bottleneck paths and ensuring better robustness and attack resistance.

1. Introduction

1.1. System Context and Challenge

Satellite communication systems have undergone a fundamental paradigm shift in their operational and governance models. Although the satellite-communications sector was long dominated by government agencies and international consortia (e.g., NASA and ESA), it has recently experienced an unprecedented surge in commercial participation. Private entities such as SpaceX’s Starlink, Telesat, and OneWeb are now spearheading the deployment of LSNs through mega-constellations, aiming to deliver global broadband coverage [1].

From a service perspective, satellite Internet bridges critical gaps where terrestrial infrastructure is impractical [2], such as maritime, aviation, and rural regions [3]. According to statistics published by the International Telecommunication Union (ITU) as of 2022, approximately 2.7 billion individuals worldwide remain unconnected to the Internet, highlighting a persistent global digital divide. This disparity is further underscored by the uneven distribution of connectivity: while 82% of urban populations had adopted Internet access, this figure represents approximately 1.8 times the adoption rate observed in rural areas [4]. However, challenges remain in spectrum coordination, orbital debris mitigation, and energy efficiency for satellite power systems. These factors will shape the next evolution of LEO networks.

As shown in Figure 1, the LSN consists of an inter-satellite link (ISL) consisting of a large number of satellites, and a ground-satellite link (GSL) for ground coverage. Modern LSNs leverage ISLs to achieve two critical advantages: ultralow latency through optimized orbital routing, and enhanced throughput via spatial multiplexing. Beyond technical merits, their global footprint addresses critical connectivity gaps in terrestrial infrastructure, enabling emergency response [5], remote scientific expeditions, and disaster recovery operations.

The commercial viability of this model is evidenced by SpaceX’s milestone of 4 million subscribers as of September 2024 [6], accompanied by rapid constellation expansion. As of 8 April 2025, orbital registries document 11,414 operational satellites in Earth’s orbit, with SpaceX’s Starlink constellation dominating the landscape. Quantitative analysis from [7] reveals that 7161 Starlink satellites are currently active—constituting 62.7% of all active orbital assets. This unprecedented concentration underscores Starlink’s dominance in global satellite infrastructure, far exceeding the cumulative deployments of all other operators combined. In accordance with the FCC report [8], we adopted the Starlink S1 shell topology, which has 72 orbital planes, each with 22 satellites, a height of 550 km, and an orbital inclination of 53°, each with 4 ISLs.

Previous research on satellite networks has predominantly focused on performance optimization, including communication capacity enhancement [9,10], latency reduction through ISL routing [11], and novel constellation designs [12]. However, the rapid commercialization of LSNs has introduced new security challenges that remain insufficiently addressed. In contrast to traditional satellite networks operated by governmental agencies, commercial mega-constellations often prioritize scalability and cost-efficiency, which often results in cybersecurity being treated as a secondary concern. For instance, the dense mesh topology of ISLs, while enabling low-latency routing, creates a larger attack surface for adversaries to exploit [13]. Recent studies highlight risks such as spoofing attacks on GSLs [14], and eavesdropping threats on satellite signals [6]. These systemic vulnerabilities pose critical risks to mission-critical operations, extending beyond launch platform integrity to encompass ground and space-based communications infrastructure, telemetry networks, spacecraft tracking mechanisms, and mission-critical command subsystems [15]. Regulatory frameworks governing cybersecurity in the space domain remain severely underdeveloped, particularly among commercial satellite operators. This lack of regulatory oversight becomes particularly concerning given the critical role that LSNs are expected to play in both civilian and defense communications. According to [16], the incidence of satellite system attacks increased fivefold during the period from 2009 to 2018 compared to the preceding decade (2000–2008), reflecting a significant escalation in the frequency and intensity of threat activity.

The public disclosure of satellite deployment details (e.g., FCC technical specifications) [17] enables attackers to reconstruct network topologies with high precision. The prevailing reliance on shortest-path routing in LSNs creates predictable traffic patterns, as evidenced by routing analyses in operational constellations [18]. Such patterns have proven attractive to adversaries and have been directly exploited in real world incidents. In November 2022, Starlink suffered a DDoS attack on the layer, which caused some users’ satellite services to be disrupted for a period of time [19]. In March 2025, a hacking group claimed responsibility for a cyberattack on 116 Iranian ships that resulted in a full-scale blow to the tanker’s satellite communications system [20].

