Secure Multipath Mutation SMPM in Moving Target Defense Based on SDN

Abstract

Software-defined networking (SDN) refers to a network architecture where the transfer state in the data plane is managed by a remote control plane in a centralized manner. SDN offer many advantage in terms of flexibility and automation to administrator but it suffer from many security issues. In other hand, Random Route Mutation (RRM) and path diversity represent one of the important research focuses about moving target defense (MTD). The main idea of using this technic, is to change periodically (or basing on events) used routes between sender and receiver in order to enhance mutation efficiency and decrease attackers capabilities to launch effective eavesdropping, denial of service or man in the middle attack. Using RRM and multi path technics can be very interesting in order to secure SDN and to detect and prevent intrusions. In this paper it is propose a new framework called SMPM which aims to secure and prevent intrusion by modeling SDN architectures and using a pathfinder algorithm called RRM-Pathfinder. The proposed framework calculates all possible paths from given source to destination and then, based on some criteria such as capacity, Overlap, Security and QoS, it selects and identifies the most cost-effective routes. The use of SMPM allow also to dynamically route packets using all pre-calculated paths which will permit to avoid sniffing and poisoning attacks such as Arp spoof and the man in the middle attacks and to ensure more confidentiality, integrity and privacy.