Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 4651395, 13 pages
https://doi.org/10.1155/2017/4651395
Research Article

Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks

1School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
2CSIRO, Sydney, NSW 2122, Australia
3Global Big Data Technologies Centre, University of Technology Sydney, Ultimo, NSW 2007, Australia

Correspondence should be addressed to Yang Zhou; nc.ude.tpub@gnayuohz

Received 15 September 2017; Accepted 27 November 2017; Published 25 December 2017

Academic Editor: Qing Yang

Copyright © 2017 Yang Zhou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Exploiting software-defined networking techniques, randomly and instantly mutating routes can disguise strategically important infrastructure and protect the integrity of data networks. Route mutation has been to date formulated as NP-complete constraint satisfaction problem where feasible sets of routes need to be generated with exponential computational complexities, limiting algorithmic scalability to large-scale networks. In this paper, we propose a novel node-centric route mutation method which interprets route mutation as a signature matching problem. We formulate the route mutation problem as a three-dimensional earth mover’s distance (EMD) model and solve it by using a binary branch and bound method. Considering the scalability, we further propose that a heuristic method yields significantly lower computational complexities with marginal loss of robustness against eavesdropping. Simulation results show that our proposed methods can effectively disguise key infrastructure by reducing the difference of historically accumulative traffic among different switches. With significantly reduced complexities, our algorithms are of particular interest to safeguard large-scale networks.