On the Internet, routing bottlenecks are structural weaknesses. In terrestrial Internet infrastructure, route-cost minimization heuristics led to traffic convergence on a small set of high-centrality links, inadvertently creating structural chokepoints. Similarly, in LSNs, such traffic concentration arises due to topology-aware routing optimizations that prioritize minimal hop counts or latency, often at the expense of robustness. The ICARUS [21] framework has experimentally validated that such bottlenecks can be exploited in LSNs through coordinated botnet traffic, though specific performance impacts require further empirical measurement. Attackers can use network probing tools to discover the transmission path from the source node to the destination node [22]. As depicted in Figure 2, adversaries can strategically target three critical attack surfaces in LSNs: uplink and downlink jamming through distributed botnets and ISL flooding using coordinated payloads. The differently colored arrows in the diagram represent traffic from different directions that converges at the bottleneck link.

This paper presents a routing algorithm, in which we conducted statistical modeling of the bottleneck paths in LSN. We propose the K-Bottleneck Minimize routing algorithm, which aims to minimize the bottleneck weight during path generation. This algorithm increases the cost for the attacker to launch DDoS attacks and enhances the detectability of the attacker, providing greater security for LSN.

1.2. Motivation

Since bottleneck paths exist in the network, once attackers identify and continuously probe these bottleneck links, they can repeatedly locate them with low-rate probing traffic, and then launch concentrated floods at critical moments, seriously damaging network availability; once an attacker identifies and continuously probes these bottleneck links, they can repeatedly locate them with low-rate probing traffic and then unleash a concentrated flood at critical moments, severely impairing network availability.

Current multipath routing implementations predominantly rely on random or load balancing to enhance path unpredictability [23], yet fundamentally fail to mitigate bottleneck exploitation risks. Even emerging intelligent solutions, such as deep learning-based anomaly detection [15] or blockchain-secured routing [24], show limited practicality in resource-constrained LSN environments due to their high computational overhead. At the control layer, several studies have focused on fractional-order multi-agent systems [25], incorporating adaptive mechanisms to counteract time-varying attack gains induced by deception attacks [26]. This comprehensive survey [27] shows that intrusion detection system (IDS) methods have been introduced in spatial networks, but their computational overhead may introduce non-trivial detection delays under bursty or high-volume traffic and may also cause detection performance degradation under high-volume traffic.

Prior work [28] has shown that under malicious intervention Border Gateway Protocol (BGP) prefix hijacking can concentrate originally dispersed routes onto a single bottleneck link. Further amplifying the bottleneck effect [29] demonstrated, in their LSN study, that by leveraging publicly available TLE orbital data and simple throughput probes, attackers can accurately identify and continuously overwhelm the current busiest ground–satellite link, achieving up to a 3.4× reduction in global user traffic. This implies that unless defenses incorporate an assessment of high-risk bottlenecks and avoid them, attackers can repeatedly probe and reuse the same hotspot links, continuously evading mitigation.

Despite these demonstrated risks, no existing LSN DDoS mitigation framework systematically incorporates bottleneck risk profiling into routing weight optimization models. This oversight perpetuates the exposure of high-frequency attack surfaces, underscoring the urgent need for risk routing paradigms.

1.3. Contribution

This paper proposes a routing algorithm and statistically models the bottleneck path in LSN. We propose the K-Bottleneck Minimize routing algorithm, which aims to minimize the bottleneck weight during path generation. This algorithm increases the cost for the attacker to launch DDoS attacks and enhances the detectability of the attacker, providing greater security for LSN.

2. Background and Related Work

2.1. LEO Satellite Network

LSN integrates two fundamental components: a space segment comprising numerous LEO satellites interconnected via ISLs, and a ground segment consisting of user terminals and gateway stations [30]. Satellite Internet represents a revolutionary approach to global connectivity by leveraging constellations of LEO satellites. Unlike traditional geostationary (GEO) satellites operating at 36,000 km altitude, modern LEO constellations orbit below 2000 km, significantly reducing signal latency to 10–30 ms [31], while their 53° inclination angles ensure concentrated coverage over economically critical mid-latitude regions. This architectural shift enables near-fiber-optic performance for real-time applications like video conferencing and online gaming.

The technological advancement of modern satellite constellations is primarily driven by two disruptive innovations: cost-effective mass production of miniaturized satellites and pioneering reusable launch architectures. Empirical data illustrates this progression: early-generation satellites documented in [32] weighed approximately 260 kg, whereas contemporary Starlink V2 variants exhibit a threefold mass increase to 800 kg, reflecting enhanced payload capacity. Concurrently, SpaceX’s Falcon 9 booster has achieved unprecedented reusability milestones, with [33] reporting its 17th successful mission deploying 28 satellites—a testament to operational maturity in reusable rocket technology. Scaling ambitions further materialize through payload optimization; current Falcon 9 configurations accommodate up to 60 satellites per launch [34], while the developmental next-generation Starship megarocket prototype promises exponential capacity expansion, projected to deliver over 400 Starlink satellites per mission upon operational deployment.

