Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment

Jianjian Ai; Hongchang Chen; Zehua Guo; Guozhen Cheng; Thar Baker

doi:10.1016/j.future.2019.04.034

Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment

Jianjian Ai, Hongchang Chen, Zehua Guo, Guozhen Cheng, Thar Baker

School of Arch, Tech and Eng

Research output: Contribution to journal › Article › peer-review

Abstract

Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

Original language	English
Pages (from-to)	841-852
Number of pages	12
Journal	Future Generation Computer Systems
Volume	111
DOIs	https://doi.org/10.1016/j.future.2019.04.034
Publication status	Published - 24 Apr 2019

Bibliographical note

Funding Information:
This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101 , Beijing Institute of Technology Research Fund Program for Young Scholars , the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003 , and the National Natural Science Foundation of China under Grants 61602509 and 61836001 .

Funding Information:
This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101, Beijing Institute of Technology Research Fund Program for Young Scholars, the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003, and the National Natural Science Foundation of China under Grants 61602509 and 61836001.

Publisher Copyright:
© 2019 Elsevier B.V.

Keywords

Diversity
Malicious packets attack
Network device
Simulated annealing

Access to Document

10.1016/j.future.2019.04.034

Cite this

@article{d683e094fee3400fafff66bca5a6323f,

title = "Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment",

abstract = "Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets{\textquoteright} attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.",

keywords = "Diversity, Malicious packets attack, Network device, Simulated annealing",

author = "Jianjian Ai and Hongchang Chen and Zehua Guo and Guozhen Cheng and Thar Baker",

note = "Funding Information: This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101 , Beijing Institute of Technology Research Fund Program for Young Scholars , the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003 , and the National Natural Science Foundation of China under Grants 61602509 and 61836001 . Funding Information: This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101, Beijing Institute of Technology Research Fund Program for Young Scholars, the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003, and the National Natural Science Foundation of China under Grants 61602509 and 61836001. Publisher Copyright: {\textcopyright} 2019 Elsevier B.V.",

year = "2019",

month = apr,

day = "24",

doi = "10.1016/j.future.2019.04.034",

language = "English",

volume = "111",

pages = "841--852",

journal = "Future Generation Computer Systems",

issn = "0167-739X",

publisher = "Elsevier",

}

TY - JOUR

T1 - Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment

AU - Ai, Jianjian

AU - Chen, Hongchang

AU - Guo, Zehua

AU - Cheng, Guozhen

AU - Baker, Thar

N1 - Funding Information: This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101 , Beijing Institute of Technology Research Fund Program for Young Scholars , the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003 , and the National Natural Science Foundation of China under Grants 61602509 and 61836001 . Funding Information: This work was supported by the National Key Research and Development Plan, China under Grants 2018YFB1003700 and 2016YFB0800101, Beijing Institute of Technology Research Fund Program for Young Scholars, the Foundation for Innovative Research Groups of the National Natural Science Foundation of China under Grant 61521003, and the National Natural Science Foundation of China under Grants 61602509 and 61836001. Publisher Copyright: © 2019 Elsevier B.V.

PY - 2019/4/24

Y1 - 2019/4/24

N2 - Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

AB - Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

KW - Diversity

KW - Malicious packets attack

KW - Network device

KW - Simulated annealing

UR - http://www.scopus.com/inward/record.url?scp=85086451617&partnerID=8YFLogxK

U2 - 10.1016/j.future.2019.04.034

DO - 10.1016/j.future.2019.04.034

M3 - Article

AN - SCOPUS:85086451617

SN - 0167-739X

VL - 111

SP - 841

EP - 852

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

ER -

Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this