The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistic...The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.展开更多
Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy ...Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy of the evolution from legacy networks to the SDNs overemphasizes the controllability of the network or TE while ignoring the customers' benefit. Standing in the customers' position, we propose an optimization scheme, named as Optimal Migration Schedule based on Customers' Benefit(OMSB), to produce an optimized migration schedule and maximize the benefit of customers. Not only the quality and quantity of paths availed by migration, but also the number of flows from the customers that can use these multi-paths are taken into consideration for the scheduling. We compare the OMSB with other six migration schemes in terms of the benefit of customers. Our results suggest that the sequence of the migration plays a vital role for customers, especially in the early stages of the network migration to the SDN.展开更多
基金supported by Joint Funds of the National Natural Science Foundation of China and Xinjiang under Project U1603261.
文摘The low-intensity attack flows used by Crossfire attacks are hard to distinguish from legitimate flows.Traditional methods to identify the malicious flows in Crossfire attacks are rerouting,which is based on statistics.In these existing mechanisms,the identification of malicious flows depends on the IP address.However,the IP address is easy to be changed by attacks.Comparedwith the IP address,the certificate ismore challenging to be tampered with or forged.Moreover,the traffic trend in the network is towards encryption.The certificates are popularly utilized by IoT devices for authentication in encryption protocols.DTLShps proposed a new way to verify certificates for resource-constrained IoT devices by using the SDN controller.Based on DTLShps,the SDN controller can collect statistics on certificates.In this paper,we proposeCertrust,a framework based on the trust of certificates,tomitigate the Crossfire attack by using SDN for IoT.Our goal is threefold.First,the trust model is built based on the Bayesian trust system with the statistics on the participation of certificates in each Crossfire attack.Moreover,the forgetting curve is utilized instead of the traditional decay method in the Bayesian trust system for achieving a moderate decay rate.Second,for detecting the Crossfire attack accurately,a method based on graph connectivity is proposed.Third,several trust-based routing principles are proposed tomitigate the Crossfire attack.These principles can also encourage users to use certificates in communication.The performance evaluation shows that Certrust is more effective in mitigating the Crossfire attack than the traditional rerouting schemes.Moreover,our trust model has a more appropriate decay rate than the traditional methods.
基金supported by Joint Funds of National Natural Science Foundation of China and Xinjiang under code U1603261the Research Fund of Ministry of Education-China Mobile under Grant No. MCM20160304the Fundamental Research Funds for the Central Universities
文摘Software Defined Networking(SDN) provides a flexible and convenient way to support fine-grained traffic-engineering(TE). Besides, SDN also provides better Quality of Experience(QoE) for customers. However, the policy of the evolution from legacy networks to the SDNs overemphasizes the controllability of the network or TE while ignoring the customers' benefit. Standing in the customers' position, we propose an optimization scheme, named as Optimal Migration Schedule based on Customers' Benefit(OMSB), to produce an optimized migration schedule and maximize the benefit of customers. Not only the quality and quantity of paths availed by migration, but also the number of flows from the customers that can use these multi-paths are taken into consideration for the scheduling. We compare the OMSB with other six migration schemes in terms of the benefit of customers. Our results suggest that the sequence of the migration plays a vital role for customers, especially in the early stages of the network migration to the SDN.
