A Defense Mechanism of Random Routing Mutation in SDN

Focused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and characteristic measurements of network traffic. Random routing mutation is triggered according to the result of network anomaly detection, which using a wavelet transform and principal component analysis to handle the above entropy matrix for both spatial and temporal correlations. The generation of a random routing path is specified as a 0-1 knapsack problem, which is calculated using an improved ant colony algorithm. Theoretical analysis and simulation results show that the proposed method not only increases the difficulty of network reconnaissance and eavesdropping but also reduces the impact of DoS attacks on the normal communication in an SDN network. key words: random routing mutation, moving target defense, OpenFlow protocol, software-defined network

[1]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[2]  Wang Hui-ying On multi-dimension 0-1 knapsack problem based on ant colony algorithm , 2007 .

[3]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[4]  David Hutchison,et al.  Network address hopping: a mechanism to enhance data protection for packet communications , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[5]  Ehab Al-Shaer,et al.  Formal Approach for Route Agility against Persistent Attackers , 2013, ESORICS.

[6]  Ehab Al-Shaer,et al.  An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[7]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[8]  Ehab Al-Shaer,et al.  Toward Network Configuration Randomization for Moving Target Defense , 2011, Moving Target Defense.

[9]  Fenlin Liu,et al.  SDN-Based Double Hopping Communication against Sniffer Attack , 2016 .

[10]  Christopher Morrell,et al.  DHT Blind Rendezvous for Session Establishment in Network Layer Moving Target Defenses , 2015, MTD@CCS.

[11]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[12]  Ehab Al-Shaer,et al.  Adversary-aware IP address randomization for proactive agility against sophisticated attackers , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[13]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[14]  Vyas Sekar,et al.  An empirical evaluation of entropy-based traffic anomaly detection , 2008, IMC '08.

[15]  Qian Ye,et al.  Network-Wide Anomaly Detection Method Based on Multiscale Principal Component Analysis , 2012 .

[16]  Monia Ghobadi,et al.  OpenTM: Traffic Matrix Estimator for OpenFlow Networks , 2010, PAM.

[17]  Idit Keidar,et al.  Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Transactions on Dependable and Secure Computing.

[18]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[19]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.