Abstract
To enhance mutation efficiency and proactively defend against denial of service attacks in moving target defense, we propose an effective and speedy multipath routing mutation approach called area-dividing random route mutation (ARRM). This approach can successfully resist denial of service attacks with acceptable CPU overhead and reduce convergence time caused by route mutation. Our contribution in this paper is threefold: (1) we provided model and method for smooth deployment of ARRM on software-defined networks; (2) we proposed extended shortest path calculation and route selection method to identify and select efficient route; (3) we simulated the interaction between ARRM defender and DoS attacker and develop analytical and experimental models to investigate the effectiveness and costs of ARRM under different mutation intervals and adversarial parameters. Our analysis and preliminary implementation show that ARRM can protect flow packets from being attacked against persistent DoS attackers and prolong attackers’ response time. Moreover, compared with traditional RRM schemes, our implementation shows that ARRM can efficiently decrease the recalculation time delay caused by route mutation with acceptable CPU costs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NITRD CSIA Homepage, https://catalog.data.gov/dataset/trustworthy-cyberspace-strategic-plan-for-the-federal-cybersecurity-research-and-development, Accessed 27 May 2017
Zhuang, R., Deloach, S.A., Ou, X.: Towards a theory of moving target defense. In: 1st ACM Workshop on Moving Target Defense Proceedings, pp. 31–40. ACM, New York (2014)
CPS-VO Homepage, http://cps-vo.org/node/3854, Accessed 11 June 2017
Duan, Q., Al-Shaer, E., Jafarian, H.: Efficient random route mutation considering flow and network constraints. In: Communications and Network Security Proceedings, pp. 260–268. IEEE, National Harbor (2013)
Kewley, D., Fink, R., Lowry, J., et al.: Dynamic approaches to thwart adversary intelligence gathering. In: DARPA Information Survivability Conference & Exposition II, pp. 176–185. IEEE, Anaheim (2002)
Atighetchi, M., Pal, P., Jones, C.: Building auto-adaptive distributed applications: the QuO-APOD experience. In: International Conference on Distributed Computing Systems Workshop Proceedings, pp. 104–109. IEEE Computer Society, Washington, DC (2003)
Antonatos, S., Akritidis, P., Markatos, E.P.: Defending against hitlist worms using network address space randomization. Comput. Netw. Int. J. Comput. Telecommun. Netw. 51(12), 3471–3490 (2007)
Al-Shaer, E., Duan, Q., Jafarian, J.H.: Random host mutation for moving target defense. In: Keromytis, Angelos D., Pietro, R. (eds.) SecureComm 2012. LNICSSITE, vol. 106, pp. 310–327. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36883-7_19
Mckeown, N., Anderson, T., Balakrishnan, H.: OpenFlow: enabling innovation in campus networks. Acm Sigcomm Comput. Commun. Rev. 38(2), 69–74 (2008)
Hougardy, S.: The Floyd-Warshall algorithm on graphs with negative cycles. Inf. Process. Lett. 110(8), 279–281 (2010)
Zhuang, R., Zhang, S., Deloach, S.A.: Simulation-based approaches to studying effectiveness of moving-target network defense. Nat. Symp. Moving Target Res. 53(59), 15111–15126 (2013)
Kaur, K., Singh, J., Ghumman, N.S.: Mininet as software defined networking testing platform. In International Conference on Communication, Computing and Systems Proceedings (2014)
Shalimov, A., Zuikov, D., Zimarina, D.: Advanced study of SDN/OpenFlow controllers. In: Central & Eastern European Software Engineering Conference Proceedings, pp. 1–6. ACM New York (2013)
Augustin, B., Friedman, T., Teixeira, R.: Multipath tracing with Paris traceroute. In: End-to-End Monitoring Techniques and Services Proceedings, pp. 1–8. IEEE, Munich (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Tan, H., Tang, C., Zhang, C., Wang, S. (2017). Area-Dividing Route Mutation in Moving Target Defense Based on SDN. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_43
Download citation
DOI: https://doi.org/10.1007/978-3-319-64701-2_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64700-5
Online ISBN: 978-3-319-64701-2
eBook Packages: Computer ScienceComputer Science (R0)