• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Polymorphic Path Transferring for Secure Flow Delivery

Vol. 15, No. 8, August 31, 2021
10.3837/tiis.2021.08.006, Download Paper (Free):

Abstract

In most cases, the routing policy of networks shows a preference for a static one-to-one mapping of communication pairs to routing paths, which offers adversaries a great advantage to conduct thorough reconnaissance and organize an effective attack in a stress-free manner. With the evolution of network intelligence, some flexible and adaptive routing policies have already proposed to intensify the network defender to turn the situation. Routing mutation is an effective strategy that can invalidate the unvarying nature of routing information that attackers have collected from exploiting the static configuration of the network. However, three constraints execute press on routing mutation deployment in practical: insufficient route mutation space, expensive control costs, and incompatibility. To enhance the availability of route mutation, we propose an OpenFlow-based route mutation technique called Polymorphic Path Transferring (PPT), which adopts a physical and virtual path segment mixed construction technique to enlarge the routing path space for elevating the security of communication. Based on the Markov Decision Process, with considering flows distribution in the network, the PPT adopts an evolution routing path scheduling algorithm with a segment path update strategy, which relieves the press on the overhead of control and incompatibility. Our analysis demonstrates that PPT can secure data delivery in the worst network environment while countering sophisticated attacks in an evasion-free manner (e.g., advanced persistent threat). Case study and experiment results show its effectiveness in proactively defending against targeted attacks and its advantage compared with previous route mutation methods.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
R. Zhang, X. Li, Y. Zhan, "Polymorphic Path Transferring for Secure Flow Delivery," KSII Transactions on Internet and Information Systems, vol. 15, no. 8, pp. 2805-2826, 2021. DOI: 10.3837/tiis.2021.08.006.

[ACM Style]
Rongbo Zhang, Xin Li, and Yan Zhan. 2021. Polymorphic Path Transferring for Secure Flow Delivery. KSII Transactions on Internet and Information Systems, 15, 8, (2021), 2805-2826. DOI: 10.3837/tiis.2021.08.006.

[BibTeX Style]
@article{tiis:24877, title="Polymorphic Path Transferring for Secure Flow Delivery", author="Rongbo Zhang and Xin Li and Yan Zhan and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2021.08.006}, volume={15}, number={8}, year="2021", month={August}, pages={2805-2826}}