This paradigm shifts from traditional bent-pipe relay systems to a three-stage data delivery model: terrestrial users first uplink data to overhead satellites via phased-array antennas. The data is then routed through multiple ISL hops across orbital planes using laser communication terminals (LCTs). Finally, destination satellites downlink the processed data to ground stations [35]. The first-generation Starlink architecture, in its initial deployment configuration, leverages X/Ku-band and Ka-band for user and ground station links to enable bidirectional low-latency communications [36]. This enables 4 Gbps user link throughput alongside 20 Gbps full-duplex ISL capacities [21], forming a high-efficiency space-terrestrial integrated network.

2.2. Denial of Service Attack

Denial of service (DoS) attacks disrupt target systems by exhausting computational resources through malicious traffic overload. The evolution to DDoS attacks enables attackers to coordinate geographically dispersed botnets—compromised devices spanning thousands of networks—to amplify attack magnitude exponentially. A seminal 1999 DDoS incident against the University of Minnesota incapacitated critical servers for 48 h, demonstrating early Internet vulnerabilities.

Modern variants like Coremelt’s link-flooding attack (LFA) exploit legitimate-appearing traffic between botnet nodes to congest critical network links rather than end-hosts, evading conventional intrusion detection systems [37]. Crossfire extends this paradigm by decoupling control-plane stability from data-plane attacks, enabling persistent regional service degradation through strategic target selection [38].

In satellite network contexts, the ICARUS framework adapts these principles to LSN environments. Attackers leverage compromised ground terminals across multiple regions to generate coordinated “normal” traffic patterns, strategically selecting source-destination pairs to saturate uplinks, downlinks, or inter-satellite connections.

As reported in [39], attackers are increasingly adopting hybrid DDoS strategies that combine carpet-bombing techniques with TCP reflection and amplification attacks, leading to highly disruptive traffic patterns across distributed ground terminals and satellite links, such as satellite ISPs or terminal services. These approaches indirectly launch amplified attacks against specific downstream targets.

Lu et al. proposed DoSat [17], a DDoS attack model targeting LEO satellite networks by combining link flooding with temporal lensing. By leveraging the time-varying topology of satellite constellations, DoSat concentrates attack traffic to overwhelm target links.

Simulations show that it reduces attack cost by approximately 20% compared to prior methods such as ICARUS, while maintaining stealth.

2.3. Satellite Security

The routing paradigms of terrestrial networks and LSNs exhibits fundamental differences. Terrestrial infrastructures benefit from stable node distributions and quasi-static topologies, whereas LSN routing must address dynamic orbital reconfigurations and stringent resource constraints. This volatility renders conventional security mechanisms inapplicable, necessitating domain-specific secure routing frameworks for space environments. In this context, several researchers have proposed innovative solutions to address these unique challenges.

Some studies enhance the unpredictability of path selection by incorporating random or predefined weighting mechanisms into routing. Ref. [40] developed Secure Enhanced Multipath Routing (SEMR), leveraging randomized breadth-first search (BFS) to generate unpredictable paths. Ref. [41] introduced Load-Balanced Multipath Routing (LBMR), employing Least Common Multiple (LCM)-based weight allocation for temporal-aware traffic splitting. Ref. [42] proposed an enhanced ant-colony pheromone model combined with an optional forwarding mechanism. When a node becomes inundated by traffic, both its heuristic value and pheromone concentration are dynamically reduced, promptly steering traffic toward healthy links to defend against DDoS attacks.

In a ground-relay–assisted Starlink topology, Ref. [43] introduced a hop-count–prioritized shortest-path scheme that splits a session’s traffic across two path segments and instantaneously activates a backup route as soon as a failure is detected on the primary link. Ref. [44] proposed advanced k-RAND, a random routing algorithm. This algorithm integrates Bayesian optimization to dynamically blend classic routing strategies. The experimental results demonstrate a 2.05% increase in attacker costs compared to static algorithms, validating its adaptive defense capabilities.

