research article sdn-based double hopping communication ...a random port-hopping (rph) scheme was...
TRANSCRIPT
Research ArticleSDN-Based Double Hopping Communicationagainst Sniffer Attack
Zheng Zhao1 Daofu Gong1 Bin Lu1 Fenlin Liu1 and Chuanhao Zhang23
1Zhengzhou Science and Technology Institute Zhengzhou 450002 China2Railway Police College Zhengzhou 450002 China3National Digital Switching System Engineering amp Technological RampD Center Zhengzhou 450002 China
Correspondence should be addressed to Zheng Zhao diyigemsnhotmailcom
Received 7 September 2015 Revised 6 December 2015 Accepted 8 December 2015
Academic Editor Oleg V Gendelman
Copyright copy 2016 Zheng Zhao et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
Sniffer attack has been a severe threat to network communication security Traditional network usually uses static networkconfiguration which provides convenience to sniffer attack In this paper an SDN-based double hopping communication (DHC)approach is proposed to solve this problem In DHC ends in communication packets as well as the routing paths are changeddynamically Therefore the traffic will be distributed to multiple flows and transmitted along different paths Moreover the datafrom multiple users will be mixed bringing difficulty for attackers in obtaining and recovering the communication data so thatsniffer attack will be prevented effectively It is concluded that DHC is able to increase the overhead of sniffer attack as well as thedifficulty of communication data recovery
1 Introduction
Sniffer attack is a serious matter for network communicationsecurity Sniffer attack is one of the most popular waysused by attackers which captures and analyzes networkcommunication data Sniffer attackers are able to eavesdropcommunication data from network nodes or links monitornetwork status and steal sensitive data such as usernamesand passwords However the static network configurationsin traditional network provide convenience for sniffer attackFor instance static ends and route configurationsmake it easyfor attackers to obtain and analyze communication data
Communication encryption is a traditional approachto preventing sniffer attack The communication data isencrypted during transmission making it difficult for attack-ers to crack the information However there are still somelimitations in practical applications Firstly encryption pro-tocol should be supported by both communicating sidesor communication would fail Secondly a large number ofpopular protocols such as HTTP FTP Telnet and SMTP donot apply encryption which causes serious security risk tocommunication based on these protocols Thirdly security
flaws exist in some encryption protocols by which attackersmay crack communication data
Moving target defense (MTD) [1ndash4] a recently proposedtechnology uses dynamicity to enhance communicationsecurity The network configuration is dynamically changedto deceive attackers [5 6] avoid attacks [7ndash9] and defendagainst attacks [10 11] However potential attacks still existeven if single network configuration is changed [5] Changesof multiple network configurations can enhance the dynam-icity of the network and further improve network security
Collaborative changes ofmultiple network configurationsput forward higher requirements on capabilities of networksmanagement Distributed control is adopted in traditional IPnetwork in which the routing table configuration relies onrouting protocols In this paradigm serious consequencessuch as service interruptions and routing inflation canappear due to the changing network configuration [9] Andit is hard for traditional network to change multiple networkconfiguration collaboratively For example it is difficult forMPLS a high-speednetworking technique used in traditionalnetwork to implement dynamic resources changes due tothe lack of a global view and flexible resource allocation
Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2016 Article ID 8927169 13 pageshttpdxdoiorg10115520168927169
2 Mathematical Problems in Engineering
[12] Dynamic transformation of host IP configuration isattempted to be realized in traditional network in [9] butthe cost is high because several new devices are introducedSo collaborative changes among multiple network config-urations demand powerful management of the networkEmerging software-defined network (SDN) [13] brings newmethod to realize dynamic network configuration SDNdecouples the control plane and the forwarding plane (dataplane) and applies logic centralized control The powerfulnetwork management and control ability of SDN make therealization of dynamic network configuration more flexibleThe programmable nature of SDN can control flowtable offorwarding devices directly and avoid service interruptionsand routing inflation The centralized control of SDN makesit possible to have a global view of network Thereforecollaborative changes of multiple network configuration canbe realized
In this paper double hopping communication (DHC) isproposed based on SDN architecture to enhance the abilityto resist sniffer attack DHC periodically changes the endinformation of both communication sides as well as therouting paths between them thus realizing double hopping ofend and route In DHC communication data is transmittedamong multiple paths and data flow from multiple userswill be mixed It is difficult for attackers to obtain completedata from one communication in DHC and moreover itsets obstacles to avoid the attackers to correctly separatedata of one single user among all the data they obtainTherefore overhead and difficulty for attackers to obtain andanalyze communication data are dramatically increased dueto the disability of attackers to conduct targeted sniffingIn addition DHC is constructed based on SDN whichis transparent to the terminals and neither extra externalsoftware nor hardware is needed
The rest of the paper is organized as follows In Section 2related works are discussed Section 3 describes the basicprinciples of DHC In Section 4 we describe the basic archi-tecture and communication protocols of DHC Section 5presents the prototype deployment and simulation exper-iment and security of DHC are analyzed in Section 6Section 7 concludes the paper
2 Related Work
Hopping communication based on dynamic and random-ness of MTD technology is one type of active networkdefense methods aimed at breaking the hypothesis of staticnetwork configuration and can improve network securityvia dynamic and randomness [11 14] Currently researchershave proposed different hopping communication techniquesAtighetchi et al [6] proposed a hopping approach basedon fake address and port Fake addresses and ports areused during data transmission to confuse attackers Sifalakiset al [15] proposed one network address hopping method(NAH) based on information hiding technique Data flowis spread across multiple end-to-end connections by net-work address hopping during transmission Thus point-to-point data transmission security could be improved In [10]a random port-hopping (RPH) scheme was proposed to
defend DDoS attacks by changing the communication portsMT6D [16] proposed by Dunlop et al taking the advantageof address space of IPv6 and robust IP hopping strategyis achieved Tunnel technique is used to encapsulate thepackets Source and destination IP addresses of the tunnel arechanged repeatedly making it difficult for attackers to sniffcommunication trafficThe approaches described above havetheir own advantages However in all of these methods endis hopped while routing path stays unchanged which makesit possible for attackers to obtain complete communicationdata and therefore recover communication dataMoreover inorder to realize hopping communication deploying softwareon terminal and adding hardware in the network are neededwhich causes high cost
In traditional network quick cooperative hopping isdifficult in distributed route management However theemerging software-defined network has brought new meth-ods to hopping communication Based on SDN Kampanakiset al [5] proposed three kinds of MTD methods includ-ing reconnaissance protection service versionOS hidingand random hostroute mutation Attack cost benefits andpotential attackersrsquo countermeasures of these three methodsare analyzed respectively in this work These methodsinvolve network scanning DDoS and worm but DHCfocuses on sniffer attack In the SDN architecture a flexibleas well as transparent to terminal IP hopping method calledOF-RHM [7 17] is proposed by Jafarian et al It is truethat the effectivity of sniffer attack is decreased by OF-RHMbut virtual IP should stay unchanged during one continuouscommunication which enables attackers to obtain completedata of one communication from a switch Jafarian et al[18] proposed a technique in which hopping is implementedtemporarily and spatially in order to interfere with attackersrsquoviews of the network This hopping communication candefeat collaborative scanning attacks effectively Howeverin our work multiple network configurations are changeddynamically to enhance the dynamism of network for resist-ing sniffer attackThework in [19] achieves fast IP hopping toresist scanning andwormpropagationThemethod discovershazardous network ranges and addresses adaptively and evac-uates network hosts from themquicklyMacFarland and Shue[20] provide a scalable moving target system to enable keysecurity properties and maintain acceptable performanceThe method distinguishes trustworthy and untrustworthyclients to provide access control for legacy clients
There exist multiple paths between two nodes in networktopology which are used by researchers to improve commu-nication security An active random route mutation (RRM)method is proposed by Duan et al [8 21] and applied in SDNenvironment Routes of multiple flows in the network arechanged randomly and simultaneously However multipleuncrossed paths between source and destination are requiredwhich is difficult to satisfy in common network topology Inaddition no end hopping is involved in RRMmethod whichenables attackers to recover communication data betweenhosts by sniffing multiple switches Dolev and David [22]use multiple paths between datacenters to achieve securecommunication In order to ensure the privacy an 119899-119896 secretsharing method is used to encrypt communication data The
Mathematical Problems in Engineering 3
source creates 119899 shares of its data then sends them alongmultiple paths and makes sure that no 119896 or more sharespass the same router Thus the method achieves theoreticallysecured channel to the public cloud However in our workends and route paths are changed frequently to increase thecost of attacks while obtaining and reconstructing communi-cation data Gillani et al [23] migrate virtual routers amongmultiple paths to invalidate the network topology probe ofattacks therefore link DDoS attacks are resisted Gkounis etal [24] proposed a method based on SDN architecture todetect and mitigate Crossfire attack [25] by rerouting trafficvia multiple paths The two abovementioned works aim toresist link DDoS attacks while our work aimed at resistingsniffer attack increases the cost of attackers through changesof ends and routing paths
3 Basic Principles of DHC
In static configuration based network communication whentwo hosts communicate on one connection all the packets incommunication contain information about this connectionand the transmission path of the communication packets isstatic These two facts provide convenience for attackers tosniff network communication Attackers are able to obtaincommunication data easily from the target by sniffing net-work flow based on target end on transmission path In DHCapproach both end and route are hopped based on SDNarchitecture Dynamic and randomness are introduced incommunication for two dimensions end and route For thedata plane random hopping end and route are configured bythe controller in every hopping period after one connectionis established In the meantime both end hopping and routehopping are achieved
In DHC ends in both communication sides hop dynami-cally The data frommultiple users will be mixed and end-to-end traffic is hidden in network background traffic Frequenthopping of the end brings difficulty for attackers to selectand sort the sniffed packets as well as recovering the initialdata Thus the difficulty of analyzing communication data isincreased Route hopping changes routing paths of the pack-ets dynamically spreading the communication traffic intomultiple routing paths In this way overhead and difficulty ofsniffing are increased since continuous communication datais difficult to obtain To sum up double hopping of both endand route limits the communication data that attackers canobtain and set obstacles for attackers to analyze the data
4 Basic Architecture of DHC
When conducting hopping communication in DHC endand routing path that are about to hop are selected firstThen flowtables are updated according to hopping protocolThus end hopping space and route hopping space as wellas hopping communication protocol should be taken intoconsideration to realize DHC
41 End Hopping Space End consists of IP address of thehost and port in communication It is an essential elementof communication between two hosts in network and it
uniquely defines one communication side in network Oneconnection in network communication contains IP addressesand ports of both source and destination hosts Therefore119864119868 = (IPsrc 119875src IPdst 119875dst) is defined to represent the end ofone connection End of packetsmentioned through the paperrefers to this definition In DHC end hopping space 119878EHconsists of hopping IP addresses and hopping ports GivenIP address pool Addr = IP
1 IP2 IP
119898 and hopping
port pool Port = 1198751 1198752 119875
119899 end hopping space can be
represented by
119878EH = (IPsrc 119875src IPdst 119875dst) | IPsrc IPdst isin Addr IPsrc
= IPdst 119875src 119875dst isin Port (1)
Unoccupied hopping ends are randomly selected in 119878EH toreplace the real ends in communication when the ends needhopping
42 Route Hopping Space One routing path betweensource and destination hosts is a sequence thatconsists of forwarding nodes (ie OF switch) Define119875119886119905ℎ = ⟨119899119900119889119890src 1198991199001198891198901 1198991199001198891198902 119899119900119889119890dst⟩ where 119899119900119889119890srcconnects with source host and is called source forwardingnode (source switch) 119899119900119889119890dst connects with destinationhost and is called destination forwarding node (destinationswitch) Under SDN architecture controller has the globalnetwork view Therefore all paths connecting source anddestination hosts that satisfy certain conditions can becalculated constituting the route hopping space
