Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis

Journal Article · · Journal of Defense Modeling and Simulation
 [1];  [1];  [2];  [2];  [2]
  1. Cyber Defense and Network Assurability Center, College of Computing and Informatics, University of North Carolina Charlotte, USA
  2. Pacific Northwest National Laboratory, USA
+ Show Author Affiliations
The Infrastructure Distributed Denial of Service (IDDoS) attacks continue to be one of the most devastating challenges facing cyber systems. The new generation of IDDoS attacks exploit the inherent weakness of cyber infrastructure including deterministic nature of routes, skew distribution of flows, and Internet ossification to discover the network critical links and launch highly stealthy flooding attacks that are not observable at the victim end. In this paper, first, we propose a new metric to quantitatively measure the potential susceptibility of any arbitrary target server or domain to stealthy IDDoS attacks, and es- timate the impact of such susceptibility on enterprises. Second, we develop a proactive route mutation technique to minimize the susceptibility to these attacks by dynamically changing the flow paths periodically to invalidate the adversary knowledge about the network and avoid targeted critical links. Our proposed approach actively changes these network paths while satisfying security and qualify of service requirements. We present an integrated approach of proactive route mutation that combines both infrastructure-based mutation that is based on reconfiguration of switches and routers, and middle-box approach that uses an overlay of end-point proxies to construct a virtual network path free of critical links to reach a destination. We implemented the proactive path mutation technique on a Software Defined Network using the OpendDaylight controller to demonstrate a feasible deployment of this approach. Our evaluation validates the correctness, effectiveness, and scalability of the proposed approaches.
Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
OSTI ID:
1433769
Report Number(s):
PNNL-SA-128859
Journal Information:
Journal of Defense Modeling and Simulation, Journal Name: Journal of Defense Modeling and Simulation Journal Issue: 2 Vol. 15; ISSN 1548-5129
Publisher:
Society for Modeling and Simulation International
Country of Publication:
United States
Language:
English

References (5)

A note on two problems in connexion with graphs journal December 1959
SecMR – a secure multipath routing protocol for ad hoc networks journal January 2007
A framework for reliable routing in mobile ad hoc networks
  • Ye, Z.; Krishnamurthy, S. V.; Tripathi, S. K.
  • IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428) https://doi.org/10.1109/INFCOM.2003.1208679
conference January 2003
A Computing Procedure for Quantification Theory journal July 1960
Formal Approach for Route Agility against Persistent Attackers book January 2013

Similar Records

Formal Approach For Resilient Reachability based on End-System Route Agility
Conference · Tue Dec 27 23:00:00 EST 2016 · OSTI ID:1331744
Distributed Denial-of-Service Characterization
Technical Report · Sun Jun 01 00:00:00 EDT 2003 · OSTI ID:820887
Quantifying the Spectrum of Denial-of-Service Attacks through Internet Backscatter
Journal Article · Sat Dec 31 23:00:00 EST 2016 · OSTI ID:1544376

Related Subjects

ARC