SDN-Based Double Hopping Communication against Sniffer Attack

Sniffer attack has been a severe threat to network communication security. Traditional network usually uses static network configuration, which provides convenience to sniffer attack. In this paper, an SDN-based double hopping communication (DHC) approach is proposed to solve this problem. In DHC, ends in communication packets as well as the routing paths are changed dynamically. Therefore, the traffic will be distributed to multiple flows and transmitted along different paths. Moreover, the data from multiple users will be mixed, bringing difficulty for attackers in obtaining and recovering the communication data, so that sniffer attack will be prevented effectively. It is concluded that DHC is able to increase the overhead of sniffer attack, as well as the difficulty of communication data recovery.

[1]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[2]  Didier Colle,et al.  Pan-European Optical Transport Networks: An Availability-based Comparison , 2004, Photonic Network Communications.

[3]  David Hutchison,et al.  Network address hopping: a mechanism to enhance data protection for packet communications , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[4]  Idit Keidar,et al.  Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Trans. Dependable Secur. Comput..

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[7]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[8]  Ehab Al-Shaer,et al.  Toward Network Configuration Randomization for Moving Target Defense , 2011, Moving Target Defense.

[9]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[10]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[11]  Ehab Al-Shaer,et al.  Random Host Mutation for Moving Target Defense , 2012, SecureComm.

[12]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[13]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[14]  Srikanth Kandula,et al.  Achieving high utilization with software-driven WAN , 2013, SIGCOMM.

[15]  HaoFang,et al.  Towards an elastic distributed SDN controller , 2013 .

[16]  Keith Kirkpatrick,et al.  Software-defined networking , 2013, CACM.

[17]  Ehab Al-Shaer,et al.  Formal Approach for Route Agility against Persistent Attackers , 2013, ESORICS.

[18]  Fang Hao,et al.  Towards an elastic distributed SDN controller , 2013, HotSDN '13.

[19]  Shlomi Dolev,et al.  SDN-Based Private Interconnection , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[20]  Fei Li,et al.  A moving target DDoS defense mechanism , 2014, Comput. Commun..

[21]  Ehab Al-Shaer,et al.  Spatio-temporal Address Mutation for Proactive Cyber Agility against Sophisticated Attackers , 2014, MTD '14.

[22]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[23]  Xenofontas A. Dimitropoulos,et al.  Towards Defeating the Crossfire Attack using SDN , 2014, ArXiv.

[24]  Richard Ford,et al.  Moving-Target Defenses for Computer Networks , 2014, IEEE Security & Privacy.

[25]  Ehab Al-Shaer,et al.  An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[26]  Craig A. Shue,et al.  The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking , 2015, MTD@CCS.

[27]  Ehab Al-Shaer,et al.  Adversary-aware IP address randomization for proactive agility against sophisticated attackers , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[28]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[29]  Achyut Sakadasariya,et al.  Software defined network: Future of networking , 2018, 2018 2nd International Conference on Inventive Systems and Control (ICISC).