Suppose the source host1198671communicates with destina-
tion host1198672 the corresponding route hopping space 1198781198671rarr1198672RH
will be calculated as follows
(1) Calculate all acyclic paths between 1198671and 119867
2that
are not longer than the maximum path length 119871according to the topology of network and constitutethe path set 119875119886119905ℎ1198781198901199051198671rarr1198672
(2) For 119875119886119905ℎ119894 119875119886119905ℎ
119895isin 119875119886119905ℎ119878119890119905
1198671rarr1198672 if119873119900119889119890119904(119875119886119905ℎ
119894) sub
119873119900119889119890119904(119875119886119905ℎ119895) holds delete 119875119886119905ℎ
119895from path set
119875119886119905ℎ1198781198901199051198671rarr1198672 where 119873119900119889119890119904(119875119886119905ℎ
119894) represents the
set of nodes that path 119875119886119905ℎ119894passes The reason for
deleting119875119886119905ℎ119895is that no node in119875119886119905ℎ
119894can be avoided
when packets pass along 119875119886119905ℎ119895 which leads to a
longer path
The route hopping space 1198781198671rarr1198672RH is obtained from thesteps above If |1198781198671rarr1198672RH | gt 1holds the paths in 1198781198671rarr1198672RH satisfythe following forall119875119886119905ℎ
119894 119875119886119905ℎ
119895isin 1198781198671rarr1198672
RH 119875119886119905ℎ119894= 119875119886119905ℎ
119895 there
exists 119899119900119889119890 isin 119873119900119889119890119904(119875119886119905ℎ119894) and 119899119900119889119890 notin 119873119900119889119890119904(119875119886119905ℎ
119895)
which means that 119875119886119905ℎ119895does not pass at least one node in
119875119886119905ℎ119894
In order to guarantee the unpredictability of the hoppingpath randomness in hopping path selection is essential Onesimple method is random path selection which randomlyselects one path in 1198781198671rarr1198672RH at the beginning of each periodand takes it as the hopping path during the period Theprobability of selection for each path in 1198781198671rarr1198672RH is identical
4 Mathematical Problems in Engineering
Input (119875119886119905ℎ1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898
Output 119875119886119905ℎWeightedRandomPathSelect((119875119886119905ℎ
1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898)
(1) sum = 0(2) for 119894 in (1 2 119906)(3) new sumlarr sum + 119908
119894
(4) if sum lt RandNum le new sum(5) return 119875119886119905ℎ
119894
(6) else sum = new sum
Algorithm 1 Weighted random path selection algorithm
However traffic may be forwarded unbalanced by the nodeswhich means possibility of large amount of traffic forwardedby one single node exists In this case if attackers sniff on thisspecific node large amount of communication data will beobtained easily The reason is that paths in 1198781198671rarr1198672RH intersectFortunately this threat can be eliminated in DHC by usingweighted random path selection
For a node we define 1198621198671rarr1198672(119899119900119889119890) as the numberof paths in route hopping space 1198781198671rarr1198672RH that pass through119899119900119889119890 For a node set 119904119890119905 we define 1198621198671rarr1198672(119904119890119905) =
1198621198671rarr1198672(119899119900119889119890) | 119899119900119889119890 isin 119904119890119905 Suppose that for one
connection between hosts 1198671and 119867
2 there is 119875119886119905ℎ
119896isin
1198781198671rarr1198672
RH 119889(119875119886119905ℎ119896) donates the node set that contains the
nodes left after common nodes (eg source forwarding nodeand destination forwarding node) through which all paths in1198781198671rarr1198672
RH pass are deleted The weight of 119875119886119905ℎ119896is defined
119882119890119894119892ℎ119905 (119875119886119905ℎ119896)
=
1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ119896)))
sum119875119886119905ℎ119894isin1198781198671 rarr1198672
RH(1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ
119894))))
(2)
where the function Max gets the maximum value in1198621198671rarr1198672(119904119890119905) By using the weighting function above lower
weight is assigned to paths with nodes that more paths crossTherefore chances for overmuch traffic passes through onesingle node (except common nodes for all paths) in networkdue to intersection are eliminated
Weighted random path selection algorithm is shown inAlgorithm 1 The probability of one path to be chosen isset as the weight for the path The inputs of the algorithminclude paths (119875119886119905ℎ
1 119875119886119905ℎ
119906) in route hopping space
1198781198671rarr1198672
RH corresponding weights (1199081 119908
119906) and a random
number 119877119886119899119889119873119906119898 isin [0 1] In the algorithm weightsare accumulated for each path in steps 2 to 6 The pathcorresponding to the weight is returned when the sum ofaccumulated weights is bigger than or equal to the randomnumber 119877119886119899119889119873119906119898
43 DHC Protocol In DHC for each period 119879hop onehopping end ℎ119864119868 and one path from source to destination119875119886119905ℎ are randomly chosen New flow entries are generated bythe controller and installed in OF switches End of packetsfrom source host is modified to ℎ119864119868 and these packets are
transmitted to destination host along 119875119886119905ℎ Then doublehopping of end and route with period 119879hop as granularity isrealized
431 Double Hopping The basic protocol of DHC is illus-trated in Figure 1 It is a network with SDN architecture inwhich host 119867
1communicates with119867
2 Denote end hopping
space as 119878EH and route hopping space of the communicationas 1198781198671rarr1198672RH Firstly initial end 119903119864119868 = (IP
1 1198751 IP2 1198752)
is generated by 1198671according to the real IP address and
port of two communication sides then the address of thecommunication is determined
Detailed steps of double hopping are as follows
(1) The first packet containing 119903119864119868 is sent to the networkby 1198671 OF switch 119878
1receives the packet and encap-
sulates it as a packet-in message Then the packet-inmessage is sent to the controller
(2) The packet-in message is deencapsulated by thecontroller and 119903119864119868 is extracted Then hopping endℎ1198641198681= (IP1015840
1 1198751015840
1 IP10158402 1198751015840
2) is selected randomly in
119878EH Route hopping space 1198781198671rarr1198672RH is calculated bythe controller and 119875119886119905ℎ
1= (119878
1 1198782 1198785) is chosen
using weighted random path selection algorithmWith the knowledge of ℎ119864119868
1and 119875119886119905ℎ
1 controller
generates flow entries encapsulated as modify-statemessages and sends them to OF switches 119878
1 1198782 and
1198785 Corresponding modification and routing of the
packets are conducted(3) Ends (IP
1 1198751 IP2 1198752) in the packets are modified to
(IP10158401 1198751015840
1 IP10158402 1198751015840
2) by source switch 119878
1and the modified
packets are forwarded to OF switch 1198782then to desti-
nation switch 1198781
(4) Ends (IP10158401 1198751015840
1 IP10158402 1198751015840
2) in the packets are recovered
to the 119903119864119868 and forwarded to host 1198672by destination
switch 1198785 Then119867
2receives the packets from119867
1
In this communication the hopping end is recalculatedby the controller for a hopping period119879hop and is representedas ℎ119864119868
2= (IP101584010158401 11987510158401015840
1 IP101584010158402 11987510158401015840
2) as shown in Figure 1 Anewpath
denoted as 119875119886119905ℎ2= (1198781 1198783 1198784 1198785) is selected in 1198781198671rarr1198672RH using
weighted random path selection algorithm Then the flowentries in OF switches are updated Source switch 119878
1modifies
the end in the packets sent from 1198671to 1198672as ℎ119864119868
2and
Mathematical Problems in Engineering 5
Controller
1
4
2
3
IP2 P2 H2
H1
(IP1 P1 IP2 P2)
(IP1 P1 IP2 P2)
S5
S4
S3
S2
S1
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
IP1 P1
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
Figure 1 An example of double hopping communication
S1 S2
S6 S7
S3 S4 S5
rEI
hEI2
hEI1
Figure 2 An example of flow entries update
forwards the modified packets along 119875119886119905ℎ2 In destination
switch 1198785 the end of these packets is recovered to the real end
(IP1 1198751 IP2 1198752)
The procedure described above does not modify the realend on both hosts Instead it modifies the end and routingpath of the communication packets dynamically in networktransmission The source and destination hosts can achievehopping communication transparently in network withoutinterrupting the ongoing communication Once the packetsof communication between119867
1and119867
2enter the network end
of the packets and routing path are hopped with time Foreach hopping period 119879hop the hopping end and route willbe reconfigured by the controller The communication willbe considered finished when the controller detects the factthat the flow entries are not hit in a hopping period via flow-removedmessages sent by switchesThus flow entries will notbe updated
432 Flow Entries Update Flow entries in OF switches needto be updated when end and route are hopped in DHCMoreover it should be guaranteed that the flow entries updateis consistent and no packet is lost Suppose that hoppingcommunication is conducted in the network topology asshown in Figure 2 Assume that the end is being hopped byswitch 119878
1currently end changes from 119903119864119868 to ℎ119864119868
1 and the
packets are being transmitted along path (1198781 1198782 1198783 1198784 1198785) At
this circumstance to hop the end of the packets from 119903119864119868 toℎ1198641198682and to hop the routing path from (119878
1 1198782 1198783 1198784 1198785) to
(1198781 1198782 1198786 1198787 1198784 1198785) the steps of updating flow entries are as
follows
(1) Controller sendsmodify-statemessages to install newflow entries in switches 119878
2 1198786 1198787 1198784 1198785for forwarding
the packets with end ℎ1198641198682 At this time the new flow
entries will not be hit by packets because there are nopackets in the network that contain the end ℎ119864119868
2
(2) Controller sendsmodify-statemessages tomodify theflow entry in switch 119878
1 thus the end of packets is
converted from 119903119864119868 to ℎ1198641198682
(3) Controller sends modify-state messages to delete theold flow entries in switches 119878
2 1198783 1198784 1198785after themax-
imum transmission delay of path (1198781 1198782 1198783 1198784 1198785) is
reached
The method to update the flow entries described abovecan guarantee that the traffic is routed by the old flow entriesduring update avoiding packets loss In addition traffic isrouted by the updated flow entries after update maintainingper-packet consistency
5 Prototype Deployment andSimulation Experiment
51 Prototype Deployment To verify the performance andsecurity of DHC DhcFlower a prototype based on SDNcontroller is implemented As shown in Figure 3 DhcFlowerruns on the top of SDN controller which manages switchesthrough OpenFlow
In the prototype deployment of DHC TopologyDiscov-ery reports the changes of network topology and updates viewof network FlowMonitor monitors the flow state of networkto find initiation and termination of connections Based onthe view and flow state of network DhcFlower chooses theends and routing paths to convert network configurations
Detailed structure of DhcFlower is shown in Figure 4TopologyDiscovery updates topology database TopologyInfowith the changes of network topology Using the networktopology information hopping path calculator calculatesmultiple paths of each pair of nodes and stores hoppingpath information in the hopping path pool Hopping endsare stored in Hopping end pool With hopping end pooland hopping path pool double hopping engine as thecore module chooses the hopping end and path based onflow state information Afterwards strategies of hopping aregenerated Flow updater generates flow entries based onhopping strategies and updates the flowtables in a specificorder
52 Simulation Experiment To evaluate DHC we have oper-ated our implement prototype over the Mininet [26]
Open-
Flow 10 [27] is applied and POX [28] is used as controllerA class B address block is chosen as hopping IP address pooland hopping port pool denoted as 0 1 65535 Network
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
2 Mathematical Problems in Engineering
[12] Dynamic transformation of host IP configuration isattempted to be realized in traditional network in [9] butthe cost is high because several new devices are introducedSo collaborative changes among multiple network config-urations demand powerful management of the networkEmerging software-defined network (SDN) [13] brings newmethod to realize dynamic network configuration SDNdecouples the control plane and the forwarding plane (dataplane) and applies logic centralized control The powerfulnetwork management and control ability of SDN make therealization of dynamic network configuration more flexibleThe programmable nature of SDN can control flowtable offorwarding devices directly and avoid service interruptionsand routing inflation The centralized control of SDN makesit possible to have a global view of network Thereforecollaborative changes of multiple network configuration canbe realized
In this paper double hopping communication (DHC) isproposed based on SDN architecture to enhance the abilityto resist sniffer attack DHC periodically changes the endinformation of both communication sides as well as therouting paths between them thus realizing double hopping ofend and route In DHC communication data is transmittedamong multiple paths and data flow from multiple userswill be mixed It is difficult for attackers to obtain completedata from one communication in DHC and moreover itsets obstacles to avoid the attackers to correctly separatedata of one single user among all the data they obtainTherefore overhead and difficulty for attackers to obtain andanalyze communication data are dramatically increased dueto the disability of attackers to conduct targeted sniffingIn addition DHC is constructed based on SDN whichis transparent to the terminals and neither extra externalsoftware nor hardware is needed
