SDN-Based Double Hopping Communication against Sniffer Attack

Sniffer attack has been a severe threat to network communication security. Traditional network usually uses static network configuration, which provides convenience to sniffer attack. In this paper, an SDN-based double hopping communication (DHC) approach is proposed to solve this problem. In DHC, ends in communication packets as well as the routing paths are changed dynamically. Therefore, the traffic will be distributed to multiple flows and transmitted along different paths. Moreover, the data from multiple users will be mixed, bringing difficulty for attackers in obtaining and recovering the communication data, so that sniffer attack will be prevented effectively. It is concluded that DHC is able to increase the overhead of sniffer attack, as well as the difficulty of communication data recovery.


Introduction
Sniffer attack is a serious matter for network communication security.Sniffer attack is one of the most popular ways used by attackers, which captures and analyzes network communication data.Sniffer attackers are able to eavesdrop communication data from network nodes or links, monitor network status, and steal sensitive data such as usernames and passwords.However, the static network configurations in traditional network provide convenience for sniffer attack.For instance, static ends and route configurations make it easy for attackers to obtain and analyze communication data.
Communication encryption is a traditional approach to preventing sniffer attack.The communication data is encrypted during transmission, making it difficult for attackers to crack the information.However, there are still some limitations in practical applications.Firstly, encryption protocol should be supported by both communicating sides or communication would fail.Secondly, a large number of popular protocols, such as HTTP, FTP, Telnet, and SMTP, do not apply encryption, which causes serious security risk to communication based on these protocols.Thirdly, security flaws exist in some encryption protocols, by which attackers may crack communication data.
Collaborative changes of multiple network configurations put forward higher requirements on capabilities of networks management.Distributed control is adopted in traditional IP network, in which the routing table configuration relies on routing protocols.In this paradigm, serious consequences, such as service interruptions and routing inflation, can appear due to the changing network configuration [9].And it is hard for traditional network to change multiple network configuration collaboratively.For example, it is difficult for MPLS, a high-speed networking technique used in traditional network, to implement dynamic resources changes due to the lack of a global view and flexible resource allocation 2 Mathematical Problems in Engineering [12].Dynamic transformation of host IP configuration is attempted to be realized in traditional network in [9], but the cost is high because several new devices are introduced.So collaborative changes among multiple network configurations demand powerful management of the network.Emerging software-defined network (SDN) [13] brings new method to realize dynamic network configuration.SDN decouples the control plane and the forwarding plane (data plane) and applies logic centralized control.The powerful network management and control ability of SDN make the realization of dynamic network configuration more flexible.The programmable nature of SDN can control flowtable of forwarding devices directly and avoid service interruptions and routing inflation.The centralized control of SDN makes it possible to have a global view of network.Therefore collaborative changes of multiple network configuration can be realized.
In this paper, double hopping communication (DHC) is proposed based on SDN architecture to enhance the ability to resist sniffer attack.DHC periodically changes the end information of both communication sides as well as the routing paths between them, thus realizing double hopping of end and route.In DHC, communication data is transmitted among multiple paths and data flow from multiple users will be mixed.It is difficult for attackers to obtain complete data from one communication in DHC and moreover it sets obstacles to avoid the attackers to correctly separate data of one single user among all the data they obtain.Therefore, overhead and difficulty for attackers to obtain and analyze communication data are dramatically increased due to the disability of attackers to conduct targeted sniffing.In addition, DHC is constructed based on SDN, which is transparent to the terminals and neither extra external software nor hardware is needed.
The rest of the paper is organized as follows.In Section 2 related works are discussed.Section 3 describes the basic principles of DHC.In Section 4 we describe the basic architecture and communication protocols of DHC.Section 5 presents the prototype deployment and simulation experiment and security of DHC are analyzed in Section 6. Section 7 concludes the paper.

