Abstract
A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem (SAP), the reconfiguration of a network topology for enhanced security, and we show how to compute the optimal solution for small-sized networks and the near-optimal solution for large-sized networks using a heuristic method. In addition, we propose a shuffle-based online MTD mechanism, which periodically reconfigures the network topology to continuously change the attack surface. This mechanism also selects an optimal countermeasure using our proposed topological distance metric in real-time when an attack is detected. We demonstrate the feasibility and the effectiveness of our proposed solutions through experimental analysis on an SDN testbed and simulations.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017 |
| Place of Publication | USA |
| Publisher | IEEE, Institute of Electrical and Electronics Engineers |
| Pages | 234-243 |
| Number of pages | 10 |
| Volume | 2017-September |
| ISBN (Electronic) | 9781538616796 |
| DOIs | |
| Publication status | Published - 13 Oct 2017 |
| Externally published | Yes |
| Event | 36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017 - Hong Kong, Hong Kong Duration: 26 Sept 2017 → 29 Sept 2017 |
Conference
| Conference | 36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017 |
|---|---|
| Country/Territory | Hong Kong |
| City | Hong Kong |
| Period | 26/09/17 → 29/09/17 |