The rest of the paper is organized as follows In Section 2related works are discussed Section 3 describes the basicprinciples of DHC In Section 4 we describe the basic archi-tecture and communication protocols of DHC Section 5presents the prototype deployment and simulation exper-iment and security of DHC are analyzed in Section 6Section 7 concludes the paper
2 Related Work
Hopping communication based on dynamic and random-ness of MTD technology is one type of active networkdefense methods aimed at breaking the hypothesis of staticnetwork configuration and can improve network securityvia dynamic and randomness [11 14] Currently researchershave proposed different hopping communication techniquesAtighetchi et al [6] proposed a hopping approach basedon fake address and port Fake addresses and ports areused during data transmission to confuse attackers Sifalakiset al [15] proposed one network address hopping method(NAH) based on information hiding technique Data flowis spread across multiple end-to-end connections by net-work address hopping during transmission Thus point-to-point data transmission security could be improved In [10]a random port-hopping (RPH) scheme was proposed to
defend DDoS attacks by changing the communication portsMT6D [16] proposed by Dunlop et al taking the advantageof address space of IPv6 and robust IP hopping strategyis achieved Tunnel technique is used to encapsulate thepackets Source and destination IP addresses of the tunnel arechanged repeatedly making it difficult for attackers to sniffcommunication trafficThe approaches described above havetheir own advantages However in all of these methods endis hopped while routing path stays unchanged which makesit possible for attackers to obtain complete communicationdata and therefore recover communication dataMoreover inorder to realize hopping communication deploying softwareon terminal and adding hardware in the network are neededwhich causes high cost
In traditional network quick cooperative hopping isdifficult in distributed route management However theemerging software-defined network has brought new meth-ods to hopping communication Based on SDN Kampanakiset al [5] proposed three kinds of MTD methods includ-ing reconnaissance protection service versionOS hidingand random hostroute mutation Attack cost benefits andpotential attackersrsquo countermeasures of these three methodsare analyzed respectively in this work These methodsinvolve network scanning DDoS and worm but DHCfocuses on sniffer attack In the SDN architecture a flexibleas well as transparent to terminal IP hopping method calledOF-RHM [7 17] is proposed by Jafarian et al It is truethat the effectivity of sniffer attack is decreased by OF-RHMbut virtual IP should stay unchanged during one continuouscommunication which enables attackers to obtain completedata of one communication from a switch Jafarian et al[18] proposed a technique in which hopping is implementedtemporarily and spatially in order to interfere with attackersrsquoviews of the network This hopping communication candefeat collaborative scanning attacks effectively Howeverin our work multiple network configurations are changeddynamically to enhance the dynamism of network for resist-ing sniffer attackThework in [19] achieves fast IP hopping toresist scanning andwormpropagationThemethod discovershazardous network ranges and addresses adaptively and evac-uates network hosts from themquicklyMacFarland and Shue[20] provide a scalable moving target system to enable keysecurity properties and maintain acceptable performanceThe method distinguishes trustworthy and untrustworthyclients to provide access control for legacy clients
There exist multiple paths between two nodes in networktopology which are used by researchers to improve commu-nication security An active random route mutation (RRM)method is proposed by Duan et al [8 21] and applied in SDNenvironment Routes of multiple flows in the network arechanged randomly and simultaneously However multipleuncrossed paths between source and destination are requiredwhich is difficult to satisfy in common network topology Inaddition no end hopping is involved in RRMmethod whichenables attackers to recover communication data betweenhosts by sniffing multiple switches Dolev and David [22]use multiple paths between datacenters to achieve securecommunication In order to ensure the privacy an 119899-119896 secretsharing method is used to encrypt communication data The
Mathematical Problems in Engineering 3
source creates 119899 shares of its data then sends them alongmultiple paths and makes sure that no 119896 or more sharespass the same router Thus the method achieves theoreticallysecured channel to the public cloud However in our workends and route paths are changed frequently to increase thecost of attacks while obtaining and reconstructing communi-cation data Gillani et al [23] migrate virtual routers amongmultiple paths to invalidate the network topology probe ofattacks therefore link DDoS attacks are resisted Gkounis etal [24] proposed a method based on SDN architecture todetect and mitigate Crossfire attack [25] by rerouting trafficvia multiple paths The two abovementioned works aim toresist link DDoS attacks while our work aimed at resistingsniffer attack increases the cost of attackers through changesof ends and routing paths
3 Basic Principles of DHC
In static configuration based network communication whentwo hosts communicate on one connection all the packets incommunication contain information about this connectionand the transmission path of the communication packets isstatic These two facts provide convenience for attackers tosniff network communication Attackers are able to obtaincommunication data easily from the target by sniffing net-work flow based on target end on transmission path In DHCapproach both end and route are hopped based on SDNarchitecture Dynamic and randomness are introduced incommunication for two dimensions end and route For thedata plane random hopping end and route are configured bythe controller in every hopping period after one connectionis established In the meantime both end hopping and routehopping are achieved
In DHC ends in both communication sides hop dynami-cally The data frommultiple users will be mixed and end-to-end traffic is hidden in network background traffic Frequenthopping of the end brings difficulty for attackers to selectand sort the sniffed packets as well as recovering the initialdata Thus the difficulty of analyzing communication data isincreased Route hopping changes routing paths of the pack-ets dynamically spreading the communication traffic intomultiple routing paths In this way overhead and difficulty ofsniffing are increased since continuous communication datais difficult to obtain To sum up double hopping of both endand route limits the communication data that attackers canobtain and set obstacles for attackers to analyze the data
4 Basic Architecture of DHC
When conducting hopping communication in DHC endand routing path that are about to hop are selected firstThen flowtables are updated according to hopping protocolThus end hopping space and route hopping space as wellas hopping communication protocol should be taken intoconsideration to realize DHC
41 End Hopping Space End consists of IP address of thehost and port in communication It is an essential elementof communication between two hosts in network and it
uniquely defines one communication side in network Oneconnection in network communication contains IP addressesand ports of both source and destination hosts Therefore119864119868 = (IPsrc 119875src IPdst 119875dst) is defined to represent the end ofone connection End of packetsmentioned through the paperrefers to this definition In DHC end hopping space 119878EHconsists of hopping IP addresses and hopping ports GivenIP address pool Addr = IP
1 IP2 IP
119898 and hopping
port pool Port = 1198751 1198752 119875
119899 end hopping space can be
represented by
119878EH = (IPsrc 119875src IPdst 119875dst) | IPsrc IPdst isin Addr IPsrc
= IPdst 119875src 119875dst isin Port (1)
Unoccupied hopping ends are randomly selected in 119878EH toreplace the real ends in communication when the ends needhopping
42 Route Hopping Space One routing path betweensource and destination hosts is a sequence thatconsists of forwarding nodes (ie OF switch) Define119875119886119905ℎ = ⟨119899119900119889119890src 1198991199001198891198901 1198991199001198891198902 119899119900119889119890dst⟩ where 119899119900119889119890srcconnects with source host and is called source forwardingnode (source switch) 119899119900119889119890dst connects with destinationhost and is called destination forwarding node (destinationswitch) Under SDN architecture controller has the globalnetwork view Therefore all paths connecting source anddestination hosts that satisfy certain conditions can becalculated constituting the route hopping space
Suppose the source host1198671communicates with destina-
tion host1198672 the corresponding route hopping space 1198781198671rarr1198672RH
will be calculated as follows
(1) Calculate all acyclic paths between 1198671and 119867
2that
are not longer than the maximum path length 119871according to the topology of network and constitutethe path set 119875119886119905ℎ1198781198901199051198671rarr1198672
(2) For 119875119886119905ℎ119894 119875119886119905ℎ
119895isin 119875119886119905ℎ119878119890119905
1198671rarr1198672 if119873119900119889119890119904(119875119886119905ℎ
119894) sub
119873119900119889119890119904(119875119886119905ℎ119895) holds delete 119875119886119905ℎ
119895from path set
119875119886119905ℎ1198781198901199051198671rarr1198672 where 119873119900119889119890119904(119875119886119905ℎ
119894) represents the
set of nodes that path 119875119886119905ℎ119894passes The reason for
deleting119875119886119905ℎ119895is that no node in119875119886119905ℎ
119894can be avoided
when packets pass along 119875119886119905ℎ119895 which leads to a
longer path
The route hopping space 1198781198671rarr1198672RH is obtained from thesteps above If |1198781198671rarr1198672RH | gt 1holds the paths in 1198781198671rarr1198672RH satisfythe following forall119875119886119905ℎ
119894 119875119886119905ℎ
119895isin 1198781198671rarr1198672
RH 119875119886119905ℎ119894= 119875119886119905ℎ
119895 there
exists 119899119900119889119890 isin 119873119900119889119890119904(119875119886119905ℎ119894) and 119899119900119889119890 notin 119873119900119889119890119904(119875119886119905ℎ
119895)
which means that 119875119886119905ℎ119895does not pass at least one node in
119875119886119905ℎ119894
In order to guarantee the unpredictability of the hoppingpath randomness in hopping path selection is essential Onesimple method is random path selection which randomlyselects one path in 1198781198671rarr1198672RH at the beginning of each periodand takes it as the hopping path during the period Theprobability of selection for each path in 1198781198671rarr1198672RH is identical
4 Mathematical Problems in Engineering
Input (119875119886119905ℎ1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898
Output 119875119886119905ℎWeightedRandomPathSelect((119875119886119905ℎ
1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898)
(1) sum = 0(2) for 119894 in (1 2 119906)(3) new sumlarr sum + 119908
119894
(4) if sum lt RandNum le new sum(5) return 119875119886119905ℎ
119894
(6) else sum = new sum
Algorithm 1 Weighted random path selection algorithm
However traffic may be forwarded unbalanced by the nodeswhich means possibility of large amount of traffic forwardedby one single node exists In this case if attackers sniff on thisspecific node large amount of communication data will beobtained easily The reason is that paths in 1198781198671rarr1198672RH intersectFortunately this threat can be eliminated in DHC by usingweighted random path selection
For a node we define 1198621198671rarr1198672(119899119900119889119890) as the numberof paths in route hopping space 1198781198671rarr1198672RH that pass through119899119900119889119890 For a node set 119904119890119905 we define 1198621198671rarr1198672(119904119890119905) =
1198621198671rarr1198672(119899119900119889119890) | 119899119900119889119890 isin 119904119890119905 Suppose that for one
connection between hosts 1198671and 119867
2 there is 119875119886119905ℎ
119896isin
1198781198671rarr1198672
RH 119889(119875119886119905ℎ119896) donates the node set that contains the
nodes left after common nodes (eg source forwarding nodeand destination forwarding node) through which all paths in1198781198671rarr1198672
RH pass are deleted The weight of 119875119886119905ℎ119896is defined
119882119890119894119892ℎ119905 (119875119886119905ℎ119896)
=
1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ119896)))
sum119875119886119905ℎ119894isin1198781198671 rarr1198672
RH(1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ
119894))))
(2)
where the function Max gets the maximum value in1198621198671rarr1198672(119904119890119905) By using the weighting function above lower
weight is assigned to paths with nodes that more paths crossTherefore chances for overmuch traffic passes through onesingle node (except common nodes for all paths) in networkdue to intersection are eliminated
Weighted random path selection algorithm is shown inAlgorithm 1 The probability of one path to be chosen isset as the weight for the path The inputs of the algorithminclude paths (119875119886119905ℎ
1 119875119886119905ℎ
119906) in route hopping space
1198781198671rarr1198672
RH corresponding weights (1199081 119908
119906) and a random
number 119877119886119899119889119873119906119898 isin [0 1] In the algorithm weightsare accumulated for each path in steps 2 to 6 The pathcorresponding to the weight is returned when the sum ofaccumulated weights is bigger than or equal to the randomnumber 119877119886119899119889119873119906119898
43 DHC Protocol In DHC for each period 119879hop onehopping end ℎ119864119868 and one path from source to destination119875119886119905ℎ are randomly chosen New flow entries are generated bythe controller and installed in OF switches End of packetsfrom source host is modified to ℎ119864119868 and these packets are
transmitted to destination host along 119875119886119905ℎ Then doublehopping of end and route with period 119879hop as granularity isrealized
431 Double Hopping The basic protocol of DHC is illus-trated in Figure 1 It is a network with SDN architecture inwhich host 119867
1communicates with119867
2 Denote end hopping
space as 119878EH and route hopping space of the communicationas 1198781198671rarr1198672RH Firstly initial end 119903119864119868 = (IP
1 1198751 IP2 1198752)
is generated by 1198671according to the real IP address and
