Multi-Constraint and Multi-Policy Path Hopping Active Defense Method Based on SDN-Reference-Cited by-同舟云学术

Multi-Constraint and Multi-Policy Path Hopping Active Defense Method Based on SDN

Published:2024-04-22 Issue:4 Volume:16 Page:143
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Zhang Bing¹²³,Li Hui¹²³,Zhang Shuai²⁴⁵,Sun Jing¹²³,Wei Ning²³⁵,Xu Wenhong¹²³,Wang Huan¹²³^ORCID

Affiliation:

1. School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China

2. Liuzhou Key Laboratory of Big Data Intelligent Processing and Security, Liuzhou 545006, China

3. Cybersecurity Monitoring Center for Guangxi Education System, Liuzhou 545006, China

4. School of Science, Guangxi University of Science and Technology, Liuzhou 545006, China

5. School of Automotive and Information Engineering, Guangxi Eco-Engineering Vocational and Technical College, Liuzhou 545004, China

Abstract

Path hopping serves as an active defense mechanism in network security, yet it encounters challenges like a restricted path switching space, the recurrent use of similar paths and vital nodes, a singular triggering mechanism for path switching, and fixed hopping intervals. This paper introduces an active defense method employing multiple constraints and strategies for path hopping. A depth-first search (DFS) traversal is utilized to compute all possible paths between nodes, thereby broadening the path switching space while simplifying path generation complexity. Subsequently, constraints are imposed on residual bandwidth, selection periods, path similitude, and critical nodes to reduce the likelihood of reusing similar paths and crucial nodes. Moreover, two path switching strategies are formulated based on the weights of residual bandwidth and critical nodes, along with the calculation of path switching periods. This facilitates adaptive switching of path hopping paths and intervals, contingent on the network’s residual bandwidth threshold, in response to diverse attack scenarios. Simulation outcomes illustrate that this method, while maintaining normal communication performance, expands the path switching space effectively, safeguards against eavesdropping and link-flooding attacks, enhances path switching diversity and unpredictability, and fortifies the network’s resilience against malicious attacks.

Funder

National Natural Science Foundation of China

Natural Science Foundation of Guangxi Province of China

Guangxi Education Department Program

Doctoral Fund of Guangxi University of Science and Technology

Innovation Project of Guangxi Graduate Education

Publisher

MDPI AG

Link

https://www.mdpi.com/1999-5903/16/4/143/pdf

Reference24 articles.

1. Pratyusa, K., and Wing, J.M. (2011). Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, Springer.

2. Hu, R. (2022). Study on Key Technologies of Network Layer Mobile Target Defense Based on SDN. [Ph.D Thesis, School of Cryptographic Engineering, Strategic Support Force Information Engineering University].

3. Dolev, S., and David, S.T. (2014, January 21–23). SDN-based private interconnection. Proceedings of the 2014 IEEE 13th International Symposium on Network Computing and Applications, Cambridge, MA, USA.

4. Duan, Q., Al-Shaer, E., and Jafarian, H. (2013, January 14–16). Efficient random route mutation considering flow and network constraints. Proceedings of the 2013 IEEE Conference on Communications and Network Security (CNS), National Harbor, MD, USA.

5. Jafarian, J.H., Al-Shaer, E., and Duan, Q. (2013, January 9–13). Formal approach for route agility against persistent attackers. Proceedings of the 18th European Symposium on Research in Computer Security, Egham, UK.