Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks

Zhou, Y; Ni, W; Zheng, K; Liu, RP; Yang, Y

Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks

Zhou, Y Ni, W

Zheng, K Liu, RP

Yang, Y

Permalink

Publication Type:: Journal Article
Citation:: Security and Communication Networks, 2017, 2017
Issue Date:: 2017-01-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published VersionAdobe PDF (2.66 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Zhou, Y	en_US
dc.contributor.author	Ni, W https://orcid.org/0000-0002-4933-594X	en_US
dc.contributor.author	Zheng, K	en_US
dc.contributor.author	Liu, RP https://orcid.org/0000-0001-7001-6305	en_US
dc.contributor.author	Yang, Y	en_US
dc.date.issued	2017-01-01	en_US
dc.identifier.citation	Security and Communication Networks, 2017, 2017	en_US
dc.identifier.issn	1939-0114	en_US
dc.identifier.uri	http://hdl.handle.net/10453/125260
dc.description.abstract	© 2017 Yang Zhou et al. Exploiting software-defined networking techniques, randomly and instantly mutating routes can disguise strategically important infrastructure and protect the integrity of data networks. Route mutation has been to date formulated as NP-complete constraint satisfaction problem where feasible sets of routes need to be generated with exponential computational complexities, limiting algorithmic scalability to large-scale networks. In this paper, we propose a novel node-centric route mutation method which interprets route mutation as a signature matching problem. We formulate the route mutation problem as a three-dimensional earth mover's distance (EMD) model and solve it by using a binary branch and bound method. Considering the scalability, we further propose that a heuristic method yields significantly lower computational complexities with marginal loss of robustness against eavesdropping. Simulation results show that our proposed methods can effectively disguise key infrastructure by reducing the difference of historically accumulative traffic among different switches. With significantly reduced complexities, our algorithms are of particular interest to safeguard large-scale networks.	en_US
dc.relation.ispartof	Security and Communication Networks	en_US
dc.relation.isbasedon	10.1155/2017/4651395	en_US
dc.rights	info:eu-repo/semantics/openAccess
dc.title	Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks	en_US
dc.type	Journal Article
utslib.citation.volume	2017	en_US
utslib.for	0802 Computation Theory and Mathematics	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0899 Other Information and Computing Sciences	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
utslib.copyright.status	open_access	*
pubs.publication-status	Published	en_US
pubs.volume	2017	en_US

Abstract:

© 2017 Yang Zhou et al. Exploiting software-defined networking techniques, randomly and instantly mutating routes can disguise strategically important infrastructure and protect the integrity of data networks. Route mutation has been to date formulated as NP-complete constraint satisfaction problem where feasible sets of routes need to be generated with exponential computational complexities, limiting algorithmic scalability to large-scale networks. In this paper, we propose a novel node-centric route mutation method which interprets route mutation as a signature matching problem. We formulate the route mutation problem as a three-dimensional earth mover's distance (EMD) model and solve it by using a binary branch and bound method. Considering the scalability, we further propose that a heuristic method yields significantly lower computational complexities with marginal loss of robustness against eavesdropping. Simulation results show that our proposed methods can effectively disguise key infrastructure by reducing the difference of historically accumulative traffic among different switches. With significantly reduced complexities, our algorithms are of particular interest to safeguard large-scale networks.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/125260