학술논문
Distributed Algorithms for Secure Multipath Routing in Attack-Resistant Networks
Document Type
Periodical
Author
Source
IEEE/ACM Transactions on Networking IEEE/ACM Trans. Networking Networking, IEEE/ACM Transactions on. 15(6):1490-1501 Dec, 2007
Subject
Language
ISSN
1063-6692
1558-2566
1558-2566
Abstract
To proactively defend against intruders from readily jeopardizing single-path data sessions, we propose a distributed secure multipath solution to route data across multiple paths so that intruders require much more resources to mount successful attacks. Our work exhibits several important properties that include: 1) routing decisions are made locally by network nodes without the centralized information of the entire network topology; 2) routing decisions minimize throughput loss under a single-link attack with respect to different session models; and 3) routing decisions address multiple link attacks via lexicographic optimization. We devise two algorithms termed the Bound-Control algorithm and the Lex-Control algorithm, both of which provide provably optimal solutions. Experiments show that the Bound-Control algorithm is more effective to prevent the worst-case single-link attack when compared to the single-path approach, and that the Lex-Control algorithm further enhances the Bound-Control algorithm by countering severe single-link attacks and various types of multi-link attacks. Moreover, the Lex-Control algorithm offers prominent protection after only a few execution rounds, implying that we can sacrifice minimal routing protection for significantly improved algorithm performance. Finally, we examine the applicability of our proposed algorithms in a specialized defensive network architecture called the attack-resistant network and analyze how the algorithms address resiliency and security in different network settings.