Related Work
Hopping communication, based on dynamic and randomness of MTD technology, is one type of active network defense methods, aimed at breaking the hypothesis of static network configuration, and can improve network security via dynamic and randomness [11,14].Currently, researchers have proposed different hopping communication techniques.Atighetchi et al. [6] proposed a hopping approach based on fake address and port.Fake addresses and ports are used during data transmission to confuse attackers.Sifalakis et al. [15] proposed one network address hopping method (NAH) based on information hiding technique.Data flow is spread across multiple end-to-end connections by network address hopping during transmission.Thus point-topoint data transmission security could be improved.In [10] a random port-hopping (RPH) scheme was proposed to defend DDoS attacks by changing the communication ports.MT6D [16], proposed by Dunlop et al., taking the advantage of address space of IPv6 and robust IP hopping strategy, is achieved.Tunnel technique is used to encapsulate the packets.Source and destination IP addresses of the tunnel are changed repeatedly, making it difficult for attackers to sniff communication traffic.The approaches described above have their own advantages.However, in all of these methods, end is hopped, while routing path stays unchanged, which makes it possible for attackers to obtain complete communication data and therefore recover communication data.Moreover, in order to realize hopping communication, deploying software on terminal and adding hardware in the network are needed, which causes high cost.
In traditional network, quick cooperative hopping is difficult in distributed route management.However, the emerging software-defined network has brought new methods to hopping communication.Based on SDN, Kampanakis et al. [5] proposed three kinds of MTD methods, including reconnaissance protection, service version/OS hiding, and random host/route mutation.Attack cost, benefits, and potential attackers' countermeasures of these three methods are analyzed, respectively, in this work.These methods involve network scanning, DDoS, and worm, but DHC focuses on sniffer attack.In the SDN architecture, a flexible as well as transparent to terminal IP hopping method, called OF-RHM [7,17], is proposed by Jafarian et al.It is true that the effectivity of sniffer attack is decreased by OF-RHM, but virtual IP should stay unchanged during one continuous communication, which enables attackers to obtain complete data of one communication from a switch.Jafarian et al. [18] proposed a technique in which hopping is implemented temporarily and spatially in order to interfere with attackers' views of the network.This hopping communication can defeat collaborative scanning attacks effectively.However, in our work, multiple network configurations are changed dynamically to enhance the dynamism of network for resisting sniffer attack.The work in [19] achieves fast IP hopping to resist scanning and worm propagation.The method discovers hazardous network ranges and addresses adaptively and evacuates network hosts from them quickly.MacFarland and Shue [20] provide a scalable moving target system to enable key security properties and maintain acceptable performance.The method distinguishes trustworthy and untrustworthy clients to provide access control for legacy clients.
There exist multiple paths between two nodes in network topology, which are used by researchers to improve communication security.An active random route mutation (RRM) method is proposed by Duan et al. [8,21] and applied in SDN environment.Routes of multiple flows in the network are changed randomly and simultaneously.However, multiple uncrossed paths between source and destination are required, which is difficult to satisfy in common network topology.In addition, no end hopping is involved in RRM method, which enables attackers to recover communication data between hosts by sniffing multiple switches.Dolev and David [22] use multiple paths between datacenters to achieve secure communication.In order to ensure the privacy, an - secret sharing method is used to encrypt communication data.The source creates  shares of its data, then sends them along multiple paths, and makes sure that no  or more shares pass the same router.Thus the method achieves theoretically secured channel to the public cloud.However, in our work, ends and route paths are changed frequently to increase the cost of attacks while obtaining and reconstructing communication data.Gillani et al. [23] migrate virtual routers among multiple paths to invalidate the network topology probe of attacks; therefore link DDoS attacks are resisted.Gkounis et al. [24] proposed a method based on SDN architecture to detect and mitigate Crossfire attack [25] by rerouting traffic via multiple paths.The two abovementioned works aim to resist link DDoS attacks, while our work, aimed at resisting sniffer attack, increases the cost of attackers through changes of ends and routing paths.

