Attack Graph Based Intrusion Tolerance Method in Software-Defined Networks 


Vol. 46,  No. 6, pp. 983-992, Jun.  2021
10.7840/kics.2021.46.6.983


PDF Full-Text
  Abstract

The intrusion tolerance method can provide sustainable services in case of cybersecurity breaches. We propose a network intrusion tolerance method that identifies compromised nodes by utilizing Bayesian attack graphs (BAGs) and changes the IP/MAC addresses of the nodes to prevent the spread of attacks. Furthermore, we leverage software-defined networks (SDN) and virtualization technologies to recover only the resources that are expected to be compromised in order to minimize the performance degradation of the services. To validate the efficiency of the proposed intrusion tolerance technique, we generate a set of random attack paths and investigate how accurately the attack paths can be predicted by the proposed method in comparison with other methods. Experimental results show that the proposed intrusion tolerance method can successfully estimate attack-prone nodes and selectively perform the network address change and the service recovery of the nodes, resulting in high service persistence with low intrusion-tolerance overhead.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

H. Kim, S. Yoon, S. Kim, H. Lim, "Attack Graph Based Intrusion Tolerance Method in Software-Defined Networks," The Journal of Korean Institute of Communications and Information Sciences, vol. 46, no. 6, pp. 983-992, 2021. DOI: 10.7840/kics.2021.46.6.983.

[ACM Style]

Hyejin Kim, Seunghyun Yoon, Sunghwan Kim, and Hyuk Lim. 2021. Attack Graph Based Intrusion Tolerance Method in Software-Defined Networks. The Journal of Korean Institute of Communications and Information Sciences, 46, 6, (2021), 983-992. DOI: 10.7840/kics.2021.46.6.983.

[KICS Style]

Hyejin Kim, Seunghyun Yoon, Sunghwan Kim, Hyuk Lim, "Attack Graph Based Intrusion Tolerance Method in Software-Defined Networks," The Journal of Korean Institute of Communications and Information Sciences, vol. 46, no. 6, pp. 983-992, 6. 2021. (https://doi.org/10.7840/kics.2021.46.6.983)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880