Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment

Jianjian Ai, Hongchang Chen, Zehua Guo, Guozhen Cheng, Thar Baker

Research output: Contribution to journalArticlepeer-review

Abstract

Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

Original languageEnglish
Pages (from-to)841-852
Number of pages12
JournalFuture Generation Computer Systems
Volume111
DOIs
Publication statusPublished - 24 Apr 2019

Bibliographical note

Funding Information:
This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101 , Beijing Institute of Technology Research Fund Program for Young Scholars , the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003 , and the National Natural Science Foundation of China under Grants 61602509 and 61836001 .

Funding Information:
This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101, Beijing Institute of Technology Research Fund Program for Young Scholars, the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003, and the National Natural Science Foundation of China under Grants 61602509 and 61836001.

Publisher Copyright:
© 2019 Elsevier B.V.

Keywords

  • Diversity
  • Malicious packets attack
  • Network device
  • Simulated annealing

Cite this