Basic Principles of DHC
In static configuration based network communication, when two hosts communicate on one connection, all the packets in communication contain information about this connection and the transmission path of the communication packets is static.These two facts provide convenience for attackers to sniff network communication.Attackers are able to obtain communication data easily from the target by sniffing network flow based on target end on transmission path.In DHC approach, both end and route are hopped based on SDN architecture.Dynamic and randomness are introduced in communication for two dimensions: end and route.For the data plane, random hopping end and route are configured by the controller in every hopping period after one connection is established.In the meantime, both end hopping and route hopping are achieved.
In DHC, ends in both communication sides hop dynamically.The data from multiple users will be mixed and end-toend traffic is hidden in network background traffic.Frequent hopping of the end brings difficulty for attackers to select and sort the sniffed packets as well as recovering the initial data.Thus the difficulty of analyzing communication data is increased.Route hopping changes routing paths of the packets dynamically, spreading the communication traffic into multiple routing paths.In this way, overhead and difficulty of sniffing are increased since continuous communication data is difficult to obtain.To sum up, double hopping of both end and route limits the communication data that attackers can obtain and set obstacles for attackers to analyze the data.

Basic Architecture of DHC
When conducting hopping communication in DHC, end and routing path that are about to hop are selected first.Then flowtables are updated according to hopping protocol.Thus end hopping space and route hopping space as well as hopping communication protocol should be taken into consideration to realize DHC.

End Hopping Space. End consists of IP address of the host and port in communication.
It is an essential element of communication between two hosts in network and it uniquely defines one communication side in network.One connection in network communication contains IP addresses and ports of both source and destination hosts.Therefore,  = (IP src ,  src , IP dst ,  dst ) is defined to represent the end of one connection.End of packets mentioned through the paper refers to this definition.In DHC, end hopping space  EH consists of hopping IP addresses and hopping ports.Given IP address pool Addr = {IP 1 , IP 2 , . . ., IP  } and hopping port pool Port = { 1 ,  2 , . . .,   }, end hopping space can be represented by Unoccupied hopping ends are randomly selected in  EH to replace the real ends in communication when the ends need hopping.

Route Hopping Space.
One routing path between source and destination hosts is a sequence that consists of forwarding nodes (i.e., OF switch).Define ℎ = ⟨ src ,  1 ,  2 , . . .,  dst ⟩, where  src connects with source host and is called source forwarding node (source switch);  dst connects with destination host and is called destination forwarding node (destination switch).Under SDN architecture, controller has the global network view.Therefore, all paths connecting source and destination hosts that satisfy certain conditions can be calculated, constituting the route hopping space.Suppose the source host  1 communicates with destination host  2 ; the corresponding route hopping space   1 →  2 RH will be calculated as follows: (1) Calculate all acyclic paths between  1 and  2 that are not longer than the maximum path length  according to the topology of network and constitute the path set ℎ  1 →  2 . ( , where (ℎ  ) represents the set of nodes that path ℎ  passes.The reason for deleting ℎ  is that no node in ℎ  can be avoided when packets pass along ℎ  , which leads to a longer path.
In order to guarantee the unpredictability of the hopping path, randomness in hopping path selection is essential.One simple method is random path selection which randomly selects one path in at the beginning of each period and takes it as the hopping path during the period.The probability of selection for each path in return ℎ  (6) else sum = new sum Algorithm 1: Weighted random path selection algorithm.
However, traffic may be forwarded unbalanced by the nodes, which means possibility of large amount of traffic forwarded by one single node exists.In this case, if attackers sniff on this specific node, large amount of communication data will be obtained easily.The reason is that paths in Fortunately, this threat can be eliminated in DHC by using weighted random path selection.
For a node, we define   1 →  2 () as the number of paths in route hopping space Suppose that, for one connection between hosts  1 and  2 , there is ℎ  ∈ . (ℎ  ) donates the node set that contains the nodes left after common nodes (e.g., source forwarding node and destination forwarding node) through which all paths in   1 →  2 RH pass are deleted.The weight of ℎ  is defined where the function Max gets the maximum value in   1 →  2 ().By using the weighting function above, lower weight is assigned to paths with nodes that more paths cross.Therefore, chances for overmuch traffic passes through one single node (except common nodes for all paths) in network due to intersection are eliminated.Weighted random path selection algorithm is shown in Algorithm 1.The probability of one path to be chosen is set as the weight for the path.The inputs of the algorithm include paths (ℎ 1 , . . ., ℎ  ) in route hopping space , corresponding weights ( 1 , . . .,   ), and a random number  ∈ [0, 1].In the algorithm, weights are accumulated for each path in steps 2 to 6.The path corresponding to the weight is returned when the sum of accumulated weights is bigger than or equal to the random number .