port of two communication sides then the address of thecommunication is determined
Detailed steps of double hopping are as follows
(1) The first packet containing 119903119864119868 is sent to the networkby 1198671 OF switch 119878
1receives the packet and encap-
sulates it as a packet-in message Then the packet-inmessage is sent to the controller
(2) The packet-in message is deencapsulated by thecontroller and 119903119864119868 is extracted Then hopping endℎ1198641198681= (IP1015840
1 1198751015840
1 IP10158402 1198751015840
2) is selected randomly in
119878EH Route hopping space 1198781198671rarr1198672RH is calculated bythe controller and 119875119886119905ℎ
1= (119878
1 1198782 1198785) is chosen
using weighted random path selection algorithmWith the knowledge of ℎ119864119868
1and 119875119886119905ℎ
1 controller
generates flow entries encapsulated as modify-statemessages and sends them to OF switches 119878
1 1198782 and
1198785 Corresponding modification and routing of the
packets are conducted(3) Ends (IP
1 1198751 IP2 1198752) in the packets are modified to
(IP10158401 1198751015840
1 IP10158402 1198751015840
2) by source switch 119878
1and the modified
packets are forwarded to OF switch 1198782then to desti-
nation switch 1198781
(4) Ends (IP10158401 1198751015840
1 IP10158402 1198751015840
2) in the packets are recovered
to the 119903119864119868 and forwarded to host 1198672by destination
switch 1198785 Then119867
2receives the packets from119867
1
In this communication the hopping end is recalculatedby the controller for a hopping period119879hop and is representedas ℎ119864119868
2= (IP101584010158401 11987510158401015840
1 IP101584010158402 11987510158401015840
2) as shown in Figure 1 Anewpath
denoted as 119875119886119905ℎ2= (1198781 1198783 1198784 1198785) is selected in 1198781198671rarr1198672RH using
weighted random path selection algorithm Then the flowentries in OF switches are updated Source switch 119878
1modifies
the end in the packets sent from 1198671to 1198672as ℎ119864119868
2and
Mathematical Problems in Engineering 5
Controller
1
4
2
3
IP2 P2 H2
H1
(IP1 P1 IP2 P2)
(IP1 P1 IP2 P2)
S5
S4
S3
S2
S1
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
IP1 P1
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
Figure 1 An example of double hopping communication
S1 S2
S6 S7
S3 S4 S5
rEI
hEI2
hEI1
Figure 2 An example of flow entries update
forwards the modified packets along 119875119886119905ℎ2 In destination
switch 1198785 the end of these packets is recovered to the real end
(IP1 1198751 IP2 1198752)
The procedure described above does not modify the realend on both hosts Instead it modifies the end and routingpath of the communication packets dynamically in networktransmission The source and destination hosts can achievehopping communication transparently in network withoutinterrupting the ongoing communication Once the packetsof communication between119867
1and119867
2enter the network end
of the packets and routing path are hopped with time Foreach hopping period 119879hop the hopping end and route willbe reconfigured by the controller The communication willbe considered finished when the controller detects the factthat the flow entries are not hit in a hopping period via flow-removedmessages sent by switchesThus flow entries will notbe updated
432 Flow Entries Update Flow entries in OF switches needto be updated when end and route are hopped in DHCMoreover it should be guaranteed that the flow entries updateis consistent and no packet is lost Suppose that hoppingcommunication is conducted in the network topology asshown in Figure 2 Assume that the end is being hopped byswitch 119878
1currently end changes from 119903119864119868 to ℎ119864119868
1 and the
packets are being transmitted along path (1198781 1198782 1198783 1198784 1198785) At
this circumstance to hop the end of the packets from 119903119864119868 toℎ1198641198682and to hop the routing path from (119878
1 1198782 1198783 1198784 1198785) to
(1198781 1198782 1198786 1198787 1198784 1198785) the steps of updating flow entries are as
follows
(1) Controller sendsmodify-statemessages to install newflow entries in switches 119878
2 1198786 1198787 1198784 1198785for forwarding
the packets with end ℎ1198641198682 At this time the new flow
entries will not be hit by packets because there are nopackets in the network that contain the end ℎ119864119868
2
(2) Controller sendsmodify-statemessages tomodify theflow entry in switch 119878
1 thus the end of packets is
converted from 119903119864119868 to ℎ1198641198682
(3) Controller sends modify-state messages to delete theold flow entries in switches 119878
2 1198783 1198784 1198785after themax-
imum transmission delay of path (1198781 1198782 1198783 1198784 1198785) is
reached
The method to update the flow entries described abovecan guarantee that the traffic is routed by the old flow entriesduring update avoiding packets loss In addition traffic isrouted by the updated flow entries after update maintainingper-packet consistency
5 Prototype Deployment andSimulation Experiment
51 Prototype Deployment To verify the performance andsecurity of DHC DhcFlower a prototype based on SDNcontroller is implemented As shown in Figure 3 DhcFlowerruns on the top of SDN controller which manages switchesthrough OpenFlow
In the prototype deployment of DHC TopologyDiscov-ery reports the changes of network topology and updates viewof network FlowMonitor monitors the flow state of networkto find initiation and termination of connections Based onthe view and flow state of network DhcFlower chooses theends and routing paths to convert network configurations
Detailed structure of DhcFlower is shown in Figure 4TopologyDiscovery updates topology database TopologyInfowith the changes of network topology Using the networktopology information hopping path calculator calculatesmultiple paths of each pair of nodes and stores hoppingpath information in the hopping path pool Hopping endsare stored in Hopping end pool With hopping end pooland hopping path pool double hopping engine as thecore module chooses the hopping end and path based onflow state information Afterwards strategies of hopping aregenerated Flow updater generates flow entries based onhopping strategies and updates the flowtables in a specificorder
52 Simulation Experiment To evaluate DHC we have oper-ated our implement prototype over the Mininet [26]
Open-
Flow 10 [27] is applied and POX [28] is used as controllerA class B address block is chosen as hopping IP address pooland hopping port pool denoted as 0 1 65535 Network
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 3
source creates 119899 shares of its data then sends them alongmultiple paths and makes sure that no 119896 or more sharespass the same router Thus the method achieves theoreticallysecured channel to the public cloud However in our workends and route paths are changed frequently to increase thecost of attacks while obtaining and reconstructing communi-cation data Gillani et al [23] migrate virtual routers amongmultiple paths to invalidate the network topology probe ofattacks therefore link DDoS attacks are resisted Gkounis etal [24] proposed a method based on SDN architecture todetect and mitigate Crossfire attack [25] by rerouting trafficvia multiple paths The two abovementioned works aim toresist link DDoS attacks while our work aimed at resistingsniffer attack increases the cost of attackers through changesof ends and routing paths
3 Basic Principles of DHC
In static configuration based network communication whentwo hosts communicate on one connection all the packets incommunication contain information about this connectionand the transmission path of the communication packets isstatic These two facts provide convenience for attackers tosniff network communication Attackers are able to obtaincommunication data easily from the target by sniffing net-work flow based on target end on transmission path In DHCapproach both end and route are hopped based on SDNarchitecture Dynamic and randomness are introduced incommunication for two dimensions end and route For thedata plane random hopping end and route are configured bythe controller in every hopping period after one connectionis established In the meantime both end hopping and routehopping are achieved
In DHC ends in both communication sides hop dynami-cally The data frommultiple users will be mixed and end-to-end traffic is hidden in network background traffic Frequenthopping of the end brings difficulty for attackers to selectand sort the sniffed packets as well as recovering the initialdata Thus the difficulty of analyzing communication data isincreased Route hopping changes routing paths of the pack-ets dynamically spreading the communication traffic intomultiple routing paths In this way overhead and difficulty ofsniffing are increased since continuous communication datais difficult to obtain To sum up double hopping of both endand route limits the communication data that attackers canobtain and set obstacles for attackers to analyze the data
4 Basic Architecture of DHC
When conducting hopping communication in DHC endand routing path that are about to hop are selected firstThen flowtables are updated according to hopping protocolThus end hopping space and route hopping space as wellas hopping communication protocol should be taken intoconsideration to realize DHC
41 End Hopping Space End consists of IP address of thehost and port in communication It is an essential elementof communication between two hosts in network and it
uniquely defines one communication side in network Oneconnection in network communication contains IP addressesand ports of both source and destination hosts Therefore119864119868 = (IPsrc 119875src IPdst 119875dst) is defined to represent the end ofone connection End of packetsmentioned through the paperrefers to this definition In DHC end hopping space 119878EHconsists of hopping IP addresses and hopping ports GivenIP address pool Addr = IP
1 IP2 IP
119898 and hopping
port pool Port = 1198751 1198752 119875
119899 end hopping space can be
represented by
119878EH = (IPsrc 119875src IPdst 119875dst) | IPsrc IPdst isin Addr IPsrc
= IPdst 119875src 119875dst isin Port (1)
Unoccupied hopping ends are randomly selected in 119878EH toreplace the real ends in communication when the ends needhopping
42 Route Hopping Space One routing path betweensource and destination hosts is a sequence thatconsists of forwarding nodes (ie OF switch) Define119875119886119905ℎ = ⟨119899119900119889119890src 1198991199001198891198901 1198991199001198891198902 119899119900119889119890dst⟩ where 119899119900119889119890srcconnects with source host and is called source forwardingnode (source switch) 119899119900119889119890dst connects with destinationhost and is called destination forwarding node (destinationswitch) Under SDN architecture controller has the globalnetwork view Therefore all paths connecting source anddestination hosts that satisfy certain conditions can becalculated constituting the route hopping space
Suppose the source host1198671communicates with destina-
tion host1198672 the corresponding route hopping space 1198781198671rarr1198672RH
will be calculated as follows
(1) Calculate all acyclic paths between 1198671and 119867
2that
are not longer than the maximum path length 119871according to the topology of network and constitutethe path set 119875119886119905ℎ1198781198901199051198671rarr1198672
(2) For 119875119886119905ℎ119894 119875119886119905ℎ
119895isin 119875119886119905ℎ119878119890119905
1198671rarr1198672 if119873119900119889119890119904(119875119886119905ℎ
119894) sub
119873119900119889119890119904(119875119886119905ℎ119895) holds delete 119875119886119905ℎ
119895from path set
119875119886119905ℎ1198781198901199051198671rarr1198672 where 119873119900119889119890119904(119875119886119905ℎ
119894) represents the
set of nodes that path 119875119886119905ℎ119894passes The reason for
deleting119875119886119905ℎ119895is that no node in119875119886119905ℎ
119894can be avoided
when packets pass along 119875119886119905ℎ119895 which leads to a
longer path
The route hopping space 1198781198671rarr1198672RH is obtained from thesteps above If |1198781198671rarr1198672RH | gt 1holds the paths in 1198781198671rarr1198672RH satisfythe following forall119875119886119905ℎ
119894 119875119886119905ℎ
119895isin 1198781198671rarr1198672
RH 119875119886119905ℎ119894= 119875119886119905ℎ
119895 there
exists 119899119900119889119890 isin 119873119900119889119890119904(119875119886119905ℎ119894) and 119899119900119889119890 notin 119873119900119889119890119904(119875119886119905ℎ
119895)
which means that 119875119886119905ℎ119895does not pass at least one node in
119875119886119905ℎ119894
In order to guarantee the unpredictability of the hoppingpath randomness in hopping path selection is essential Onesimple method is random path selection which randomlyselects one path in 1198781198671rarr1198672RH at the beginning of each periodand takes it as the hopping path during the period Theprobability of selection for each path in 1198781198671rarr1198672RH is identical
4 Mathematical Problems in Engineering
Input (119875119886119905ℎ1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898
Output 119875119886119905ℎWeightedRandomPathSelect((119875119886119905ℎ
1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898)
(1) sum = 0(2) for 119894 in (1 2 119906)(3) new sumlarr sum + 119908
119894
(4) if sum lt RandNum le new sum(5) return 119875119886119905ℎ
119894
(6) else sum = new sum
Algorithm 1 Weighted random path selection algorithm
However traffic may be forwarded unbalanced by the nodeswhich means possibility of large amount of traffic forwardedby one single node exists In this case if attackers sniff on thisspecific node large amount of communication data will beobtained easily The reason is that paths in 1198781198671rarr1198672RH intersectFortunately this threat can be eliminated in DHC by usingweighted random path selection
For a node we define 1198621198671rarr1198672(119899119900119889119890) as the numberof paths in route hopping space 1198781198671rarr1198672RH that pass through119899119900119889119890 For a node set 119904119890119905 we define 1198621198671rarr1198672(119904119890119905) =
1198621198671rarr1198672(119899119900119889119890) | 119899119900119889119890 isin 119904119890119905 Suppose that for one
connection between hosts 1198671and 119867
2 there is 119875119886119905ℎ
119896isin
1198781198671rarr1198672
RH 119889(119875119886119905ℎ119896) donates the node set that contains the
