Abstract
To proactively defend against denial of service attacks, we propose an agile multipath routing approach called random route mutation (RRM) which combines game theory and constraint satisfaction optimization to determine the optimal strategy for attack deterrence while satisfying security, performance and QoS requirements of the network. Our contribution in this paper is fourfold: (1) we model the interaction between RRM defender and DoS attacker as a game in order to determine the parameters by which the defender can maximize her benefit, (2) we model route selection as a constraint satisfaction optimization and formalize it using Satisfiability Modulo Theories (SMT) to identify efficient practical routes, (3) we provide algorithms for sound and smooth deployment of RRM on conventional as well as software-defined networks, and (4) we develop analytical and experimental models to investigate the effectiveness and limitation of RRM under different network and adversarial parameters. Our analysis and preliminary implementation show that RRM can protect up to 90% of flow packets from being attacked against persistent attackers, as compared with single-path routing schemes. Moreover, our implementation shows that RRM can be efficiently deployed on networks without causing any disruption for flows.
Chapter PDF
References
Lee, S.-J., Gerla, M.: Split multipath routing with maximally disjoint paths in ad hoc networks. In: IEEE International Conference on Communications, ICC 2001, vol. 10, pp. 3201–3205 (2001)
Andersen, D., Balakrishnan, H., Kaashoek, F., Morris, R.: Resilient overlay networks. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, SOSP 2001, pp. 131–145. ACM, New York (2001)
Johnson, D.B., Maltz, D.A., Broch, J.: DSR: the dynamic source routing protocol for multihop wireless ad hoc networks. In: Ad Hoc Networking, pp. 139–172. Addison-Wesley, Boston (2001)
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: an architecture for mitigating ddos attacks. IEEE Journal on Selected Areas in Communications 22(1), 176–188 (2004)
Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the Ninth ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets 2010, pp. 19:1–19:6. ACM, New York (2010)
Lee, P., Misra, V., Rubenstein, D.: Distributed algorithms for secure multipath routing in attack-resistant networks. IEEE/ACM Transactions on Networking 15(6), 1490–1501 (2007)
Lou, W., Liu, W., Fang, Y.: SPREAD: enhancing data confidentiality in mobile ad hoc networks. In: IEEE INFOCOM, pp. 2404–2413 (2004)
Marina, M., Das, S.: On-demand multipath distance vector routing in ad hoc networks. In: Proceedings of IEEE International Conference on Network Protocols, ICNP, pp. 14–23 (2001)
Mavropodi, R., Kotzanikolaou, P., Douligeris, C.: SecMR - a secure multipath routing protocol for ad hoc networks. Ad Hoc Networks 5(1), 87–99 (2007)
OpenFlow group at Stanford University: POX Wiki (2013), https://openflow.stanford.edu/display/ONL/POX+Wiki
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 38(2), 69–74 (2008)
Microsoft: Z3: An Efficient Theorem Prover (2012), http://research.microsoft.com/en-us/um/redmond/projects/z3/
Papadimitratos, P., Haas, Z.J.: Secure routing for mobile ad hoc networks. In: SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, San Antonio, TX, USA, pp. 193–204 (2002)
Robert, C.P., Casella, G.: Monte Carlo Statistical Methods, 1st edn. Springer (1999)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Shu, T., Krunz, M., Liu, S.: Secure data collection in wireless sensor networks using randomized dispersive routes. IEEE Transactions on Mobile Computing 9(7), 941–954 (2010)
Xia, L., Cui, Z., Lange, J.R., Tang, Y., Dinda, P.A., Bridges, P.G.: VNET/P: bridging the cloud and high performance computing through fast overlay networking. In: Proceedings of the 21st international symposium on High-Performance Parallel and Distributed Computing, pp. 259–270. ACM Press, New York (2012)
Ye, Z., Krishnamurthy, S.V., Tripathi, S.K.: A framework for reliable routing in mobile ad hoc networks. In: IEEE INFOCOM, pp. 270–280 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jafarian, J.H., Al-Shaer, E., Duan, Q. (2013). Formal Approach for Route Agility against Persistent Attackers. In: Crampton, J., Jajodia, S., Mayes, K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-40203-6_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40202-9
Online ISBN: 978-3-642-40203-6
eBook Packages: Computer ScienceComputer Science (R0)