Exploiting softwaredefined networking techniques, randomly and instantly mutating routes can disguise strategically important infrastructure and protect the integrity of data networks. Route mutation has been to date formulated as NPcomplete constraint satisfaction problem where feasible sets of routes need to be generated with exponential computational complexities, limiting algorithmic scalability to largescale networks. In this paper, we propose a novel nodecentric route mutation method which interprets route mutation as a signature matching problem. We formulate the route mutation problem as a threedimensional earth mover’s distance (EMD) model and solve it by using a binary branch and bound method. Considering the scalability, we further propose that a heuristic method yields significantly lower computational complexities with marginal loss of robustness against eavesdropping. Simulation results show that our proposed methods can effectively disguise key infrastructure by reducing the difference of historically accumulative traffic among different switches. With significantly reduced complexities, our algorithms are of particular interest to safeguard largescale networks.
Instantly mutating route is a promising technique to provide the integrity of large data networks [
In general, route mutation is NPcomplete constrained path selection in the presence of qualityofservice (QoS) consideration [
In this paper, we propose new nodecentric route mutation methods which are able to effectively change routes of flows at substantially reduced complexities. The key idea is that we propose interpreting route mutation as a signature matching problem and developing a threedimensional earth mover’s distance (EMD) model with network connectivity and QoS constraints to suppress the traffic difference among switches. Another important aspect of our algorithm is that we solve the new nodecentric problem as a threedimensional transportation problem and develop suboptimal algorithms with polynomial timecomplexities. Simulation results show that our algorithms are able to suppress the traffic difference among strategically important switches and also achieve fast convergence with substantially reduced complexities.
The rest of paper is organized as follows. Section
In [
More efforts have been spent demonstrating the concept of route mutations. Route mutation was first implemented under IPv6, referred to as “Moving Target IPv6 Defense (MT6D),” by continually rotating the IPv6 addresses between the senders and recipients [
Figure
An illustration of SDN topology.
Each of the switches is also connected to endhosts which generate routing requests through the switch to the SDN controller. An endhost can request sending traffic flows to any other endhost. Each traffic flow is assumed to be randomly generated and last for a certain period of time. Without loss of generality, we assume that there are at most
Consider a practical network with hundreds of switches and nontrivial topologies (as opposed to fully connected complete graphs). Some of the switches have more connections than the others. These switches are strategically located and handle more traffic than other switches. In the example of Figure
The topology of the network can be described by an undirected graph
Reconnaissance attacks [
In this section, we propose mutating routes on a node basis to leverage between the robustness against reconnaissance attacks and the computational complexity. Particularly, routing requests from endhosts are responded to independently from one another using classical routing techniques, such as OSPF [
Given the routes, we propose that the SDN controller identifies historically heavily loaded nodes with high exposure risks and detours their traffic flows via other historically lightly loaded nodes. A node is identified to be historically heavily or lightly loaded, based on the accumulative traffic of the node. By this means, the strategically located nodes can be disguised and protected, delaying or even preventing potential attacks.
The detours bypassing a historically heavily loaded node can be multihop. Figure
Illustrations of multihop detours around a strategically located node, say node
We also propose interpreting the route mutation as a signature matching problem. The accumulative traffic loads of the nodes are visualized as a signature, and routes are mutated to conform the signature to the one with even loads across all the nodes. Widely used to measure the difference of two images [
The proposed route mutation is able to substantially reduce the computationally complexity. Assume that the detours are limited to two hops. The worstcase complexity is
First consider delaytolerant traffic. The total number of current traffic flows is
The proposed route mutation redirects the
An illustration of the proposed application of signature matching to route mutation, where
Historically accumulative traffic volumes of nodes when Algorithm
Historically accumulative traffic volumes of nodes before Algorithm
Historically accumulative traffic volumes of nodes after Algorithm
(
(
(
(
(
(
(
(
(
(
(
(
(
The EMD can be defined to quantify the difference between the two signatures, as given by
Here,
Our EMD has a different form to the conventional definition for image processing applications [
Predicted before a round of mutation,
Given
Here, constraint (
Given
A bisection method can be taken to recursively search for the minimum feasible value of
Algorithm
The majority of the complexity in Algorithm
Algorithm
The finite bandwidth of switches can also be considered in the proposed algorithm. We can incorporate a new constraint of the bandwidth of each link into a nodecentric optimization problem, as shown as follows:
In practice, the maximum number of flow entries on an SDN switch is limited by the physical resources of the switch, such as CAM and SRAM. We can add constraint (
Given
(
(
(
(
(
(
As described in Section
In this section, we propose a simplified version of Algorithms
First consider delaytolerant traffic. We begin with optimizing the total traffic
Given
We start by offloading the traffic flows of the node with
Algorithm
(
(
(
(
(
(
(
(
(
(
(
(
(
(
The major complexity of Algorithm
Proceed with delay sensitive traffic, where the route lengths of traffic flows are strictly bounded. Algorithm
To be specific, we can attach (
The extension is summarized in Algorithm
(
(
(
(
(
(
(
(
(
(
(
In this section, simulations are carried out to evaluate the proposed algorithms. We generate different random
We assume that adversaries can identify strategically important nodes by monitoring historically accumulative traffic of the nodes. Dynamic eavesdropping or interception is considered where, after every interval of monitoring, the eavesdropper acquires network information and updates the identification of targets accordingly. Under this eavesdropping model, we consider different numbers of nodes that the eavesdroppers can identify and the upper bound of traffic difference that eavesdroppers use to identify strategically important nodes. The upper bound reflects the eavesdropping capability and therefore is referred to as “node interception probability.” We also consider different time intervals for the eavesdroppings.
The performance of the algorithms are measured by two metrics.
Results of four algorithms that we proposed, with and without QoS constraints. The networks are all generated as 6regular graph with 50 nodes. The probability of initiating requests is 10%. There are 5000 instants and 50 rounds of iterations.
Figure
Results of Algorithms
Table
Average computational time for different algorithms.
Algorithms 

Computational time (s) 

Algorithm 

0.4870 
Algorithm 
3  0.5370 
Algorithm 
2  0.2826 
Algorithm 
1  0.1132 


Algorithm 

0.0775 
Algorithm 
3  0.1048 
Algorithm 
2  0.0218 
Algorithm 
1  0.0190 


RRMO  1  0.0363 
RRMR  3  0.2379 
RRMR  2  0.0518 
RRMR  1  0.0131 
As mentioned in Section
The CDFs of the probabilities of traffic that do not pass through any node which is monitored or eavesdropped. The difference of traffic to identify strategically located nodes is 0.01. The interval of monitoring or eavesdropping is 10.
Figure
Results of Algorithms
Figure
Results of Algorithms
Results of Algorithms
Figure
Computational time of algorithms that have QoS constraints limitation. The upper bound of QoS constraints is one hop. The probability of nodes to request routes is 20%.
In this paper, we propose a nodecentric route mutation method which interprets route mutation as a signature matching problem. A threedimensional EMD model is formulated to match signatures. By this means, routes are mutated by increasingly taking detours, balancing historically accumulated traffic among switches. Heuristic approaches are also developed to significantly reduce the computational complexities of signature matching, enhancing the scalability of route mutation to defend largescale SDNs. Simulation results show that our methods can disguise strategically located, important switches and increase the difficulties for eavesdroppers to identify the switches, thereby delaying or preventing malicious attacks. Significantly reduced complexities also indicate the suitability of our algorithms to largescale networks.
The authors declare that there are no conflicts of interest regarding the publication of this paper.
This research was supported by the National Key R&D Program of China (2017YFB0802703) and the National Natural Science Foundation of China (61602052).