DHC Protocol.
In DHC, for each period  hop , one hopping end ℎ and one path from source to destination ℎ are randomly chosen.New flow entries are generated by the controller and installed in OF switches.End of packets from source host is modified to ℎ and these packets are transmitted to destination host along ℎ.Then double hopping of end and route with period  hop as granularity is realized.

Double Hopping.
The basic protocol of DHC is illustrated in Figure 1.It is a network with SDN architecture, in which host  1 communicates with  2 .Denote end hopping space as  EH and route hopping space of the communication as is generated by  1 according to the real IP address and port of two communication sides; then the address of the communication is determined.
Detailed steps of double hopping are as follows: (1) The first packet containing  is sent to the network by  1 .OF switch  1 receives the packet and encapsulates it as a packet-in message.Then the packet-in message is sent to the controller.
(  forwards the modified packets along ℎ 2 .In destination switch  5 , the end of these packets is recovered to the real end (IP 1 ,  1 , IP 2 ,  2 ).The procedure described above does not modify the real end on both hosts.Instead it modifies the end and routing path of the communication packets dynamically in network transmission.The source and destination hosts can achieve hopping communication transparently in network without interrupting the ongoing communication.Once the packets of communication between  1 and  2 enter the network, end of the packets and routing path are hopped with time.For each hopping period  hop , the hopping end and route will be reconfigured by the controller.The communication will be considered finished when the controller detects the fact that the flow entries are not hit in a hopping period via flowremoved messages sent by switches.Thus flow entries will not be updated.

Flow Entries Update.
Flow entries in OF switches need to be updated when end and route are hopped in DHC.Moreover, it should be guaranteed that the flow entries update is consistent and no packet is lost.Suppose that hopping communication is conducted in the network topology as shown in Figure 2. Assume that the end is being hopped by switch  1 currently, end changes from  to ℎ 1 , and the packets are being transmitted along path ( 1 ,  2 ,  3 ,  4 ,  5 ).At this circumstance, to hop the end of the packets from  to ℎ 2 and to hop the routing path from ( 1 ,  2 ,  3 ,  4 ,  5 ) to ( 1 ,  2 ,  6 ,  7 ,  4 ,  5 ), the steps of updating flow entries are as follows: (1) Controller sends modify-state messages to install new flow entries in switches  2 ,  6 ,  7 ,  4 ,  5 for forwarding the packets with end ℎ 2 .At this time, the new flow entries will not be hit by packets, because there are no packets in the network that contain the end ℎ 2 .
(2) Controller sends modify-state messages to modify the flow entry in switch  1 ; thus the end of packets is converted from  to ℎ 2 .
The method to update the flow entries described above can guarantee that the traffic is routed by the old flow entries during update, avoiding packets loss.In addition, traffic is routed by the updated flow entries after update, maintaining per-packet consistency.

Prototype Deployment and Simulation Experiment
5.1.Prototype Deployment.To verify the performance and security of DHC, DhcFlower, a prototype based on SDN controller is implemented.As shown in Figure 3, DhcFlower runs on the top of SDN controller which manages switches through OpenFlow.
In the prototype deployment of DHC, TopologyDiscovery reports the changes of network topology and updates view of network.FlowMonitor monitors the flow state of network to find initiation and termination of connections.Based on the view and flow state of network, DhcFlower chooses the ends and routing paths to convert network configurations.
Detailed structure of DhcFlower is shown in Figure 4. TopologyDiscovery updates topology database TopologyInfo with the changes of network topology.Using the network topology information, hopping path calculator calculates multiple paths of each pair of nodes and stores hopping path information in the hopping path pool.Hopping ends are stored in Hopping end pool.With hopping end pool and hopping path pool, double hopping engine, as the core module, chooses the hopping end and path based on flow state information.Afterwards, strategies of hopping are generated.Flow updater generates flow entries based on hopping strategies and updates the flowtables in a specific order.

