Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment

Ai, J, Chen, H, Guo, Z, Cheng, G and Baker, T (2019) Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment. Future Generation Computer Systems. ISSN 0167-739X

[img] Text
Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment.pdf - Accepted Version
Restricted to Repository staff only until 24 April 2020.
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (845kB)

Abstract

Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms.

Item Type: Article
Uncontrolled Keywords: 0805 Distributed Computing, 0806 Information Systems
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Computer Science
Publisher: Elsevier
Date Deposited: 03 May 2019 10:13
Last Modified: 24 May 2019 10:45
DOI or Identification number: 10.1016/j.future.2019.04.034
URI: http://researchonline.ljmu.ac.uk/id/eprint/10636

Actions (login required)

View Item View Item