Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment

Ai, J, Chen, H, Guo, Z, Cheng, G and Baker, T (2019) Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment. Future Generation Computer Systems. ISSN 0167-739X

[img]
Preview
Text
Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (845kB) | Preview

Abstract

Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

Item Type: Article
Uncontrolled Keywords: 0805 Distributed Computing, 0806 Information Systems
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Computer Science & Mathematics
Publisher: Elsevier
Date Deposited: 03 May 2019 10:13
Last Modified: 04 Sep 2021 09:28
DOI or ID number: 10.1016/j.future.2019.04.034
URI: https://researchonline.ljmu.ac.uk/id/eprint/10636
View Item View Item