|
|
SCEMA : an SDN-oriented cost-effective edge-based MTD approach |
|---|---|
| Author: | Javadpour, Amir1; Ja’fari, Forough2; Taleb, Tarik3,4; |
| Organizations: |
1Faculty of Information Technology and Electrical Engineering, University of Oulu, Oulu, Finland 2Department of Computer Engineering, Sharif University of Technology, Tehran, Iran 3Faculty of Information Technology and Electrical Engineering, Oulu University, Oulu, Finland
4Department of Computer and Information Security, Sejong University, Seoul, South Korea
55GIC & 6GIC, Institute for Communication Systems (ICS), University of Surrey, Guildford, U.K. 6School of Computer and Information Engineering, Chuzhou University, Chuzhou, China 7MOSA!C Laboratory, Espoo, Finland |
| Format: | article |
| Version: | published version |
| Access: | open |
| Online Access: | PDF Full Text (PDF, 2.8 MB) |
| Persistent link: | http://urn.fi/urn:nbn:fi-fe2023051143537 |
| Language: | English |
| Published: |
Institute of Electrical and Electronics Engineers,
2022
|
| Publish Date: | 2023-05-11 |
| Description: |
AbstractProtecting large-scale networks, especially Software-Defined Networks (SDNs), against distributed attacks in a cost-effective manner plays a prominent role in cybersecurity. One of the pervasive approaches to plug security holes and prevent vulnerabilities from being exploited is Moving Target Defense (MTD), which can be efficiently implemented in SDN as it needs comprehensive and proactive network monitoring. The critical key in MTD is to shuffle the least number of hosts with an acceptable security impact and keep the shuffling frequency low. In this paper, we have proposed an SDN-oriented Cost-effective Edge-based MTD Approach (SCEMA) to mitigate Distributed Denial of Service (DDoS) attacks at a lower cost by shuffling an optimized set of hosts that have the highest number of connections to the critical servers. These connections are named edges from a graph-theoretical point of view. We have proposed a three-layer mathematical model for the network that can easily calculate the attack cost. We have also designed a system based on SCEMA and simulated it in Mininet. The results show that SCEMA has lower complexity than the previous related MTD field with acceptable performance. see all
|
| Series: |
IEEE transactions on information forensics and security |
| ISSN: | 1556-6013 |
| ISSN-E: | 1556-6021 |
| ISSN-L: | 1556-6013 |
| Volume: | 18 |
| Pages: | 667 - 682 |
| DOI: | 10.1109/TIFS.2022.3220939 |
| OADOI: | https://oadoi.org/10.1109/TIFS.2022.3220939 |
| Type of Publication: |
A1 Journal article – refereed |
| Field of Science: |
213 Electronic, automation and communications engineering, electronics |
| Subjects: | |
| Funding: |
This work was supported in part by the European Union’s Horizon 2020 Research and Innovation Program through the Inspire5GPlus Project under Agreement 871808, in part by the Academy of Finland 6Genesis Project under Grant 318927, and in part by the Academy of Finland IDEA-MILL Project under Grant 352428. |
| EU Grant Number: |
(871808) INSPIRE-5Gplus - INtelligent Security and PervasIve tRust for 5G and Beyond |
| Academy of Finland Grant Number: |
318927 352428 |
| Detailed Information: |
318927 (Academy of Finland Funding decision) 352428 (Academy of Finland Funding decision) |
| Copyright information: |
© The Author(s) 2022. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/. |
|
https://creativecommons.org/licenses/by/4.0/ |