nodes left after common nodes (eg source forwarding nodeand destination forwarding node) through which all paths in1198781198671rarr1198672
RH pass are deleted The weight of 119875119886119905ℎ119896is defined
119882119890119894119892ℎ119905 (119875119886119905ℎ119896)
=
1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ119896)))
sum119875119886119905ℎ119894isin1198781198671 rarr1198672
RH(1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ
119894))))
(2)
where the function Max gets the maximum value in1198621198671rarr1198672(119904119890119905) By using the weighting function above lower
weight is assigned to paths with nodes that more paths crossTherefore chances for overmuch traffic passes through onesingle node (except common nodes for all paths) in networkdue to intersection are eliminated
Weighted random path selection algorithm is shown inAlgorithm 1 The probability of one path to be chosen isset as the weight for the path The inputs of the algorithminclude paths (119875119886119905ℎ
1 119875119886119905ℎ
119906) in route hopping space
1198781198671rarr1198672
RH corresponding weights (1199081 119908
119906) and a random
number 119877119886119899119889119873119906119898 isin [0 1] In the algorithm weightsare accumulated for each path in steps 2 to 6 The pathcorresponding to the weight is returned when the sum ofaccumulated weights is bigger than or equal to the randomnumber 119877119886119899119889119873119906119898
43 DHC Protocol In DHC for each period 119879hop onehopping end ℎ119864119868 and one path from source to destination119875119886119905ℎ are randomly chosen New flow entries are generated bythe controller and installed in OF switches End of packetsfrom source host is modified to ℎ119864119868 and these packets are
transmitted to destination host along 119875119886119905ℎ Then doublehopping of end and route with period 119879hop as granularity isrealized
431 Double Hopping The basic protocol of DHC is illus-trated in Figure 1 It is a network with SDN architecture inwhich host 119867
1communicates with119867
2 Denote end hopping
space as 119878EH and route hopping space of the communicationas 1198781198671rarr1198672RH Firstly initial end 119903119864119868 = (IP
1 1198751 IP2 1198752)
is generated by 1198671according to the real IP address and
port of two communication sides then the address of thecommunication is determined
Detailed steps of double hopping are as follows
(1) The first packet containing 119903119864119868 is sent to the networkby 1198671 OF switch 119878
1receives the packet and encap-
sulates it as a packet-in message Then the packet-inmessage is sent to the controller
(2) The packet-in message is deencapsulated by thecontroller and 119903119864119868 is extracted Then hopping endℎ1198641198681= (IP1015840
1 1198751015840
1 IP10158402 1198751015840
2) is selected randomly in
119878EH Route hopping space 1198781198671rarr1198672RH is calculated bythe controller and 119875119886119905ℎ
1= (119878
1 1198782 1198785) is chosen
using weighted random path selection algorithmWith the knowledge of ℎ119864119868
1and 119875119886119905ℎ
1 controller
generates flow entries encapsulated as modify-statemessages and sends them to OF switches 119878
1 1198782 and
1198785 Corresponding modification and routing of the
packets are conducted(3) Ends (IP
1 1198751 IP2 1198752) in the packets are modified to
(IP10158401 1198751015840
1 IP10158402 1198751015840
2) by source switch 119878
1and the modified
packets are forwarded to OF switch 1198782then to desti-
nation switch 1198781
(4) Ends (IP10158401 1198751015840
1 IP10158402 1198751015840
2) in the packets are recovered
to the 119903119864119868 and forwarded to host 1198672by destination
switch 1198785 Then119867
2receives the packets from119867
1
In this communication the hopping end is recalculatedby the controller for a hopping period119879hop and is representedas ℎ119864119868
2= (IP101584010158401 11987510158401015840
1 IP101584010158402 11987510158401015840
2) as shown in Figure 1 Anewpath
denoted as 119875119886119905ℎ2= (1198781 1198783 1198784 1198785) is selected in 1198781198671rarr1198672RH using
weighted random path selection algorithm Then the flowentries in OF switches are updated Source switch 119878
1modifies
the end in the packets sent from 1198671to 1198672as ℎ119864119868
2and
Mathematical Problems in Engineering 5
Controller
1
4
2
3
IP2 P2 H2
H1
(IP1 P1 IP2 P2)
(IP1 P1 IP2 P2)
S5
S4
S3
S2
S1
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
IP1 P1
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
Figure 1 An example of double hopping communication
S1 S2
S6 S7
S3 S4 S5
rEI
hEI2
hEI1
Figure 2 An example of flow entries update
forwards the modified packets along 119875119886119905ℎ2 In destination
switch 1198785 the end of these packets is recovered to the real end
(IP1 1198751 IP2 1198752)
The procedure described above does not modify the realend on both hosts Instead it modifies the end and routingpath of the communication packets dynamically in networktransmission The source and destination hosts can achievehopping communication transparently in network withoutinterrupting the ongoing communication Once the packetsof communication between119867
1and119867
2enter the network end
of the packets and routing path are hopped with time Foreach hopping period 119879hop the hopping end and route willbe reconfigured by the controller The communication willbe considered finished when the controller detects the factthat the flow entries are not hit in a hopping period via flow-removedmessages sent by switchesThus flow entries will notbe updated
432 Flow Entries Update Flow entries in OF switches needto be updated when end and route are hopped in DHCMoreover it should be guaranteed that the flow entries updateis consistent and no packet is lost Suppose that hoppingcommunication is conducted in the network topology asshown in Figure 2 Assume that the end is being hopped byswitch 119878
1currently end changes from 119903119864119868 to ℎ119864119868
1 and the
packets are being transmitted along path (1198781 1198782 1198783 1198784 1198785) At
this circumstance to hop the end of the packets from 119903119864119868 toℎ1198641198682and to hop the routing path from (119878
1 1198782 1198783 1198784 1198785) to
(1198781 1198782 1198786 1198787 1198784 1198785) the steps of updating flow entries are as
follows
(1) Controller sendsmodify-statemessages to install newflow entries in switches 119878
2 1198786 1198787 1198784 1198785for forwarding
the packets with end ℎ1198641198682 At this time the new flow
entries will not be hit by packets because there are nopackets in the network that contain the end ℎ119864119868
2
(2) Controller sendsmodify-statemessages tomodify theflow entry in switch 119878
1 thus the end of packets is
converted from 119903119864119868 to ℎ1198641198682
(3) Controller sends modify-state messages to delete theold flow entries in switches 119878
2 1198783 1198784 1198785after themax-
imum transmission delay of path (1198781 1198782 1198783 1198784 1198785) is
reached
The method to update the flow entries described abovecan guarantee that the traffic is routed by the old flow entriesduring update avoiding packets loss In addition traffic isrouted by the updated flow entries after update maintainingper-packet consistency
5 Prototype Deployment andSimulation Experiment
51 Prototype Deployment To verify the performance andsecurity of DHC DhcFlower a prototype based on SDNcontroller is implemented As shown in Figure 3 DhcFlowerruns on the top of SDN controller which manages switchesthrough OpenFlow
In the prototype deployment of DHC TopologyDiscov-ery reports the changes of network topology and updates viewof network FlowMonitor monitors the flow state of networkto find initiation and termination of connections Based onthe view and flow state of network DhcFlower chooses theends and routing paths to convert network configurations
Detailed structure of DhcFlower is shown in Figure 4TopologyDiscovery updates topology database TopologyInfowith the changes of network topology Using the networktopology information hopping path calculator calculatesmultiple paths of each pair of nodes and stores hoppingpath information in the hopping path pool Hopping endsare stored in Hopping end pool With hopping end pooland hopping path pool double hopping engine as thecore module chooses the hopping end and path based onflow state information Afterwards strategies of hopping aregenerated Flow updater generates flow entries based onhopping strategies and updates the flowtables in a specificorder
52 Simulation Experiment To evaluate DHC we have oper-ated our implement prototype over the Mininet [26]
Open-
Flow 10 [27] is applied and POX [28] is used as controllerA class B address block is chosen as hopping IP address pooland hopping port pool denoted as 0 1 65535 Network
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
4 Mathematical Problems in Engineering
Input (119875119886119905ℎ1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898
Output 119875119886119905ℎWeightedRandomPathSelect((119875119886119905ℎ
1 119875119886119905ℎ
119906) (1199081 119908
119906) 119877119886119899119889119873119906119898)
(1) sum = 0(2) for 119894 in (1 2 119906)(3) new sumlarr sum + 119908
119894
(4) if sum lt RandNum le new sum(5) return 119875119886119905ℎ
119894
(6) else sum = new sum
Algorithm 1 Weighted random path selection algorithm
However traffic may be forwarded unbalanced by the nodeswhich means possibility of large amount of traffic forwardedby one single node exists In this case if attackers sniff on thisspecific node large amount of communication data will beobtained easily The reason is that paths in 1198781198671rarr1198672RH intersectFortunately this threat can be eliminated in DHC by usingweighted random path selection
For a node we define 1198621198671rarr1198672(119899119900119889119890) as the numberof paths in route hopping space 1198781198671rarr1198672RH that pass through119899119900119889119890 For a node set 119904119890119905 we define 1198621198671rarr1198672(119904119890119905) =
1198621198671rarr1198672(119899119900119889119890) | 119899119900119889119890 isin 119904119890119905 Suppose that for one
connection between hosts 1198671and 119867
2 there is 119875119886119905ℎ
119896isin
1198781198671rarr1198672
RH 119889(119875119886119905ℎ119896) donates the node set that contains the
nodes left after common nodes (eg source forwarding nodeand destination forwarding node) through which all paths in1198781198671rarr1198672
RH pass are deleted The weight of 119875119886119905ℎ119896is defined
119882119890119894119892ℎ119905 (119875119886119905ℎ119896)
=
1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ119896)))
sum119875119886119905ℎ119894isin1198781198671 rarr1198672
RH(1Max (1198621198671rarr1198672 (119889 (119875119886119905ℎ
119894))))
(2)
where the function Max gets the maximum value in1198621198671rarr1198672(119904119890119905) By using the weighting function above lower
weight is assigned to paths with nodes that more paths crossTherefore chances for overmuch traffic passes through onesingle node (except common nodes for all paths) in networkdue to intersection are eliminated
Weighted random path selection algorithm is shown inAlgorithm 1 The probability of one path to be chosen isset as the weight for the path The inputs of the algorithminclude paths (119875119886119905ℎ
1 119875119886119905ℎ
119906) in route hopping space
1198781198671rarr1198672
RH corresponding weights (1199081 119908
119906) and a random
number 119877119886119899119889119873119906119898 isin [0 1] In the algorithm weightsare accumulated for each path in steps 2 to 6 The pathcorresponding to the weight is returned when the sum ofaccumulated weights is bigger than or equal to the randomnumber 119877119886119899119889119873119906119898
43 DHC Protocol In DHC for each period 119879hop onehopping end ℎ119864119868 and one path from source to destination119875119886119905ℎ are randomly chosen New flow entries are generated bythe controller and installed in OF switches End of packetsfrom source host is modified to ℎ119864119868 and these packets are
transmitted to destination host along 119875119886119905ℎ Then doublehopping of end and route with period 119879hop as granularity isrealized
431 Double Hopping The basic protocol of DHC is illus-trated in Figure 1 It is a network with SDN architecture inwhich host 119867
1communicates with119867
2 Denote end hopping
space as 119878EH and route hopping space of the communicationas 1198781198671rarr1198672RH Firstly initial end 119903119864119868 = (IP
1 1198751 IP2 1198752)
is generated by 1198671according to the real IP address and
port of two communication sides then the address of thecommunication is determined
Detailed steps of double hopping are as follows
(1) The first packet containing 119903119864119868 is sent to the networkby 1198671 OF switch 119878
1receives the packet and encap-
sulates it as a packet-in message Then the packet-inmessage is sent to the controller
(2) The packet-in message is deencapsulated by thecontroller and 119903119864119868 is extracted Then hopping endℎ1198641198681= (IP1015840
1 1198751015840
1 IP10158402 1198751015840
2) is selected randomly in
119878EH Route hopping space 1198781198671rarr1198672RH is calculated bythe controller and 119875119886119905ℎ
1= (119878
1 1198782 1198785) is chosen
using weighted random path selection algorithmWith the knowledge of ℎ119864119868
1and 119875119886119905ℎ
1 controller
generates flow entries encapsulated as modify-statemessages and sends them to OF switches 119878
1 1198782 and
1198785 Corresponding modification and routing of the
packets are conducted(3) Ends (IP
1 1198751 IP2 1198752) in the packets are modified to
(IP10158401 1198751015840
1 IP10158402 1198751015840
2) by source switch 119878
1and the modified
packets are forwarded to OF switch 1198782then to desti-
nation switch 1198781
(4) Ends (IP10158401 1198751015840
1 IP10158402 1198751015840
2) in the packets are recovered
to the 119903119864119868 and forwarded to host 1198672by destination
switch 1198785 Then119867
2receives the packets from119867
1
In this communication the hopping end is recalculatedby the controller for a hopping period119879hop and is representedas ℎ119864119868
2= (IP101584010158401 11987510158401015840
1 IP101584010158402 11987510158401015840
2) as shown in Figure 1 Anewpath
denoted as 119875119886119905ℎ2= (1198781 1198783 1198784 1198785) is selected in 1198781198671rarr1198672RH using
