skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis

Journal Article · · Journal of Defense Modeling and Simulation
 [1];  [1];  [2];  [2];  [2]
  1. Cyber Defense and Network Assurability Center, College of Computing and Informatics, University of North Carolina Charlotte, USA
  2. Pacific Northwest National Laboratory, USA
+ Show Author Affiliations

The Infrastructure Distributed Denial of Service (IDDoS) attacks continue to be one of the most devastating challenges facing cyber systems. The new generation of IDDoS attacks exploit the inherent weakness of cyber infrastructure including deterministic nature of routes, skew distribution of flows, and Internet ossification to discover the network critical links and launch highly stealthy flooding attacks that are not observable at the victim end. In this paper, first, we propose a new metric to quantitatively measure the potential susceptibility of any arbitrary target server or domain to stealthy IDDoS attacks, and es- timate the impact of such susceptibility on enterprises. Second, we develop a proactive route mutation technique to minimize the susceptibility to these attacks by dynamically changing the flow paths periodically to invalidate the adversary knowledge about the network and avoid targeted critical links. Our proposed approach actively changes these network paths while satisfying security and qualify of service requirements. We present an integrated approach of proactive route mutation that combines both infrastructure-based mutation that is based on reconfiguration of switches and routers, and middle-box approach that uses an overlay of end-point proxies to construct a virtual network path free of critical links to reach a destination. We implemented the proactive path mutation technique on a Software Defined Network using the OpendDaylight controller to demonstrate a feasible deployment of this approach. Our evaluation validates the correctness, effectiveness, and scalability of the proposed approaches.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
OSTI ID:
1433769
Report Number(s):
PNNL-SA-128859
Journal Information:
Journal of Defense Modeling and Simulation, Vol. 15, Issue 2; ISSN 1548-5129
Publisher:
Society for Modeling and Simulation International
Country of Publication:
United States
Language:
English

References (5)

A Computing Procedure for Quantification Theory journal July 1960
A note on two problems in connexion with graphs journal December 1959
A framework for reliable routing in mobile ad hoc networks
  • Ye, Z.; Krishnamurthy, S. V.; Tripathi, S. K.
  • IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428) https://doi.org/10.1109/INFCOM.2003.1208679
conference January 2003
SecMR – a secure multipath routing protocol for ad hoc networks journal January 2007
Formal Approach for Route Agility against Persistent Attackers book January 2013

Similar Records

Related Subjects

ARC