To ensure the trusted identities of satellite nodes and the security of their messages, blockchain technology has recently been incorporated into routing and multicast design. In [45], blockchain was integrated aboard satellites by designating each satellite node as a network participant; smart contracts and a distributed ledger were then employed to execute encrypted in-orbit data transmissions. Ref. [46] proposed a blockchain-based trustworthy multicast routing framework that leverages decentralized node authentication and combines an ant-colony algorithm with a scenario-aware hybrid switching strategy to isolate malicious nodes, construct a trusted multicast tree, and implement DDoS defense.

Some researchers have also explored machine learning- or deep learning-assisted DDoS defense. Huang et al. [47] introduced a Graph Neural Network-based MultiPath Traffic Engineering (GNN-MPTE), which centrally computes multiple disjoint paths at the ground controller to circumvent attacked links and automatically distribute traffic onto healthy paths. Ref. [48] proposed a deep learning-based trust-routing framework that combines Dempster–Shafer (D–S) evidence theory with variational autoencoder (VAE) based anomaly detection, integrating the generated security factors into an ant-colony algorithm to dynamically avoid malicious nodes.

There are several other security enhancement schemes that also offer valuable strategies for mitigating DDoS attacks. Ref. [49] proposed a distributed node–trust evaluation and secure-routing framework that collects inter-node interaction data to compute both direct and indirect trust, then fuses these via a D-S framework to derive an overall trust score—significantly improving the packet-delivery ratio and reducing packet-loss rate. Ref. [50] introduced an ICN network architecture that integrates a centralized software-defined networking (SDN) control plane with an information-centric networking (ICN) data plane. By leveraging the controller’s global view to dynamically install flow rules and employing content naming with in-network caching of popular content, the framework can rapidly redirect or cache malicious requests under DDoS attacks, thereby distributing load and alleviating stress on core links.

The main characteristics and drawbacks of these representative DDoS mitigation techniques are compared in

Table 1. State-of-the-art DDoS defense techniques in LSN.

Paper	Key Idea	Limitation
[40]	Randomized BFS to build multiple disjoint paths and disperse DDoS traffic	The randomized path is often not the shortest and may go around distant satellites
[41]	Least Common Multiple-based dynamic billing to balance load	Cannot reflect real-time or historical risk
[42]	Enhanced ant-colony: pheromone on congested nodes decays, steering traffic away	DDoS attacks may cause routing to suboptimal or wrong paths by distorting heuristic
[43]	Segment Routing with pre-installed snapshots for latency-aware detours	Reliant on terrestrial relays and not suited for sparse or long-haul networks
[44]	Bayesian optimization to mix shortest-path and randomized routing dynamically	Routing strategies change frequently, and forwarding tables frequently fluctuate
[45]	Integrated Blockchain in satellite node, verify the legitimacy of data sources	Smart contracts and a distributed ledger bring delays of more than seconds
[46]	Combining Blockchain and ant-colony, building multicast trees to isolate attackers.	High blockchain latency and communication overhead limit real-time defense
[47]	GNN-driven, latency and stability-aware traffic splitting/dropping of attack flows	Training and updating rely on historical snapshots, difficult to respond to changing attacks
[48]	Combining D-S preprocessing and VAE anomaly detection to generate security factors guiding routing	Only fluctuations in trust vectors and does not track sudden traffic spikes, thus failing to distinguish legitimate bursts from DDoS floods
[49]	Distributed D–S trust fusion in OSPF to automatically isolate suspicious nodes	Collection and fusion of interactive data is heavy; convergence speed is slow in large network
[50]	SDN flow rules and ICN edge caching to redirect malicious requests and offload core routers	Requires SDN and ICN deployment, with controller scalability and cache challenges

.

Prior schemes improve path unpredictability but introduce excessive path stretch and ignore the inherent risk of each route. Deep learning and blockchain approaches, however, incur high deployment overhead and cannot block stealthy DDoS attacks on board satellites in real time. Our work delivers a practical routing strategy for satellite networks that steers traffic away from high-risk bottleneck links while ensuring that path lengths remain bounded.

3. Model

3.1. Attacker Model

Although routing strategies are not publicly disclosed by satellite operators and vary across service providers, attackers can obtain routing information in two ways: one is to infer using public satellite topology data, and the other is to actively detect through ground terminals. LSN often maintains network stability at the second level. For example, Starlink changes the network every 15 s [51], so an attacker’s maximum window to exploit any static snapshot is only 15 s. During this interval, bots continue to use a fixed set of pre-planned paths and traffic-distribution plans to launch its flows. Our simulation is also based on the static network in this case. To evaluate the attack, we adopt the adversary’s perspective and focus on two critical metrics: Cost and MaxUp.

