Formal Approach For Resilient Reachability based on End-System Route Agility
The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable links (critical) to plan a devastating and stealthy attack. Recently, route mutation approaches have been proposed to address such issues. However, these approaches incur significantly high overhead and depend upon the availability of disjoint routes in the network, which inherently limit their use for mission critical services. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to increase resiliency of the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1331744
- Report Number(s):
- PNNL-SA-121212
- Resource Relation:
- Conference: Third ACM Workshop on Moving Target Defense (MTD 2016), October 24-28, 2016, Vienna, Austria, 117-127
- Country of Publication:
- United States
- Language:
- English
Similar Records
TCPL: A Defense against wormhole attacks in wireless sensor networks
P2P-based botnets: structural analysis, monitoring, and mitigation