weighted random path selection algorithm Then the flowentries in OF switches are updated Source switch 119878
1modifies
the end in the packets sent from 1198671to 1198672as ℎ119864119868
2and
Mathematical Problems in Engineering 5
Controller
1
4
2
3
IP2 P2 H2
H1
(IP1 P1 IP2 P2)
(IP1 P1 IP2 P2)
S5
S4
S3
S2
S1
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
IP1 P1
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
Figure 1 An example of double hopping communication
S1 S2
S6 S7
S3 S4 S5
rEI
hEI2
hEI1
Figure 2 An example of flow entries update
forwards the modified packets along 119875119886119905ℎ2 In destination
switch 1198785 the end of these packets is recovered to the real end
(IP1 1198751 IP2 1198752)
The procedure described above does not modify the realend on both hosts Instead it modifies the end and routingpath of the communication packets dynamically in networktransmission The source and destination hosts can achievehopping communication transparently in network withoutinterrupting the ongoing communication Once the packetsof communication between119867
1and119867
2enter the network end
of the packets and routing path are hopped with time Foreach hopping period 119879hop the hopping end and route willbe reconfigured by the controller The communication willbe considered finished when the controller detects the factthat the flow entries are not hit in a hopping period via flow-removedmessages sent by switchesThus flow entries will notbe updated
432 Flow Entries Update Flow entries in OF switches needto be updated when end and route are hopped in DHCMoreover it should be guaranteed that the flow entries updateis consistent and no packet is lost Suppose that hoppingcommunication is conducted in the network topology asshown in Figure 2 Assume that the end is being hopped byswitch 119878
1currently end changes from 119903119864119868 to ℎ119864119868
1 and the
packets are being transmitted along path (1198781 1198782 1198783 1198784 1198785) At
this circumstance to hop the end of the packets from 119903119864119868 toℎ1198641198682and to hop the routing path from (119878
1 1198782 1198783 1198784 1198785) to
(1198781 1198782 1198786 1198787 1198784 1198785) the steps of updating flow entries are as
follows
(1) Controller sendsmodify-statemessages to install newflow entries in switches 119878
2 1198786 1198787 1198784 1198785for forwarding
the packets with end ℎ1198641198682 At this time the new flow
entries will not be hit by packets because there are nopackets in the network that contain the end ℎ119864119868
2
(2) Controller sendsmodify-statemessages tomodify theflow entry in switch 119878
1 thus the end of packets is
converted from 119903119864119868 to ℎ1198641198682
(3) Controller sends modify-state messages to delete theold flow entries in switches 119878
2 1198783 1198784 1198785after themax-
imum transmission delay of path (1198781 1198782 1198783 1198784 1198785) is
reached
The method to update the flow entries described abovecan guarantee that the traffic is routed by the old flow entriesduring update avoiding packets loss In addition traffic isrouted by the updated flow entries after update maintainingper-packet consistency
5 Prototype Deployment andSimulation Experiment
51 Prototype Deployment To verify the performance andsecurity of DHC DhcFlower a prototype based on SDNcontroller is implemented As shown in Figure 3 DhcFlowerruns on the top of SDN controller which manages switchesthrough OpenFlow
In the prototype deployment of DHC TopologyDiscov-ery reports the changes of network topology and updates viewof network FlowMonitor monitors the flow state of networkto find initiation and termination of connections Based onthe view and flow state of network DhcFlower chooses theends and routing paths to convert network configurations
Detailed structure of DhcFlower is shown in Figure 4TopologyDiscovery updates topology database TopologyInfowith the changes of network topology Using the networktopology information hopping path calculator calculatesmultiple paths of each pair of nodes and stores hoppingpath information in the hopping path pool Hopping endsare stored in Hopping end pool With hopping end pooland hopping path pool double hopping engine as thecore module chooses the hopping end and path based onflow state information Afterwards strategies of hopping aregenerated Flow updater generates flow entries based onhopping strategies and updates the flowtables in a specificorder
52 Simulation Experiment To evaluate DHC we have oper-ated our implement prototype over the Mininet [26]
Open-
Flow 10 [27] is applied and POX [28] is used as controllerA class B address block is chosen as hopping IP address pooland hopping port pool denoted as 0 1 65535 Network
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 5
Controller
1
4
2
3
IP2 P2 H2
H1
(IP1 P1 IP2 P2)
(IP1 P1 IP2 P2)
S5
S4
S3
S2
S1
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
(IP998400
1 P
998400
1 IP998400
2 P
998400
2)
IP1 P1
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
(IP998400998400
1 P
998400998400
1 IP998400998400
2 P
998400998400
2)
Figure 1 An example of double hopping communication
S1 S2
S6 S7
S3 S4 S5
rEI
hEI2
hEI1
Figure 2 An example of flow entries update
forwards the modified packets along 119875119886119905ℎ2 In destination
switch 1198785 the end of these packets is recovered to the real end
(IP1 1198751 IP2 1198752)
The procedure described above does not modify the realend on both hosts Instead it modifies the end and routingpath of the communication packets dynamically in networktransmission The source and destination hosts can achievehopping communication transparently in network withoutinterrupting the ongoing communication Once the packetsof communication between119867
1and119867
2enter the network end
of the packets and routing path are hopped with time Foreach hopping period 119879hop the hopping end and route willbe reconfigured by the controller The communication willbe considered finished when the controller detects the factthat the flow entries are not hit in a hopping period via flow-removedmessages sent by switchesThus flow entries will notbe updated
432 Flow Entries Update Flow entries in OF switches needto be updated when end and route are hopped in DHCMoreover it should be guaranteed that the flow entries updateis consistent and no packet is lost Suppose that hoppingcommunication is conducted in the network topology asshown in Figure 2 Assume that the end is being hopped byswitch 119878
1currently end changes from 119903119864119868 to ℎ119864119868
1 and the
packets are being transmitted along path (1198781 1198782 1198783 1198784 1198785) At
this circumstance to hop the end of the packets from 119903119864119868 toℎ1198641198682and to hop the routing path from (119878
1 1198782 1198783 1198784 1198785) to
(1198781 1198782 1198786 1198787 1198784 1198785) the steps of updating flow entries are as
follows
(1) Controller sendsmodify-statemessages to install newflow entries in switches 119878
2 1198786 1198787 1198784 1198785for forwarding
the packets with end ℎ1198641198682 At this time the new flow
entries will not be hit by packets because there are nopackets in the network that contain the end ℎ119864119868
2
(2) Controller sendsmodify-statemessages tomodify theflow entry in switch 119878
1 thus the end of packets is
converted from 119903119864119868 to ℎ1198641198682
(3) Controller sends modify-state messages to delete theold flow entries in switches 119878
2 1198783 1198784 1198785after themax-
imum transmission delay of path (1198781 1198782 1198783 1198784 1198785) is
reached
The method to update the flow entries described abovecan guarantee that the traffic is routed by the old flow entriesduring update avoiding packets loss In addition traffic isrouted by the updated flow entries after update maintainingper-packet consistency
5 Prototype Deployment andSimulation Experiment
51 Prototype Deployment To verify the performance andsecurity of DHC DhcFlower a prototype based on SDNcontroller is implemented As shown in Figure 3 DhcFlowerruns on the top of SDN controller which manages switchesthrough OpenFlow
In the prototype deployment of DHC TopologyDiscov-ery reports the changes of network topology and updates viewof network FlowMonitor monitors the flow state of networkto find initiation and termination of connections Based onthe view and flow state of network DhcFlower chooses theends and routing paths to convert network configurations
Detailed structure of DhcFlower is shown in Figure 4TopologyDiscovery updates topology database TopologyInfowith the changes of network topology Using the networktopology information hopping path calculator calculatesmultiple paths of each pair of nodes and stores hoppingpath information in the hopping path pool Hopping endsare stored in Hopping end pool With hopping end pooland hopping path pool double hopping engine as thecore module chooses the hopping end and path based onflow state information Afterwards strategies of hopping aregenerated Flow updater generates flow entries based onhopping strategies and updates the flowtables in a specificorder
52 Simulation Experiment To evaluate DHC we have oper-ated our implement prototype over the Mininet [26]
Open-
Flow 10 [27] is applied and POX [28] is used as controllerA class B address block is chosen as hopping IP address pooland hopping port pool denoted as 0 1 65535 Network
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
6 Mathematical Problems in Engineering
Controller
DhcFlower TopologyDiscoveryFlowMonitor
OF switches
OpenFlow
Figure 3 DHC prototype deployment
Double hopping
Hopping pathcalculator
Flow updater
Controller
DhcFlower
Hoppingpath pool
FlowMoniterTopology TopologyDiscovery Flowsentries
Hoppingend pool
engine
info
Figure 4 Makeup of DhcFlower
topology proposed by [29] is applied which has 16 nodes(forwarding nodes) as illustrated in Figure 5 The maximumpath length 119871 is set to 32
521 Validation of the Effectiveness of End Hopping UDPpackets from terminal on node 1 are sent to terminal on node16 for 500 s Packets are sniffed on the forwarding nodes andthe number of ends received on each node is counted Thesniffing results in DHC and traditional network are shown inFigure 6
As demonstrated in Figure 6 on some forwarding nodesin traditional network such as nodes 4 7 8 and 12 onlyone end is able to be sniffed However in DHC apart fromsource and destination forwarding nodes multiple ends canbe sniffed on other forwarding nodes Due to the invariantof packetsrsquo end in traditional networks end that is sniffedstays unchangeable which brings convenience for attackersAttackers can launch a targeted sniffer to any connection andobtain the complete communication data of the connection
In DHC end changes randomly and periodically The endssniffed on forwarding nodes between source and destinationhosts are various It is difficult for attackers to determinethe ends from the same connection increasing the difficultyin reconstructing the communication data Moreover themore frequently ends hop the more ends will be sniffed onforwarding nodes It can be seen in Figure 6 that more endsare sniffed when 119879hop = 5 s compared with 119879hop = 10 s Inaddition fewer ends can be sniffed on forwarding node 9than other nodes as can be seen in the figure The reason isthat fewer paths pass through forwarding node 9 than othernodes thus the probability of being hit by weighted randomselection is lower
522 Validation of the Effectiveness of Route Hopping Inthe experiment 106 packets are transmitted from node 5to node 6 with the speed of 104 packets per second Thehopping period 119879hop is set to 5 s Packets are sniffed onthe forwarding nodes and the number of packets sniffed
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 7
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Figure 5 Network topology applied in the experiment
0
10
20
30
40
50
60
70
80
90
The n
umbe
r of s
niffe
d en
ds
3 4 5 6 7 8 9 10 11 12 13 14 152Forwarding node
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 6 Number of ends sniffed from single flow
is counted In DHC network random path selection andweighted random path selection are applied to conducthopping communication Sniffing results are compared withtraditional network communication as shown in Figure 7
In Figure 7 the vertical coordinate stands for the fractionof all the packets transmitted from node 5 to node 6 Aswe can see in traditional network complete communicationdata from source host to destination host can be sniffed onsome nodes (eg nodes 6 11 and 12) which means thatattackers can sniff complete data on any of the nodes andfurther data analysis is possible Since shortest-path routing isapplied in traditional network and the path stays unchangedduring communication the complete communication data
1 2 3 4 6 7 8 9 10 11 12 13 14 15Forwarding node
DHC with random path selectionDHC with weighted path selectionTraditional network
0
02
04
06
08
1
Frac
tion
of th
e tra
nsm
itted
pac
kets
Figure 7 Percentage of packets sniffed from single flow
can be obtained on any node that the shortest path goesthrough In DHC packets of a connection are distributedto several paths by route hopping It is difficult for attackersto sniff complete data on single forwarding node Possibilityfor sniffing large amount of data on a certain nodes exists ifrandom path selection is applied As shown in Figure 7 morethan 50 of the data can be sniffed on forwarding nodes 48 and 12 Applying weighed random path selection can avoidexcessive traffic passing through certain nodes The reason isthat lower weight is assigned to paths with nodes that morepaths cross
523 Validation of Effectiveness of Antisniffer Attack In theexperiment 100MB data had been transmitted from node 1to node 16 for 500 sThe hopping period119879hop is set to 5 s Datais sniffed on node sets 1198601 = 8 1198602 = 8 9 1198603 = 8 9 10and 1198604 = 8 9 10 11 respectively The shortest path fromnode 1 to node 16 is 1 rarr 4 rarr 7 rarr 8 rarr 12 rarr 16 Thepercentage of data sniffed on node sets119860111986021198603 and1198604 ispresented in Figure 8
As illustrated in Figure 8 complete communication datacan be sniffed on all sniffed node sets 1198601 1198602 1198603 and1198604 in traditional network since they all contain node 8 onthe shortest path on which complete data can be sniffedHowever in DHC complete data cannot be obtained fromnode sets 1198601 1198602 and 1198603 since route hopping is appliedThe percentage of data sniffed on 1198601 and 1198602 is the samebecause traffic passes through1198602 and also passes through1198601Only1198604 can sniff the complete communication data in DHCHowever ends of the data are diverse because of end hoppingWe consider that packetswith the same end are static data thatattackers can obtain The static data that attackers can obtainin hopping communication is far less than that in traditionalnetwork