Cost quantifies the resource investment required to achieve attack objectives. For stealth-oriented attacks, they must distribute traffic across a large botnet to avoid detection, which increases coordination difficulty and operational overhead, thereby raising the overall attack cost. The cost of the attack is measured in Gbps. In actual attack and defense studies of satellite networks [52], the attack traffic generation capacity of a single bot is about tens of Mbps. To paralyze an ISL with a capacity of 20 Gbps, for example, a bot sends 40 Mbps, the attacker needs to coordinate at least 500 zombie devices to form an attack cluster.

For MaxUp, there is usually an anomaly detection mechanism based on link utilization in LSN. When the instantaneous bandwidth utilization of any ground-satellite uplink increases too much compared to its historical average level, an alarm can be triggered, and defenses such as traffic cleaning or node isolation can be initiated. In order to avoid such monitoring, attackers must disperse the total attack traffic to multiple uplinks to avoid excessive bandwidth surges on a single link. The maximum absolute bandwidth increment of this uplink attack traffic is defined as MaxUp to characterize the detectability of the attack. MaxUp is normalized to the bandwidth of an uplink. In the worst case, the attacker needs to fully saturate the satellite’s uplink, and the MaxUp at this time is 1.

3.1.1. Link and Path Discovery

The attacker creates a network diagram based on the existing satellite link and the distribution of controlled nodes. For each controlled node, uplinks and downlinks are added to its neighboring satellites. Then, for any two ordered combinations of controlled nodes, the Dijkstra algorithm is used to determine their shortest transmission path.

3.1.2. Path Filtering

Let P be the set of all paths in the network. The attacker will target one or more links and find all bots combinations that pass through these links via the shortest path. The attacker only selects and retains those paths that pass through the target in the attack direction.

3.1.3. Calculation of Feasible Attack Flows

The attack traffic to be allocated on each attack direction path $j$ is a non-negative variable $x_j$. The objective is to minimize the sum of $x_j$.

$$min\sum _{j=1}^{\mathrm{m}}{x}_j$$

(1)

For the total links L in the network, the attacker seeks a traffic distribution on these links and satisfies the following two constraints:

• For all target links $T\in L,$ the traffic needs slightly higher than the capacity $C_T$ to ensure congestion:

  $$\sum _{j\in P_T}{x}_j>C_T$$

  (2)
• For all non-target links $U\in L$, the traffic needs slightly higher than the capacity $C_U$, to ensure that traffic does not become congested:

  $$\sum _{j\in P_U}{x}_j<C_U$$

  (3)

By satisfying these two sets of constraints, the target link can be squeezed with the minimum bandwidth without causing congestion on other links.

After the solution $x_j$ is obtanined, let $D$ be the maximum absolute bandwidth increase in the uplink, MaxUp, as follows:

$$D=\underset{L\in E_{\mathit{uplink}}}{\max }\sum _{j\in P_T}{x}_j$$

(4)

3.1.4. Iterative Solution

If the initial budget $D$ cannot meet feasibility requirements, the opponent will continue to reduce $D$ and repeatedly solve the above feasibility problem until the minimum value $D_{min}$ is found, which can still cause congestion on the target link.

3.2. Defendence Model

We compute frequently recurring bottleneck paths under routing policies within the ICARUS framework. This generates a critical edge set that identifies high-risk links along with their attack frequency. Edges with higher frequencies handle greater traffic volumes, making them the most vulnerable components of the LSN and highly susceptible to targeted attacks.

Under the K-Bottleneck Minimize strategy, each candidate path evaluates the overall vulnerability by accumulating the risk weights of the links it passes through and prioritizes paths with the smallest weights to avoid high-risk links. In this way, the most vulnerable high-capacity links in the network will be effectively bypassed. If attackers want to achieve the same destructive effect, they must use more bots or use higher bandwidth to attack multiple candidate links at the same time.

As illustrated in Figure 3a, adversaries first perform active probing from compromised terminals to map routing paths and then utilize this information to orchestrate DDoS attacks. As illustrated in Figure 3b, our routing mechanism strategically avoids these critical links. While attackers previously required minimal traffic to congest highly utilized bottleneck links, the diversion strategy forces them to generate significantly larger attack volumes, leveraging the high-capacity nature of ISLs to achieve comparable disruption.

To characterize the distribution patterns of these metrics, we employ cumulative distribution function (CDF) plots. The CDF is a fundamental statistical function that characterizes the probability that a random variable X takes a value less than or equal to a specified threshold x, thereby capturing the overall distributional characteristics of the dataset. The formal definition of the CDF is given in Equation (5):

$$F_X\left(x\right)=P(X\le x)$$

(5)

where X represents the random variable under analysis, and $F_X\left(x\right)$ quantifies the cumulative probability across the distribution. This approach enables evaluation of attack by mapping the likelihood of adversarial success under varying resource constraints.