Simulation Experiment.
To evaluate DHC, we have operated our implement prototype over the Mininet [26] .Open-Flow 1.0 [27] is applied and POX [28] is used as controller.A class B address block is chosen as hopping IP address pool and hopping port pool denoted as {0, 1, . . ., 65535}.Network topology proposed by [29] is applied, which has 16 nodes (forwarding nodes) as illustrated in Figure 5.The maximum path length  is set to 32.

Validation of the Effectiveness of End
Hopping.UDP packets from terminal on node 1 are sent to terminal on node 16 for 500 s.Packets are sniffed on the forwarding nodes and the number of ends received on each node is counted.The sniffing results in DHC and traditional network are shown in Figure 6.
As demonstrated in Figure 6, on some forwarding nodes in traditional network, such as nodes 4, 7, 8, and 12, only one end is able to be sniffed.However, in DHC, apart from source and destination forwarding nodes, multiple ends can be sniffed on other forwarding nodes.Due to the invariant of packets' end in traditional networks, end that is sniffed stays unchangeable, which brings convenience for attackers.Attackers can launch a targeted sniffer to any connection and obtain the complete communication data of the connection.
In DHC, end changes randomly and periodically.The ends sniffed on forwarding nodes between source and destination hosts are various.It is difficult for attackers to determine the ends from the same connection, increasing the difficulty in reconstructing the communication data.Moreover, the more frequently ends hop, the more ends will be sniffed on forwarding nodes.It can be seen in Figure 6 that more ends are sniffed when  hop = 5 s compared with  hop = 10 s.In addition, fewer ends can be sniffed on forwarding node 9 than other nodes as can be seen in the figure.The reason is that fewer paths pass through forwarding node 9 than other nodes; thus the probability of being hit by weighted random selection is lower.

Validation of the Effectiveness of Route
Hopping.In the experiment, 10 6 packets are transmitted from node 5 to node 6 with the speed of 10 4 packets per second.The hopping period  hop is set to 5 s.Packets are sniffed on the forwarding nodes and the number of packets sniffed is counted.In DHC network, random path selection and weighted random path selection are applied to conduct hopping communication.Sniffing results are compared with traditional network communication, as shown in Figure 7.
In Figure 7, the vertical coordinate stands for the fraction of all the packets transmitted from node 5 to node 6.As we can see, in traditional network, complete communication data from source host to destination host can be sniffed on some nodes (e.g., nodes 6, 11, and 12), which means that attackers can sniff complete data on any of the nodes and further data analysis is possible.Since shortest-path routing is applied in traditional network and the path stays unchanged during communication, the complete communication data  can be obtained on any node that the shortest path goes through.In DHC, packets of a connection are distributed to several paths by route hopping.It is difficult for attackers to sniff complete data on single forwarding node.Possibility for sniffing large amount of data on a certain nodes exists if random path selection is applied.As shown in Figure 7, more than 50% of the data can be sniffed on forwarding nodes 4, 8, and 12. Applying weighed random path selection can avoid excessive traffic passing through certain nodes.The reason is that lower weight is assigned to paths with nodes that more paths cross.
As illustrated in Figure 8, complete communication data can be sniffed on all sniffed node sets, 1, 2, 3, and 4, in traditional network since they all contain node 8 on the shortest path, on which complete data can be sniffed.However, in DHC, complete data cannot be obtained from node sets 1, 2, and 3 since route hopping is applied.The percentage of data sniffed on 1 and 2 is the same because traffic passes through 2 and also passes through 1.Only 4 can sniff the complete communication data in DHC.However ends of the data are diverse because of end hopping.We consider that packets with the same end are static data that attackers can obtain.The static data that attackers can obtain in hopping communication is far less than that in traditional network.

