Resilient backup controller placement in distributed SDN under critical targeted attacks

Abstract

Today, telecommunication networks are crucial infrastructures, as has, for example, been demonstrated by the COVID-19 crisis. Thus, protecting such infrastructures, including software-defined based networks (SDN), is of the utmost importance for network providers to assure society has constant access to reliable services. Targeted attacks on SDN can seriously affect their connectivity and thus service continuity. Such an attack, launched on network nodes, divides the network into disjoint components and, since the number of SDN controllers is limited, results in isolating a significant proportion of nodes from the (surviving) controllers, causing major disruptions in service availability. In this paper, we present an optimization approach which can be used by the SDN network operator to properly locate the controllers by taking into account predictable sets of critical targeted attacks on network topology. The proposed approach includes an algorithm for predicting, on the basis of appropriately defined attack effectiveness measures, the sets of most dangerous attacks. Such sets are then used as input data for controller placement optimization, which is performed by means of mixed-integer programming methods. In the optimization, the impact of the considered attacks is measured by a novel network availability measure. To minimize the consequences of attacks we consider additional backup controllers. Finally, we present results of a numerical study based on the introduced approach that illustrate the effectiveness of our approach.