4. Algorithm

The goal is to optimize multi-path selection while minimizing the bottleneck weight of paths, with the frequency of bottleneck path occurrences used as a weight. We adopted a custom approach that covetously iterates over the culling of edges.

We cluster the frequency distribution of statistically identified bottleneck edges within the network to establish systematical evaluation. Each bottleneck edge is assigned a vulnerability level through a nonlinear classification methodology that employs exponential scaling to amplify inter-category distinctions. This approach heightens sensitivity to high-risk scenarios during decision-making processes while quantitatively reflecting the cumulative risk impact of bottleneck edges on network-wide stability.

The goal is to extract up to k edge-disjoint paths from source $s_d$ to destination $t_d$ that minimize bottleneck weight, subject to latency and iteration constraints. Under no circumstances should the latency of any chosen path exceed that of an equivalent terrestrial fiber-optic link. As shown in Algorithm 1, we propose a K-Bottleneck Minimize algorithm to avoid the bottleneck risk path in LSN. The algorithm proceeds as follows:

Shortest-Path Search: Run a weighted Dijkstra on the current graph G (V, E). Find the shortest path from source satellite $s_d$ to target satellite $t_d$. If no path exists, terminate.

Length Check and Edge Pruning: Measure the end-to-end path length of the candidate path. If it exceeds the fiber-equivalent bound, identify the single link with the greatest propagation delay, and mark it as unavailable.

Accept and Disjoint Enforcement: Once a path meets the length constraint, record it in the solution set, then remove its ISLs while permitting node reuse to ensure edge disjoint in subsequent iterations. Then, continue to calculate until paths are found or the attempt limit is reached.

Algorithm 1. K-Bottleneck Minimize

Input: G (V, E); source satellite $s_d$, target satellite $t_d$, fiber length fiber_len Output: routing in G (V, E) While count < k and attempt < max_attampts do       Attempt ← Attempt + 1       path ← Shortest Simple Path ( $s_d$$, t_d$, weight = ‘Bottleneck_Weight’)       If path is None             Break While       End If       If Length (path) > fiber_len             max_edge ← edge with max length in path             Set G [max_edge] not available             Continue While       End If       Count ← count + 1       ISL_edges ← Extract_ISL_Edges (path)       If not ISL_edges             Break While       End If       For edges in ISL_edges             Remove edges in G (V, E)       End For       Return path_list End While

Our network uses the Starlink S1 constellation, which means it has 1584 satellites, each with four ISLs, which means a total of 6336 ISLs. The number of k paths can be customized as needed. In our experiment, we fix the number of paths to 5. Following prior work [53], we first compute the fiber length by multiplying the great-circle distance between endpoints by a path-stretch factor of 1.53. We then estimate the one-way latency by dividing this length by the speed of light in fiber, which is approximately two-thirds of its vacuum value. We limit the maximum number of attempts to k + 3, and the majority of candidate paths are either pruned or accepted on the first search invocation, making secondary computation infrequent. By imposing a retry cap, the algorithm ensures sufficient flexibility to handle the pathological cases while bounding any excessive overhead from redundant re-search operations.

5. Simulation and Result

5.1. Simulation Setup

The experiments were conducted under Ubuntu 20.04 LTS, and the hardware configuration included an Intel Core i5-13600K processor (14 cores, 20 threads, 3.5 GHz) and 32 GB DDR4 memory. This experiment is based on the open-source ICARUS model, using Python 3.7.16 and NetworkX 2.5.1. We use the S1 shell of the Starlink constellation for our LSN analysis.

Table 2. LSN setup.

Parameters	Values
Satellite	1584
Orbits	72
Satellites per orbit	22
Elevation	550 km
Inclination	53°
Satellite-to-satellite Bandwidth	20 Gbps
Satellite-to-ground Bandwidth	4 Gbps

shows our LSN setup parameters and values. In order to keep pace with the original model [21], we used the standardized bandwidth mentioned in the paper. The ISL bandwidth is 20 Gbps and the GSL bandwidth is 4 Gbps.

