Dynamic Attack-Resilient Routing in Software Defined Networks

Abstract

The scale of connected devices in the modern communication network and its heterogeneous nature have made securing the network more challenging. However, with the advent of software defined networking (SDN), the algorithmic complexity is handled at a centralized control plane and the network elements perform only data forwarding based on control plane decisions. This enables researchers to design innovative security protocols at the control plane to dynamically defend against attacks. In this paper, we propose a dynamic attack-resilient routing (ARR) approach and develop an optimization formulation for fragmented multipath routing taking reliability and load into consideration for SDN-enabled networks. Though erasure encoding has been well studied for resilient data storage, it is rarely mentioned in the context of network routing owing to its complexity, redundancy, and difficulty of satisfying practical routing constraints. In this paper, we dynamically determine the optimal route for erasure-encoded fragments of the data, in terms of attack resilience, under the constraint on allowable encoding redundancy. Since the ARR algorithm is computationally prohibitive for larger networks, we develop a heuristic solution for the same using a multipath-tree. The proposed algorithm dynamically routes the data fragments along a set of reliable and lightly loaded paths to achieve multipath diversity and thereby improve data availability at the destination even in the presence of attacks. We demonstrate the effectiveness of our proposed approach in terms of weighted path reliability, resilience, and blocking performance through simulations.