Performance of DHC.
In the experiment, bandwidth of all connections in network topology is set to 10 Mb/s.Data is transmitted from terminal on node 1 to terminal on node 16 using File Transfer Protocol (FTP).Time for data transmission in both DHC and traditional network is recorded.Results are shown in Figure 9.
As can be seen in Figure 9, time consumption of data transmission in DHC increased in comparison with traditional network.The reason is that multiple paths from source to destination are selected, including longer paths.On the contrary, the data is routed by the shortest path in traditional network.Therefore, transmission time in DHC is longer than that in traditional network.But the increase is less than 7% when  hop = 5 s in the experiment.Routing path hopping of a connection results in a small amount of disordered packets at receiving end when new period starts.Then retransmission is caused.Therefore the more frequently the entries update flow, the more likely the retransmission happens.We can also see from Figure 9 that longer time will be consumed to transmit data when  hop = 5 s compared with  hop = 10 s.

Analysis
In DHC, each hopping connection needs to occupy hopping ends in every period.In Section 6.1, the number of hopping connections that can be supported in DHC network, that is, hopping network capacity, is analyzed.DHC brings difficulty for attackers to obtain complete data and to reconstruct data.Therefore, communication security is improved.The obtaining and reconstruction of communication data are discussed in Sections 6.2 and 6.3.The unpredictability and the cost of DHC are analyzed in Sections 6.4 and 6.5, respectively.

Capacity of Hopping
Network.Suppose the sizes of hopping IP address pool and port pool are |Addr| and |Port|, respectively.The number of all the ends (IP src ,  src , IP dst ,  dst ) is |Addr| 2 × |Port| 2 , and the number of the ends is |Addr| × |Port| 2 when IP src = IP dst .According to the definition of end, valid ends require IP src ̸ = IP dst , so the size of valid end hopping space  EH can be calculated by In DHC, end hopping is performed in both directions of one connection, which means that, at any moment, one connection needs two ends.Assuming  hopping connections exist simultaneously in network, 2 ends will be needed, so | EH |−2 ends are left.To ensure high randomness in hopping end selection, enough unoccupied hopping ends in  EH are necessary.Suppose the maximum occupancy rate in end hopping space  EH is ; that is, there are at least (1 − )| EH | ends unoccupied.Then inequality (4) holds: Therefore, the maximum number of hopping connections allowed in DHC is Combining (3) and inequality (4), the following inequality can be obtained: Assume |Port| = 2 16 , |Addr| = 2 16 (hopping IP address pool is a class B address block), and  = 0.8; DHC can support 7.37 × 10 18 connections hopping simultaneously.

Analysis of Complete Communication
Proposition 1.The probability of attackers obtaining complete data in traditional network on one communication is not less than that in DHC; that is,  traditional ≥  hop .
The proof process of this proposition is shown in the Appendix.In the network topology shown in Figure 5, suppose a host on node 1 communicates with a host on node 16.The shortest path from node 1 to node 16 contains 6 nodes.Attackers can sniff  nodes randomly (1 ≤  ≤ 16).Probabilities of attackers obtaining complete data in traditional network and DHC network are shown in Figure 10.
As can be seen from Figure 10, probability of attackers obtaining complete data increases when number of sniffed nodes increases, both in traditional and DHC network.But  hop ≤  traditional always holds.Probability of attackers obtaining complete data is 1 in both traditional and DHC network when the number of sniffed nodes is more than 10.Although probability of attackers sniffing complete data increases in DHC network when large number of forwarding nodes are sniffed, attackers obtain more irrelevant data.Since end hops constantly during a communication, attackers cannot pick out the traffic that belongs to the target from the sniffed data easily, which increases the difficulty for attackers to reconstruct and recover communication data.