We first construct the LSN constellations by building the ISL topology from the given parameters, generating uniform grid points on the Earth’s surface, and loading weighted, normalized GDP data. Ground–satellite coverage is computed at the minimum elevation angle, after which risk weights are assigned to all links. Then, source–destination pairs are randomly sampled according to grid weights. For each candidate path, bandwidth allocation is attempted: if every link on the path has sufficient residual capacity, the allocation is applied; otherwise, the path is discarded. We use an empty network without any benign traffic background in the network because it will be more of a resource burden for the attacker. Then, we execute our routing algorithm on these prepared topologies and finally execute the attack mechanism.

5.2. Result

As illustrated in Figure 4, the CDF of attacker costs demonstrates that our K-Bottleneck Minimize routing algorithm substantially increases adversarial resource requirements compared to K-SP and K-DG satellite routing schemes. The gradual ascent of the curve in low-cost regions suggests limited initial impact on path selection strategies, while its flattened progression in high-cost intervals reveals progressive cost escalation during sustained attacks, achieving our design objective. This cost inflation stems from attackers being compelled to select low-utilization paths rather than exploiting bottleneck links with concentrated traffic flows, thereby increasing total required attack traffic volume.

Figure 5 presents mean and median attack costs across compared algorithms. In Figure 5a, our proposed method achieves the highest average cost among all strategies, demonstrating improvements of 13.1% over K-SP and 21.6% over K-DG. In Figure 5b, it also attains the highest median cost, showing gains of 16.6% and 20.3% compared to K-SP and K-DG, respectively. These statistically significant increments validate the algorithm’s effectiveness in elevating attack barriers, particularly crucial for large-scale LSN deployments. The elevated cost requirements indicate that potential attackers would need to coordinate botnets of a considerably larger scale to successfully penetrate such defenses. This inherent advantage not only enhances the security of LSN infrastructures but also creates substantial economic and operational barriers for would-be attackers, as the resource requirements for mounting effective attacks become prohibitively high.

The detectability analysis in Figure 6 reveals that K-Bottleneck Minimize exhibits the highest MaxUp values among compared schemes, indicating greater susceptibility to satellite operator detection. This trend correlates with the cost CDF pattern, as achieving equivalent congestion effects under K-Bottleneck Minimize necessitates larger traffic volumes, thereby amplifying observable anomalies for network monitoring systems.

The experimental evaluation reveals the remarkable effectiveness of the K-Bottleneck Minimize strategy in defending against DDoS attacks. Figure 7 illustrates the average and median attack MaxUp values across the algorithms under comparison. As shown in Figure 7a, K-Bottleneck Minimize achieves an average MaxUp value of 0.251, which is 48.5% higher than the 0.169 average recorded by K-SP. This performance advantage extends to comparisons with K-DG, exceeding the K-DG average of 0.192 by 30.7%. In Figure 7b, when examining the median values, K-Bottleneck Minimize maintains its superiority with a 0.205 value, representing a 45.4% improvement over K-SP 0.141 median. The comparison shows an even more striking difference, where outperforms K-DG 0.131 median by 56.5%.

These substantial improvements in MaxUp metrics directly translate to enhanced network security. The elevated thresholds force attackers to generate traffic surges of significantly greater magnitude, increasing the likelihood of anomalous patterns being detected. As a result, the deployment of K-Bottleneck Minimize not only imposes prohibitive resource demands on adversaries but also enables network administrators to more readily identify sudden traffic anomalies. This facilitates earlier detection of potential attacks and allows for more effective and timely threat mitigation.

5.3. Complexity Analysis

In terms of time complexity, K-SP’s is finding the shortest k paths between sources by using the Yen’s algorithm. In the worst case, however, every newly discovered path of length up to $V$ may require enumerating all of its spur nodes, which incurs a base cost of $O\left(kV\right(E+VlogV\left)\right)$. But once it is found that the actual length of a candidate path exceeds fiber_len, further spur enumeration of the path is stopped immediately. Let the average number of spur nodes for each path in the actual graph is $N$. Since $N\ll V$, the number of shortest path searches required during actual runtime is much less than the theoretical worst case. Then, it needs to repeat by k times to find paths. Hence, the end-to-end time complexity for K-SP routing is as follows:

$$O\left(kN\left(E+VlogV\right)\right)$$

(6)

The K-DG strategy iteratively invokes a single-source Dijkstra search to extract one shortest path per iteration and uses a fiber_len cutoff to prune in advance, costing $O(E+VlogV)$ each time. Once a path is accepted, its constituent ISLs, uplinks, or downlinks are pruned from the graph. If at any point the path contains no ISL segments, the algorithm terminates early. This iterative process continues until k paths have been found or no further paths exist, yielding the following total routing complexity:

$$O\left(k\left(E+VlogV\right)\right)$$

(7)