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
8 Mathematical Problems in Engineering
A1 A2 A3 A4
The sniffed set
The sniffed data in DHCThe sniffed static data in traditional networkThe sniffed static data in DHC
0
02
04
06
08
10
Frac
tion
of sn
iffed
dat
a
Figure 8 Percentage of data that can be sniffed by attackers
0
200
400
600
800
1000
1200
1400
Dat
a tra
nsm
issio
n tim
e (s)
10 100 200 500 10001The amount of data transmitted (MB)
Traditional networkDHCmdashThop = 10 sDHCmdashThop = 5 s
Figure 9 Performance of forwarding in DHC
524 Performance of DHC In the experiment bandwidthof all connections in network topology is set to 10MbsData is transmitted from terminal on node 1 to terminalon node 16 using File Transfer Protocol (FTP) Time fordata transmission in both DHC and traditional network isrecorded Results are shown in Figure 9
As can be seen in Figure 9 time consumption of datatransmission in DHC increased in comparison with tradi-tional networkThe reason is that multiple paths from sourceto destination are selected including longer paths On thecontrary the data is routed by the shortest path in traditionalnetworkTherefore transmission time in DHC is longer thanthat in traditional network But the increase is less than 7
when119879hop = 5 s in the experiment Routing path hopping of aconnection results in a small amount of disordered packets atreceiving end when new period startsThen retransmission iscausedTherefore themore frequently the entries update flowthe more likely the retransmission happens We can also seefrom Figure 9 that longer time will be consumed to transmitdata when 119879hop = 5 s compared with 119879hop = 10 s
6 Analysis
In DHC each hopping connection needs to occupy hoppingends in every period In Section 61 the number of hoppingconnections that can be supported in DHC network that ishopping network capacity is analyzed DHC brings difficultyfor attackers to obtain complete data and to reconstructdata Therefore communication security is improved Theobtaining and reconstruction of communication data arediscussed in Sections 62 and 63Theunpredictability and thecost of DHC are analyzed in Sections 64 and 65 respectively
61 Capacity of Hopping Network Suppose the sizes ofhopping IP address pool and port pool are |Addr| and |Port|respectivelyThe number of all the ends (IPsrc 119875src IPdst 119875dst)
is |Addr|2 times |Port|2 and the number of the ends is |Addr| times|Port|2 when IPsrc = IPdst According to the definition ofend valid ends require IPsrc = IPdst so the size of valid endhopping space 119878EH can be calculated by
1003816100381610038161003816119878EH1003816100381610038161003816= |Addr|2 times |Port|2 minus |Addr| times |Port|2 (3)
In DHC end hopping is performed in both directions ofone connection which means that at any moment oneconnection needs two ends Assuming 119905 hopping connectionsexist simultaneously in network 2119905 ends will be needed so|119878EH|minus2119905 ends are left To ensure high randomness in hoppingend selection enough unoccupied hopping ends in 119878EH arenecessary Suppose the maximum occupancy rate in endhopping space 119878EH is 120572 that is there are at least (1 minus 120572)|119878EH|ends unoccupied Then inequality (4) holds
(1 minus 120572)1003816100381610038161003816119878EH1003816100381610038161003816le1003816100381610038161003816119878EH1003816100381610038161003816minus 2119905
119905 le
1
2
1205721003816100381610038161003816119878EH1003816100381610038161003816
(4)
Therefore the maximum number of hopping connectionsallowed in DHC is (12)120572|119878EH| that is the capacity ofhopping network is (12)120572|119878EH|
Combining (3) and inequality (4) the following inequal-ity can be obtained
119905 le
1
2
120572 (|Addr|2 times |Port|2 minus |Addr| times |Port|2) (5)
Assume |Port| = 216 |Addr| = 216 (hopping IP address poolis a class B address block) and 120572 = 08 DHC can support737 times 10
18 connections hopping simultaneously
62 Analysis of Complete Communication Data Obtaining byAttackers We hypothesize that attackers can sniff part of the
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 9
forwarding nodes in network randomly Suppose networktopology119866 = ⟨119881 119864⟩ is an undirected connected graph where119881 is a set of forwarding nodes and 119864 is a set of links 119881contains 119898 forwarding nodes and attackers can randomlysniff 119899 of them simultaneously (119899 le 119898) Sniffed node setconsisting of these sniffed forwarding nodes is denoted as119881119899
sniff 119881119899
sniff sube 119881 and |119881119899sniff | = 119899Source host ℎ119900119904119905src communicates with destination host
ℎ119900119904119905dst Source and destination forwarding nodes are denotedas 119899119900119889119890src and 119899119900119889119890dst respectively Assume there are 119904 nodeson the shortest path between ℎ119900119904119905src and ℎ119900119904119905dst (1 le 119904 le119898) which constitute node set 119880119904 In traditional network if119881119899
listen cap 119880119904= complete communication data between
ℎ119900119904119905src and ℎ119900119904119905dst can be obtained by attackers If 119881119899listen cap119880119904= no communication data can be sniffed The
probability of attackers obtaining complete communicationdata in traditional network can be calculated by (6) where119862119899
119898is number of all 119881119899sniff and 119862119899
119898minus119904is the number of 119881119899sniff
when 119881119899listen cap 119880119904= So 119862119899
119898minus 119862119899
119898minus119904represents the number
of 119881119899sniff when 119881119899listen cap 119880119904=
119875traditional =119862119899
119898minus 119862119899
119898minus119904
119862119899
119898
(6)
InDHC attackers can sniff complete data between ℎ119900119904119905srcand ℎ119900119904119905dst if 119899119900119889119890src isin 119881
119899
sniff or 119899119900119889119890dst isin 119881119899
sniff Thenumber of such 119881119899sniff is 1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2 In other cases
if 119899119900119889119890src notin 119881119899
listen and 119899119900119889119890dst notin 119881119899
listen to sniff completedata one vertex cut-set 119881cut should be contained in 119881119899sniff and 119899119900119889119890src and 119899119900119889119890dst should be cut by 119881cut into differentconnected subgraphs that is 119881119899sniff supe 119881cut exists where 119866 iscut by 119881cut into 119896 connected subgraphs 119866
1 1198662 119866
119896 and
119899119900119889119890src isin 119866119894 and 119899119900119889119890dst isin 119866119895 1 le 119894 119895 le 119896 and 119894 = 119895hold Suppose there exists119876119899srcdst sniffed node set119881
119899
sniff where119881119899
sniff contains such 119881cut in this case Then the probability ofattackers obtaining complete data between ℎ119900119904119905src and ℎ119900119904119905dstcan be calculated by
119875hop =1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst
119862119899
119898
(7)
Proposition 1 The probability of attackers obtaining completedata in traditional network on one communication is not lessthan that in DHC that is 119875traditional ge 119875hop
The proof process of this proposition is shown in theAppendix In the network topology shown in Figure 5suppose a host on node 1 communicates with a host on node16The shortest path fromnode 1 to node 16 contains 6 nodesAttackers can sniff 119899 nodes randomly (1 le 119899 le 16) Prob-abilities of attackers obtaining complete data in traditionalnetwork and DHC network are shown in Figure 10
As can be seen from Figure 10 probability of attackersobtaining complete data increases when number of sniffednodes increases both in traditional and DHC network But119875hop le 119875traditional always holds Probability of attackersobtaining complete data is 1 in both traditional and DHCnetwork when the number of sniffed nodes is more than10 Although probability of attackers sniffing complete data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16The number of monitored nodes
DHCTraditional network
0
02
04
06
08
1
The p
roba
bilit
y of
obt
aini
ng co
mpl
ete
com
mun
icat
ion
data
Figure 10 Probability of obtaining complete data
increases in DHC network when large number of forwardingnodes are sniffed attackers obtain more irrelevant dataSince end hops constantly during a communication attackerscannot pick out the traffic that belongs to the target from thesniffed data easily which increases the difficulty for attackersto reconstruct and recover communication data
63 Analysis of Communication Data Reconstruction forAttackers Reconstruction of communication data requirescomplete data in this communication Assume attackers cansniff complete data in communication between source anddestination hosts in this section In traditional networkattackers can deduce the positions of both communicationsides and upper layer protocol according to IP and portof the sniffed packets Useless packets can be eliminatedbased on the end and the target communication data canbe obtained However in DHC network no real end fromsource and destination hosts can be sniffed by attackers ifsource and host forwarding nodes are not sniffed Data incommunication is distributed to various flows that attackersare not able to distinguish Suppose that there are 119891sniffflows in the sniffed data among which 119891real flows containthe data of target connections (119891real le 119891sniff ) and differentends are applied in different connections There are 119862ℎ
119891sniffcombinations since attackers randomly choose ℎ flows from119891sniff flows Attackers can reconstruct communication dataproperly with only one combination that is 119862119891real
119891real= 1
Given that attackers select several flows randomly for asingle time to reconstruct communication data probabilityof reconstructing data properly can be calculated with
119875once =119862119891real119891real
1198621
119891sniff+ 1198622
119891sniff+ sdot sdot sdot + 119862
119891sniff119891sniff
=
1
2119891sniff minus 1
(8)
As shown in (8) probability of attackers reconstructing datasuccessfully with a single time decreases exponentially with
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
10 Mathematical Problems in Engineering
Table 1 Comparison of packet transmission time between traditional network and DHC network
Approach Average cost of packet transmission time Period of flow update Routing pathTraditional 119905 times 119897
119904Infinite The shortest path from source to destination
DHC 119905 times 119897119886
119879hop Multiple paths from source to destination
the increase of number of flows sniffedThemore data sniffedthe more difficulties for successful data reconstruction Sinceattackers cannot determine the timing of target communi-cation easily due to end hopping longer sniffing time isneeded to obtain complete communication data Thereforelarge amount of irrelevant data is obtained increasing thedifficulty for data reconstruction Given 119891sniff = 100 and119891real = 10 the probability of attackers reconstructing datacorrectly by selecting several flows randomly for one timewould be 789 times 10minus31
64 Analysis of Unpredictability Since the end and routehop randomly in DHC (detailed information is illustratedin Section 43) the end and route used in next period cannot be predicted precisely Under the condition of exposingDHC protocol end hopping space and route hopping spaceDHC can still increase the cost of sniffer attackers andresist sniffer attacks Suppose that an attacker with all theinformation above sniffs the DHC network for a targetcommunication then shewill face the following difficulties inlaunching sniffer attack Firstly even though DHC protocolis transparent to the attacker a targeted sniffer attack cannot be launched thanks to the randomness of end and routehopping Secondly it is hard for the attacker to get completecommunication data during sniffing due to periodical hop-ping of route Thirdly the attacker will get a large number ofends because of frequent end hopping which prevents theattacker from extracting the right packets belonging to thetarget communication when shehe attempts to recover com-munication data So the unpredictability of DHC guaranteesthat it can resist sniffer attack under the condition of exposingDHC protocol and network information
65 Analysis of Cost Under traditional routing schemes thepackets are routed along the shortest path However in DHCnetwork packets may be routed along longer paths due todynamic changing of the route Therefore the cost of packettransmission time is higher in DHC Let 119897
119904denote length (the
length of a routing path is estimated by hops) of the shortestpath between source and destination 119897
119886the average length of
paths in route hopping space (119897119904le 119897119886) and 119879hop the hopping
period then the cost of packet transmission time is shown inTable 1 Moreover random selection of routing is periodicallyconducted by routing path hop of a communication whichresults in a small number of disordered packets at receivingend when a new period starts leaving no obstacles to normalcommunication
Ends and routing paths will be selected in DHC whenflow entries are generated which is more complicated thanthat in traditional networkTherefore time cost of generatingflow entries is higher in DHC Since average path is longer in
Time of flow setup in DHCTime of flow generation in DHCTime of flow setup in traditional networkTime of flow generation in traditional network
0
005
01
015
02
025
Aver
age t
ime o
verh
ead
(ms)
Different node pairs1 rarr16 3rarr 11 4rarr14 5rarr12
Figure 11 Comparison average time cost of flow entries installationin DHC and traditional network
DHC more flow entries are installed for one communicationcompared with traditional network Thus the time cost forflow entries setup is higher in DHC as well In Figure 11 theaverage time cost for installing flow entries between differentnode pairs in topology (shown in Figure 5) of DHC andtraditional network is compared As illustrated in Figure 11the average time for flow entries generation and setup inDHCis longer than that in traditional network