Analysis of Communication
As shown in (8), probability of attackers reconstructing data successfully with a single time decreases exponentially with 3), the end and route used in next period can not be predicted precisely.Under the condition of exposing DHC protocol, end hopping space, and route hopping space, DHC can still increase the cost of sniffer attackers and resist sniffer attacks.Suppose that an attacker with all the information above sniffs the DHC network for a target communication, then she will face the following difficulties in launching sniffer attack.Firstly, even though DHC protocol is transparent to the attacker, a targeted sniffer attack can not be launched thanks to the randomness of end and route hopping.Secondly, it is hard for the attacker to get complete communication data during sniffing due to periodical hopping of route.Thirdly, the attacker will get a large number of ends because of frequent end hopping, which prevents the attacker from extracting the right packets belonging to the target communication when she/he attempts to recover communication data.So the unpredictability of DHC guarantees that it can resist sniffer attack under the condition of exposing DHC protocol and network information.

Analysis of Cost.
Under traditional routing schemes, the packets are routed along the shortest path.However, in DHC network, packets may be routed along longer paths due to dynamic changing of the route.Therefore the cost of packet transmission time is higher in DHC.Let   denote length (the length of a routing path is estimated by hops) of the shortest path between source and destination,   the average length of paths in route hopping space (  ≤   ), and  hop the hopping period, then the cost of packet transmission time is shown in Table 1.Moreover, random selection of routing is periodically conducted by routing path hop of a communication, which results in a small number of disordered packets at receiving end when a new period starts, leaving no obstacles to normal communication.
Ends and routing paths will be selected in DHC when flow entries are generated, which is more complicated than that in traditional network.Therefore time cost of generating flow entries is higher in DHC.Since average path is longer in  DHC, more flow entries are installed for one communication compared with traditional network.Thus the time cost for flow entries setup is higher in DHC as well.In Figure 11, the average time cost for installing flow entries between different node pairs in topology (shown in Figure 5) of DHC and traditional network is compared.As illustrated in Figure 11, the average time for flow entries generation and setup in DHC is longer than that in traditional network.
In the network without DHC, flow entries are installed only once at the beginning of communication, while in DHC flow entries of data plane are updated periodically and hopping ends and paths have to be allocated for any connection of two communication sides, which brings more loads for the controller.In experiment topology, 50 pairs of source and destination hosts are chosen randomly and communication between any pairs is stared.The CPU utilization of DHC and traditional network is compared in Figure 12.If controller does not run DHC, the load is low because the flow entry is not periodically updated.Therefore, the CPU utilization is under 10% as shown in Figure 12.If a controller runs DHC, the load increases due to periodical updating of flow entries.It can be found in the figure that CPU utilization is much higher when controller runs DHC.When  hop = 5 s, the CPU utilization is between 20% and 40% and when  hop = 10 s the CPU utilization is between 10% and 30%.The shorter hopping period enables more controller operations.So when  hop = 5 s, CPU utilization of a controller is higher than when  hop = 10 s.Controller will be the bottleneck when DHC is used in large scale network.Fortunately, distributed SDN controller [30] is a solution to the problem.
In traditional network, flows are matched only by destination addresses.So the length of routing tables is an order of () given the network of  nodes.However, flows are matched by ends (including source/destination address and ports) in DHC, meaning that two flows must be specified for every connection (TCP or UDP) between two communication sides.Let  denote the average speed of connection establishment and let  denote the lasting time of each connection; then the mean length of flowtables is an order of () [7].Moreover, to avoid packets loss, DHC requires both old and new flow entries in flowtable simultaneously for a brief period of time, during which the cost of flowtable space increases.Therefore the cost of flowtable space is higher in DHC.

Conclusion
The centralized control and programmability of SDN make hopping communication easier to realize and deploy.In this paper, end hopping and route hopping are combined and double hopping communication based on SDN is proposed.End is changed dynamically in DHC so that the data from multiple users is mixed and communication traffic can be hidden in background traffic.So traffic cannot be distinguished easily and the difficulty for attackers to reconstruct and recover data increases.In addition, the data is transmitted along multiple paths by changing routing path dynamically.The difficulty for attackers to obtain complete communication data is increased.Results show that the approach proposed in this paper effectively enables antisniffer.Moreover, DHC is realized completely based on software and also transparent to terminals.Controller bottleneck usually occurs in large scale network of DHC.In the future work, a distributed controller model will be applied to deal with the problem and feasible communication solution of DHC will be tested in real network.