The core of the K-Bottleneck Minimize algorithm is its repeated invocation of single-source Dijkstra search under weighted risk metrics. A single Dijkstra run on a graph with $V$ vertices and $E$ edges require $O(E+VlogV)$ time when implemented with a binary-heap priority queue. Since we extract up to k edge-disjoint paths and allow a bounded number of retries, we perform $O\left(k\right)$ for such Dijkstra computations. As with the previous two strategies, we enforce the fiber_len bound. However, rather than simply discarding any path whose total length exceeds bound, we iteratively identify and remove its longest edge and re-run Dijkstra to obtain the next candidate. In each iteration, we also traverse the selected path of $N$ edges in $O\left(N\right)$ time to check the cumulative length and to disable any individual edge that would push the path over the bound. Consequently, the overall time complexity of the routing procedure is as follows:

$$O\left(k\left(E+VlogV+N\right)\right)$$

(8)

The computation time cost of the three algorithms is shown in Figure 8.

We measure the computational cost of different algorithms by actual computation time. Under our experimental conditions, routing computation across the entire Starlink S1 constellation required 3297 s for K-SP, 724 s for K-DG, and 2613 s for K-Bottleneck Minimize. The markedly longer runtime of K-SP arises from its additional overhead: each new path generation invokes a spur-node search, and for every source–destination pair, K-SP exhaustively generates paths until it either finds all k routes or exhausts all feasible options, which leads to the highest total computation cost.

By contrast, both K-DG and K-Bottleneck Minimize terminate upon discovering the first ground–satellite–ground direct route. In K-DG, each time a path is successfully selected and appended to the result set, only one complete Dijkstra search is required; subsequent edge-pruning operations do not trigger further shortest-path computations, accounting for its reduced total runtime. K-Bottleneck Minimize likewise performs one Dijkstra search, but whenever a candidate path exceeds the length limit and its longest edge must be discarded, each retry entails another full shortest-path run. Its attempt-limit mechanism effectively curtails repeated computation when feasible paths are scarce, and if k valid paths cannot be assembled after multiple attempts, the algorithm terminates early—resulting in a total runtime above that of K-DG.

5.4. Limitation

In comparison to the K-SP strategy, our K-Bottleneck Minimize algorithm achieves a marked reduction in overall computational effort; however, it still incurs greater overhead than the K-DG approach. This limitation stems from the requirement that, whenever a candidate path violates the prescribed fiber-length bound, the algorithm must excise its single longest, high-risk edge and then re-invoke a full shortest-path computation under the risk metric. Although the maximum path length $O\left(N\right)$ is strictly bounded, each prune-and-recompute cycle carries a penalty. When such cycles are performed repeatedly, their aggregate contribution to total runtime becomes non-negligible.

6. Conclusions

This paper addresses DDoS attacks in LSN by introducing a K-Bottleneck Minimize routing algorithm. First, we leverage the ICARUS framework to measure each link’s bottleneck occurrence frequency and map it into a nonlinear risk weight. Under the constraint that the end-to-end latency does not exceed the equivalent fiber-optic delay threshold, Dijkstra iteration weighted by bottleneck weights is used to generate up to k edge-disjoint paths by pruning ISL to avoid high-risk links.

Simulation on the Starlink S1 topology demonstrates that, relative to the classical K-SP approach, K-Bottleneck Minimize raises the average attacker cost by 13.1% and the median cost by 16.6%; against the K-DG algorithm, the corresponding gains are 21.6% and 20.3%. In terms of MaxUp, our method delivers a 48.5% increase in mean detection probability and a 45.4% uplift in the median compared to K-SP. Against K-DG, our method increases the mean MaxUp by 30.7% and the median by 56.5%. This proves that our algorithm can effectively improve the cost and detectability of attackers. This greatly increases the probability of attackers being detected.

The total computation times for K-SP, K-DG, and our K-Bottleneck Minimize algorithms are 3297 s, 724 s, and 2613 s, respectively. While K-DG remains the fastest, completing in roughly 4.5 times faster than K-SP. Our K-Bottleneck Minimize approach still achieves a reduction in routing-calculation time compared to K-SP and incurs an overhead relative to K-DG. Compared with the most common K-SP algorithm, our routing calculation time is still reduced, which shows that our algorithm still has room for application in large-scale satellite scenarios.

Our future work will focus on reducing time overhead by streamlining path pruning and using multi-objective optimization to balance latency and bandwidth and integrate continuous monitoring with load-aware controls. These refinements aim to deliver more efficient adaptive routing and further bolster DDoS resilience in LEO satellite systems.