In the network without DHC flow entries are installedonly once at the beginning of communication while in DHCflow entries of data plane are updated periodically and hop-ping ends and paths have to be allocated for any connectionof two communication sides which brings more loads forthe controller In experiment topology 50 pairs of source anddestination hosts are chosen randomly and communicationbetween any pairs is stared The CPU utilization of DHC andtraditional network is compared in Figure 12 If controllerdoes not run DHC the load is low because the flow entryis not periodically updated Therefore the CPU utilization isunder 10 as shown in Figure 12 If a controller runs DHCthe load increases due to periodical updating of flow entriesIt can be found in the figure that CPU utilization is muchhigher when controller runsDHCWhen119879hop = 5 s the CPUutilization is between 20 and 40 and when 119879hop = 10 sthe CPU utilization is between 10 and 30 The shorterhopping period enables more controller operations So when119879hop = 5 s CPUutilization of a controller is higher thanwhen119879hop = 10 s Controller will be the bottleneck when DHC
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 11
No DHCDHCmdashThop = 10 sDHCmdashThop = 5 s
0
10
20
30
40
50
60
CPU
util
izat
ion
()
20 30 40 50 60 70 80 90 10010Run time (s)
Figure 12 CPU utilization of controller
is used in large scale network Fortunately distributed SDNcontroller [30] is a solution to the problem
In traditional network flows are matched only by des-tination addresses So the length of routing tables is anorder of 119874(119898) given the network of 119898 nodes Howeverflows are matched by ends (including sourcedestinationaddress and ports) in DHC meaning that two flows mustbe specified for every connection (TCP or UDP) betweentwo communication sides Let 120582 denote the average speed ofconnection establishment and let 119908 denote the lasting timeof each connection then the mean length of flowtables isan order of 119874(119898120582119908) [7] Moreover to avoid packets lossDHC requires both old and new flow entries in flowtablesimultaneously for a brief period of time during whichthe cost of flowtable space increases Therefore the cost offlowtable space is higher in DHC
7 Conclusion
The centralized control and programmability of SDN makehopping communication easier to realize and deploy In thispaper end hopping and route hopping are combined anddouble hopping communication based on SDN is proposedEnd is changed dynamically in DHC so that the data frommultiple users is mixed and communication traffic can behidden in background traffic So traffic cannot be distin-guished easily and the difficulty for attackers to reconstructand recover data increases In addition the data is transmittedalong multiple paths by changing routing path dynamicallyThe difficulty for attackers to obtain complete communi-cation data is increased Results show that the approachproposed in this paper effectively enables antisniffer More-over DHC is realized completely based on software andalso transparent to terminals Controller bottleneck usuallyoccurs in large scale network of DHC In the future work adistributed controller model will be applied to deal with the
problem and feasible communication solution of DHC willbe tested in real network
Appendix
Suppose there are 119898 nodes in network topology 119866 Attackercan sniff 119899 nodes and the sniffed nodes constitute a sniffednode set 119881119899sniff (|119881119899sniff | = 119899 119899 le 119898) Given the route hoppingspace 1198781198671rarr1198672RH there are 119904 nodes in the shortest path betweensource host 119867
1and destination host 119867
2(119904 le 119898) 119881cut is
a vertex cut-set by which 119866 is cut into several connectedsubgraphs and source forwarding node 119899119900119889119890src and desti-nation forwarding node 119899119900119889119890dst are in different subgraphsSuppose there are 119876119899srcdst sniffed node set 119881119899sniff satisfying119881119899
sniff supe 119881cut Proof of the probability that attacker can obtaincomplete communication data in traditional network in onecommunication which is not less than that in DHCmdashthat is119875traditional ge 119875hopmdashis shown below
Proof Verify that 119875traditional ge 119875hop andmake sure 119875traditionalminus119875hop ge 0
Given 119875traditional = (119862119899
119898minus 119862119899
119898minus119904)119862119899
119898 119875hop = (119862
1
2119862119899minus1
119898minus2+
1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)119862119899
119898 we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 1198761
srcdst)
119862119899
119898
(A1)
Suppose the shortest path from 1198671to 1198672is 119901119886119905ℎlowast
(119901119886119905ℎlowast isin 1198781198671rarr1198672RH ) The complete communication data fromsource host to destination host can be sniffed on 119881119899sniff thenforall119901119886119905ℎ isin 119878
1198671rarr1198672
RH there exists 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎ) =
where 119873119900119889119890119904(119901119886119905ℎ) represents the set of nodes that119875119886119905ℎ passes Because 119901119886119905ℎlowast isin 119878
1198671rarr1198672
RH then 119881119899sniff cap119873119900119889119890119904(119901119886119905ℎ
lowast) = that is 119881119899sniff contains at least one node
on the shortest path (Conclusion 1)When 119899 = 1 attack sniffs 1 node in the network Then
based on (A1) we have
119875traditional minus 119875hop
=
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
1198621
119898
(A2)
In (A2) the denominator 1198621119898gt 0 and the numerator is as
follows
1198621
119898minus 1198621
119898minus119904minus (1198621
21198620
119898minus2+ 1198761
srcdst)
= 119898 minus (119898 minus 119904) minus (2 + 1198761
srcdst) = 119904 minus 2 minus 1198761
srcdst(A3)
Known by Conclusion 1 1198811sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = that
is the sniffed node is on the shortest path In the 119904 nodeson the shortest path the number of 1198811sniff which can dividesource node and destination node into different connectedsubgraphs is not more than 119904 minus 2 that is 1198761srcdst le 119904 minus 2 So
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
12 Mathematical Problems in Engineering
(A3) ge 0 can be got The numerator of (A2) is not less than0 then in (A2) 119875traditional minus 119875hop ge 0
When 119899 ge 2 attack sniffs more than 1 node in thenetwork Then based on (A1) we have
119875traditional minus 119875hop
=
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
119862119899
119898
(A4)
In (A4) denominator 119862119899119898gt 0 and the numerator is as
follows
119862119899
119898minus 119862119899
119898minus119904minus (1198621
2119862119899minus1
119898minus2+ 1198622
2119862119899minus2
119898minus2+ 119876119899
srcdst)
= 119862119899
119898minus 119862119899
119898minus119904minus 2119862119899minus1
119898minus2minus 119862119899minus2
119898minus2minus 119876119899
srcdst
= 119862119899
119898minus2minus 119862119899
119898minus119904minus 119876119899
srcdst
(A5)
According to the definition 119876119899srcdst is the number of those119881119899
sniff which can divide 119899119900119889119890src and 119899119900119889119890dst into differentconnected subgraphs So 119899119900119889119890src and 119899119900119889119890dst do not belongto such 119881119899sniff 119862
119899
119898minus2is the number of all 119881119899sniff satisfying both
119899119900119889119890src notin 119881119899
sniff and 119899119900119889119890dst notin 119881119899
sniff 119862119899
119898minus2minus(119904minus2)is the number
of 119881119899sniff satisfying 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = Known by
Conclusion 1 119881119899sniff cap 119873119900119889119890119904(119901119886119905ℎlowast) = then 119876119899srcdst is
not more than 119862119899119898minus2
minus 119862119899
119898minus2minus(119904minus2) So (A5) ge 0 can be got
The numerator of (A4) is not less than 0 then in (A4)119875traditional minus 119875hop ge 0
In conclusion 119875traditional minus 119875hop ge 0 that is 119875traditional ge119875hop
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work is supported by the National Natural ScienceFoundation of China (nos 61379151 61272489 61302159and 61401512) andThe National Cryptography DevelopmentFund of China (no MMJJ201301005) The National BasicResearch Program of China (973) (Grants nos 2012CB315901and 2013CB329104) andThe National Natural Science Foun-dation of China (Grants nos 61309019 and 61372121)
References
[1] National Cyber Leap Year Summit 2009 Co-Chairsrsquo ReportldquoNetworking and information technology research and devel-opmentrdquo Tech Rep 2009
[2] T Cyberspace Strategic Plan for the Federal CybersecurityResearch and Development Program Executive Office of thePresident National Science and Technology Council Washing-ton DC USA 2011
[3] S Jajodia A K Ghosh V Swarup C Wang and X S WangMoving Target Defense Creating Asymmetric Uncertainty forCyberThreats vol 54 Springer Science amp Business Media NewYork NY USA 2011
[4] E Al-Shaer ldquoToward network configuration randomization formoving target defenserdquo in Moving Target Defense vol 54 ofAdvances in Information Security pp 153ndash159 Springer NewYork NY USA 2011
[5] P Kampanakis H Perros and T Beyene ldquoSDN-based solutionsfor Moving Target Defense network protectionrdquo in Proceedingsof the 15th IEEE International Symposium on aWorld ofWirelessMobile and Multimedia Networks (WoWMoM rsquo14) pp 1ndash6Sydney Australia June 2014
[6] M Atighetchi P Pal F Webber and C Jones ldquoAdaptive use ofnetwork-centric mechanisms in cyber-defenserdquo in Proceedingsof the 6th IEEE International Symposium on Object-OrientedReal-Time Distributed Computing pp 183ndash192 HokkaidoJapan May 2003
[7] JH Jafarian EAl-Shaer andQDuan ldquoOpenflow randomhostmutation transparent moving target defense using softwaredefined networkingrdquo in Proceedings of the 1st Workshop on HotTopics in Software Defined Networks (HotSDN rsquo12) pp 127ndash132ACM Helsinki Finland August 2012
[8] Q Duan E Al-Shaer and H Jafarian ldquoEfficient RandomRoute Mutation considering flow and network constraintsrdquoin Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo13) pp 260ndash268 IEEE NationalHarbor Md USA October 2013
[9] EAl-ShaerQDuan and JH Jafarian ldquoRandomhostmutationfor moving target defenserdquo in Security and Privacy in Commu-nication Networks pp 310ndash327 Springer New York NY USA2013
[10] G Badishi A Herzberg and I Keidar ldquoKeeping denial-of-service attackers in the darkrdquo IEEE Transactions on Dependableand Secure Computing vol 4 no 3 pp 191ndash204 2007
[11] H Wang Q Jia D Fleck W Powell F Li and A Stavrou ldquoAmoving target DDoS defense mechanismrdquo Computer Commu-nications vol 46 pp 10ndash21 2014
[12] C-Y Hong S Kandula R Mahajan et al ldquoAchieving highutilization with software-drivenWANrdquoACM SIGCOMMCom-puter Communication Review vol 43 no 3 pp 15ndash26 2013
[13] N McKeown ldquoSoftware-defined networkingrdquo INFOCOMKeynote Talk vol 17 no 2 pp 30ndash32 2009
[14] M Carvalho and R Ford ldquoMoving-target defenses for com-puter networksrdquo IEEE Security amp Privacy vol 12 no 2 pp 73ndash76 2014
[15] M Sifalakis S Schmid and D Hutchison ldquoNetwork addresshopping a mechanism to enhance data protection for packetcommunicationsrdquo in Proceedings of the IEEE InternationalConference on Communications (ICC rsquo05) vol 3 pp 1518ndash1523IEEE Seoul Republic of Korea May 2005
[16] M Dunlop S Groat W Urbanski R Marchany and J TrontldquoMT6D a moving target IPv6 defenserdquo in Proceedings of theMilitary Communications Conference (MILCOM rsquo11) pp 1321ndash1326 IEEE Baltimore Md USA November 2011
[17] J H Jafarian E Al-Shaer and Q Duan ldquoAn effective addressmutation approach for disrupting reconnaissance attacksrdquo IEEETransactions on Information Forensics and Security vol 10 no12 pp 2562ndash2577 2015
[18] J H H Jafarian E Al-Shaer and Q Duan ldquoSpatio-temporaladdress mutation for proactive cyber agility against sophisti-cated attackersrdquo in Proceedings of the 1st ACM Workshop onMoving Target Defense (MTD rsquo14) pp 69ndash78 Scottsdale AZUSA November 2014
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 13
[19] J H Jafarian E Al-Shaer and Q Duan ldquoAdversary-awareIP address randomization for proactive agility against sophis-ticated attackersrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 738ndash746 IEEEApril 2015
[20] D C MacFarland and C A Shue ldquoThe SDN shuffle creatinga moving-target defense using host-based software-definednetworkingrdquo in Proceedings of the 2nd ACM Workshop onMoving Target Defense (MTD rsquo15) pp 37ndash41 ACM DenverColo USA October 2015
[21] J Jafarian EAl-Shaer andQDuan ldquoFormal approach for routeagility against persistent attackersrdquo in Computer SecuritymdashESORICS 2013 J Crampton S Jajodia and K Mayes Edsvol 8134 of Lecture Notes in Computer Science pp 237ndash254Springer Berlin Germany 2013
[22] S Dolev and S T David ldquoSDN-based private interconnectionrdquoin Proceedings of the IEEE 13th International Symposium onNetwork Computing and Applications (NCA rsquo14) 2014
[23] F Gillani E Al-Shaer S Lo Q Duan M H Ammar and E WZegura ldquoAgile virtualized infrastructure to proactively defendagainst cyber attacksrdquo in Proceedings of the IEEE Conference onComputer Communications (INFOCOM rsquo15) pp 729ndash737 HongKong April-May 2015
[24] D Gkounis V Kotronis and X Dimitropoulos ldquoTowardsdefeating the crossfireattack using SDNrdquo httparxivorgabs14122013
[25] A Studer and A Perrig ldquoThe coremelt attackrdquo in ComputerSecuritymdashESORICS 2009 vol 5789 of Lecture Notes in Com-puter Science pp 37ndash52 Springer Berlin Germany 2009
[26] B Lantz B Heller and N McKeown ldquoA network in a laptoprapid prototyping for software-defined networksrdquo in Proceed-ings of the 9th ACM SIGCOMM Workshop on Hot Topics inNetworks ACM October 2010
[27] N McKeown T Anderson H Balakrishnan et al ldquoOpenFlowenabling innovation in campus networksrdquo ACM SIGCOMMComputer Communication Review vol 38 no 2 pp 69ndash742008
[28] M McCauley ldquoAbout poxrdquo 2013 httpwwwgithubcomnoxrepopox
[29] S De Maesschalck D Colle I Lievens et al ldquoPan-Europeanoptical transport networks an availability-based comparisonrdquoPhotonic Network Communications vol 5 no 3 pp 203ndash2252003
[30] A Dixit F Hao S Mukherjee T V Lakshman and R Kom-pella ldquoTowards an elastic distributed SDN controllerrdquo ACMSIGCOMMComputer Communication Review vol 43 no 4 pp7ndash12 2013
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of