Multi-Constraint and Multi-Policy Path Hopping Active Defense Method Based on SDN

Bing Zhang, Hui Li, Shuai Zhang, Jing Sun, Ning Wei (), Wenhong Xu and Huan Wang
Additional contact information
Bing Zhang: School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China
Hui Li: School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China
Shuai Zhang: Liuzhou Key Laboratory of Big Data Intelligent Processing and Security, Liuzhou 545006, China
Jing Sun: School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China
Ning Wei: Liuzhou Key Laboratory of Big Data Intelligent Processing and Security, Liuzhou 545006, China
Wenhong Xu: School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China
Huan Wang: School of Computer Science and Technology, Guangxi University of Science and Technology, Liuzhou 545006, China

Future Internet, 2024, vol. 16, issue 4, 1-21

Abstract: Path hopping serves as an active defense mechanism in network security, yet it encounters challenges like a restricted path switching space, the recurrent use of similar paths and vital nodes, a singular triggering mechanism for path switching, and fixed hopping intervals. This paper introduces an active defense method employing multiple constraints and strategies for path hopping. A depth-first search (DFS) traversal is utilized to compute all possible paths between nodes, thereby broadening the path switching space while simplifying path generation complexity. Subsequently, constraints are imposed on residual bandwidth, selection periods, path similitude, and critical nodes to reduce the likelihood of reusing similar paths and crucial nodes. Moreover, two path switching strategies are formulated based on the weights of residual bandwidth and critical nodes, along with the calculation of path switching periods. This facilitates adaptive switching of path hopping paths and intervals, contingent on the network’s residual bandwidth threshold, in response to diverse attack scenarios. Simulation outcomes illustrate that this method, while maintaining normal communication performance, expands the path switching space effectively, safeguards against eavesdropping and link-flooding attacks, enhances path switching diversity and unpredictability, and fortifies the network’s resilience against malicious attacks.

Keywords: active defense; path hopping; multi-constraint; multi-strategy (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2024
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/16/4/143/pdf (application/pdf)
https://www.mdpi.com/1999-5903/16/4/143/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:16:y:2024:i:4:p:143-:d:1380283

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().