Optimal network reconfiguration for software defined networks using shuffle-based online MTD

Jin Bum Hong, Seunghyun Yoon, Hyuk Lim, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

3 Citations (Scopus)

Abstract

A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem (SAP), the reconfiguration of a network topology for enhanced security, and we show how to compute the optimal solution for small-sized networks and the near-optimal solution for large-sized networks using a heuristic method. In addition, we propose a shuffle-based online MTD mechanism, which periodically reconfigures the network topology to continuously change the attack surface. This mechanism also selects an optimal countermeasure using our proposed topological distance metric in real-time when an attack is detected. We demonstrate the feasibility and the effectiveness of our proposed solutions through experimental analysis on an SDN testbed and simulations.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages234-243
Number of pages10
Volume2017-September
ISBN (Electronic)9781538616796
DOIs
Publication statusPublished - 13 Oct 2017
Externally publishedYes
Event36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017 - Hong Kong, Hong Kong
Duration: 26 Sep 201729 Sep 2017

Conference

Conference36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017
CountryHong Kong
CityHong Kong
Period26/09/1729/09/17

Fingerprint

Shuffle
Moving Target
Reconfiguration
Topology
Software
Network Topology
Heuristic methods
Testbeds
Attack
Optimal Solution
Distance Metric
Experimental Analysis
Heuristic Method
Countermeasures
Assignment Problem
Testbed
Real-time
Configuration
Demonstrate

Cite this

Hong, J. B., Yoon, S., Lim, H., & Kim, D. S. (2017). Optimal network reconfiguration for software defined networks using shuffle-based online MTD. In Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017 (Vol. 2017-September, pp. 234-243). [8069086] USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/SRDS.2017.32
Hong, Jin Bum ; Yoon, Seunghyun ; Lim, Hyuk ; Kim, Dong Seong. / Optimal network reconfiguration for software defined networks using shuffle-based online MTD. Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. Vol. 2017-September USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 234-243
@inproceedings{f4b264ebab9f47f5a1133a56cf7489f8,
title = "Optimal network reconfiguration for software defined networks using shuffle-based online MTD",
abstract = "A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem (SAP), the reconfiguration of a network topology for enhanced security, and we show how to compute the optimal solution for small-sized networks and the near-optimal solution for large-sized networks using a heuristic method. In addition, we propose a shuffle-based online MTD mechanism, which periodically reconfigures the network topology to continuously change the attack surface. This mechanism also selects an optimal countermeasure using our proposed topological distance metric in real-time when an attack is detected. We demonstrate the feasibility and the effectiveness of our proposed solutions through experimental analysis on an SDN testbed and simulations.",
keywords = "Diversity, Mitigation technique, Moving target defense, Security model, Shuffle",
author = "Hong, {Jin Bum} and Seunghyun Yoon and Hyuk Lim and Kim, {Dong Seong}",
year = "2017",
month = "10",
day = "13",
doi = "10.1109/SRDS.2017.32",
language = "English",
volume = "2017-September",
pages = "234--243",
booktitle = "Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States",

}

Hong, JB, Yoon, S, Lim, H & Kim, DS 2017, Optimal network reconfiguration for software defined networks using shuffle-based online MTD. in Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. vol. 2017-September, 8069086, IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 234-243, 36th IEEE International Symposium on Reliable Distributed Systems, SRDS 2017, Hong Kong, Hong Kong, 26/09/17. https://doi.org/10.1109/SRDS.2017.32

Optimal network reconfiguration for software defined networks using shuffle-based online MTD. / Hong, Jin Bum; Yoon, Seunghyun; Lim, Hyuk; Kim, Dong Seong.

Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. Vol. 2017-September USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 234-243 8069086.

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Optimal network reconfiguration for software defined networks using shuffle-based online MTD

AU - Hong, Jin Bum

AU - Yoon, Seunghyun

AU - Lim, Hyuk

AU - Kim, Dong Seong

PY - 2017/10/13

Y1 - 2017/10/13

N2 - A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem (SAP), the reconfiguration of a network topology for enhanced security, and we show how to compute the optimal solution for small-sized networks and the near-optimal solution for large-sized networks using a heuristic method. In addition, we propose a shuffle-based online MTD mechanism, which periodically reconfigures the network topology to continuously change the attack surface. This mechanism also selects an optimal countermeasure using our proposed topological distance metric in real-time when an attack is detected. We demonstrate the feasibility and the effectiveness of our proposed solutions through experimental analysis on an SDN testbed and simulations.

AB - A Software Defined Network (SDN) provides functionalities for modifying network configurations. To enhance security, Moving Target Defense (MTD) techniques are deployed in the networks to continuously change the attack surface. In this paper, we realize an MTD system by exploiting the SDN functionality to optimally reconfigure the network topology. We introduce a novel problem Shuffle Assignment Problem (SAP), the reconfiguration of a network topology for enhanced security, and we show how to compute the optimal solution for small-sized networks and the near-optimal solution for large-sized networks using a heuristic method. In addition, we propose a shuffle-based online MTD mechanism, which periodically reconfigures the network topology to continuously change the attack surface. This mechanism also selects an optimal countermeasure using our proposed topological distance metric in real-time when an attack is detected. We demonstrate the feasibility and the effectiveness of our proposed solutions through experimental analysis on an SDN testbed and simulations.

KW - Diversity

KW - Mitigation technique

KW - Moving target defense

KW - Security model

KW - Shuffle

UR - http://www.scopus.com/inward/record.url?scp=85038073156&partnerID=8YFLogxK

U2 - 10.1109/SRDS.2017.32

DO - 10.1109/SRDS.2017.32

M3 - Conference paper

VL - 2017-September

SP - 234

EP - 243

BT - Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - USA

ER -

Hong JB, Yoon S, Lim H, Kim DS. Optimal network reconfiguration for software defined networks using shuffle-based online MTD. In Proceedings - 2017 IEEE 36th International Symposium on Reliable Distributed Systems, SRDS 2017. Vol. 2017-September. USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 234-243. 8069086 https://doi.org/10.1109/SRDS.2017.32