Resilient backup controller placement in distributed SDN under critical targeted attacks

Today, telecommunication networks are crucial infrastructures, as has, for example, been demonstrated by the COVID-19 crisis. Thus, protecting such infrastructures, including software-defined based networks (SDN), is of the utmost importance for network providers to assure society has constant acces...

Descripción completa

Detalles Bibliográficos
Autores: Calle Ortega, Eusebi, Martínez Álvarez, David, Mycek, Mariusz, Pióro, Michał
Tipo de recurso: artículo
Estado:Versión aceptada para publicación
Fecha de publicación:2021
País:España
Institución:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:10256/28158
Acceso en línea:http://hdl.handle.net/10256/28158
Access Level:acceso abierto
Palabra clave:Xarxes definides per programari (Tecnologia de xarxes d'ordinadors)
Software-defined networking (Computer network technology)
Seguretat informàtica
Computer security
Descripción
Sumario:Today, telecommunication networks are crucial infrastructures, as has, for example, been demonstrated by the COVID-19 crisis. Thus, protecting such infrastructures, including software-defined based networks (SDN), is of the utmost importance for network providers to assure society has constant access to reliable services. Targeted attacks on SDN can seriously affect their connectivity and thus service continuity. Such an attack, launched on network nodes, divides the network into disjoint components and, since the number of SDN controllers is limited, results in isolating a significant proportion of nodes from the (surviving) controllers, causing major disruptions in service availability. In this paper, we present an optimization approach which can be used by the SDN network operator to properly locate the controllers by taking into account predictable sets of critical targeted attacks on network topology. The proposed approach includes an algorithm for predicting, on the basis of appropriately defined attack effectiveness measures, the sets of most dangerous attacks. Such sets are then used as input data for controller placement optimization, which is performed by means of mixed-integer programming methods. In the optimization, the impact of the considered attacks is measured by a novel network availability measure. To minimize the consequences of attacks we consider additional backup controllers. Finally, we present results of a numerical study based on the introduced approach that illustrate the effectiveness of our approach