Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks

To proactively defend against intruders from readily jeopardizing single-path data sessions, we propose a distributed secure multipath solution to route data across multiple paths so that intruders require much more resources to mount successful attacks. Our work exhibits several important properties that include: (1) routing decisions are made locally by network nodes without the centralized information of the entire network topology; (2) routing decisions minimize throughput loss under a single-link attack with respect to different session models; and (3) routing decisions address multiple link attacks via lexicographic optimization. We devise two algorithms termed the Bound-Control algorithm and the Lex-Control algorithm, both of which provide provably optimal solutions. Experiments show that the Bound-Control algorithm is more effective to prevent the worst-case single-link attack when compared to the single-path approach, and that the Lex-Control algorithm further enhances the Bound-Control algorithm by countering severe single-link attacks and various types of multi-link attacks. Moreover, the Lex-Control algorithm offers prominent protection after only a few execution rounds, implying that we can sacrifice minimal routing protection for significantly improved algorithm performance. Finally, we examine the applicability of our proposed algorithms in a specialized defensive network architecture called the attack-resistant network and analyze how the algorithms address resiliency and security in different network settings.

[1]  Chen-Nee Chuah,et al.  Proactive vs reactive approaches to failure resilient routing , 2004, IEEE INFOCOM 2004.

[2]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .

[3]  R. Ahuja Algorithms for the minimax transportation problem , 1986 .

[4]  Deborah Estrin,et al.  Highly-resilient, energy-efficient multipath routing in wireless sensor networks , 2001, MOCO.

[5]  Ravindra K. Ahuja,et al.  Network Flows: Theory, Algorithms, and Applications , 1993 .

[6]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[7]  Hayder Radha,et al.  End-to-end Internet video traffic dynamics: statistical study and analysis , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[8]  Michael Mitzenmacher,et al.  Accessing multiple mirror sites in parallel: using Tornado codes to speed up downloads , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[9]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[10]  Kang G. Shin,et al.  On Load Balancing in Multicomputer/Distributed Systems Equipped with Circuit or Cut-Through Switching Capability , 2000, IEEE Trans. Computers.

[11]  Arobinda Gupta,et al.  A self-stabilizing algorithm for the maximum flow problem , 1997, Distributed Computing.

[12]  Gary Scott Malkin,et al.  RIP Version 2 , 1998, RFC.

[13]  Andrew V. Goldberg,et al.  A new approach to the maximum flow problem , 1986, STOC '86.

[14]  Vishal Misra,et al.  Distributed algorithms for secure multipath routing , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[15]  Zoltan Papp,et al.  Probabilistic reliability engineering , 1995 .

[16]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[17]  Tian Bu,et al.  Trading resiliency for security: model and algorithms , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[18]  Ibrahim Matta,et al.  BRITE: an approach to universal topology generation , 2001, MASCOTS 2001, Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[19]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[20]  Angelos D. Keromytis,et al.  Countering DoS attacks with stateless multipath overlays , 2005, CCS '05.

[21]  Symeon Papavassiliou,et al.  Improving network security by multipath traffic dispersion , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[22]  Vishal Misra,et al.  Distributed algorithms for secure multipath routing in attack-resistant networks , 2007, IEEE/ACM Trans. Netw..

[23]  Yuguang Fang,et al.  SPREAD: enhancing data confidentiality in mobile ad hoc networks , 2004, IEEE INFOCOM 2004.

[24]  Joao P. Hespanha,et al.  Preliminary results in routing games , 2001, Proceedings of the 2001 American Control Conference. (Cat. No.01CH37148).

[25]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[26]  Viktor K. Prasanna,et al.  Distributed adaptive task allocation in heterogeneous computing environments to maximize throughput , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[27]  Robert E. Tarjan,et al.  A Fast Parametric Maximum Flow Algorithm and Applications , 1989, SIAM J. Comput..

[28]  David Thaler,et al.  Multipath Issues in Unicast and Multicast Next-Hop Selection , 2000, RFC.

[29]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[30]  Dispersity Routing,et al.  Dispersity Routing , .

[31]  Leonidas Georgiadis,et al.  Lexicographically optimal balanced networks , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[32]  Douglas R. Shier,et al.  Minimax Models for Diverse Routing , 2002, INFORMS J. Comput..

[33]  João Pedro Hespanha,et al.  Enhancing security via stochastic routing , 2002, Proceedings. Eleventh International Conference on Computer Communications and Networks.

[34]  Wenliang Du,et al.  Testing for software vulnerability using environment perturbation , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[35]  Ariel Orda,et al.  The Power of Tuning: A Novel Approach for the Efficient Design of Survivable Networks , 2004, IEEE/ACM Transactions on Networking.