Figure 2 :
Figure 2: An example of flow entries update.

Figure 5 :Figure 6 :
Figure 5: Network topology applied in the experiment.

Figure 7 :
Figure 7: Percentage of packets sniffed from single flow.

Figure 8 :Figure 9 :
Figure 8: Percentage of data that can be sniffed by attackers.

Figure 10 :
Figure 10: Probability of obtaining complete data.
Time of flow setup in DHC Time of flow generation in DHC Time of flow setup in traditional network Time of flow generation in traditional network

Figure 11 :
Figure 11: Comparison average time cost of flow entries installation in DHC and traditional network.
IP  2 , 2 ) is selected randomly in  EH .Route hopping space   1 →  2 RH is calculated by the controller and ℎ 1 = ( 1 ,  2 ,  5 ) is chosen using weighted random path selection algorithm.With the knowledge of ℎ 1 and ℎ 1 , controller generates flow entries encapsulated as modify-state messages and sends them to OF switches  1 ,  2 , and  5 .Corresponding modification and routing of the packets are conducted.(3)Ends(IP1,1, IP 2 ,  2 ) in the packets are modified to(IP  1 ,   1 , IP  2 ,   2) by source switch  1 and the modified packets are forwarded to OF switch  2 then to destination switch  1 .) in the packets are recovered to the  and forwarded to host  2 by destination switch  5 .Then  2 receives the packets from  1 .In this communication, the hopping end is recalculated by the controller for a hopping period  hop and is represented as ℎ 2 = (IP  1 ,   1 , IP  2 ,   2 ) as shown in Figure1.A new path, denoted as ℎ 2 = ( 1 ,  3 ,  4 ,  5 ), is selected in   1 →  2 RH using weighted random path selection algorithm.Then the flow entries in OF switches are updated.Source switch  1 modifies the end in the packets sent from  1 to  2 as ℎ 2 and The packet-in message is deencapsulated by the controller and  is extracted.Then hopping end ℎ 1 = (IP  1 ,   1 , Data Obtaining by Attackers.We hypothesize that attackers can sniff part of the forwarding nodes in network randomly.Suppose network topology  = ⟨, ⟩ is an undirected connected graph, where  is a set of forwarding nodes and  is a set of links. contains  forwarding nodes and attackers can randomly sniff  of them simultaneously ( ≤ ).Sniffed node set consisting of these sniffed forwarding nodes is denoted as   sniff .  sniff ⊆  and |  sniff | = .Source host ℎ src communicates with destination host ℎ dst .Source and destination forwarding nodes are denoted as  src and  dst , respectively.Assume there are  nodes on the shortest path between ℎ src and ℎ dst (1 ≤  ≤ ), which constitute node set   .In traditional network, if   listen ∩   ̸ = ⌀, complete communication data between ℎ src and ℎ dst can be obtained by attackers.If   listen ∩   = ⌀, no communication data can be sniffed.The probability of attackers obtaining complete communication data in traditional network can be calculated by (6), where    is number of all   sniff and   − is the number of   In DHC, attackers can sniff complete data between ℎ src and ℎ dst if  src ∈   sniff or  dst ∈   sniff .The number of such   sniff is  1 2  −1 −2 +  2 2  −2 −2 .In other cases, if  src ∉   listen and  dst ∉   listen , to sniff complete data, one vertex cut-set  cut should be contained in   sniff , and  src and  dst should be cut by  cut into different connected subgraphs; that is,   sniff ⊇  cut exists, where  is cut by  cut into  connected subgraphs  1 ,  2 , . . .,   , and  src ∈   and  dst ∈   , 1 ≤ ,  ≤ , and  ̸ = , hold.Suppose there exists   src,dst sniffed node set   sniff , where   sniff contains such  cut in this case.Then the probability of attackers obtaining complete data between ℎ src and ℎ dst can be calculated by Suppose that there are  sniff flows in the sniffed data, among which  real flows contain the data of target connections ( real ≤  sniff ) and different ends are applied in different connections.There are  ℎ

Table 1 :
Comparison of packet transmission time between traditional network and DHC network.