MDSA: Security scheduling mechanism for a reliable SDN control layer based on mimic defense

Abstract

Aiming at the single-point vulnerability such as tampering attack of SDN controllers, current solutions have passive defense defects and cannot solve the security problem of control layer fundamentally. Combined with state-of-the-art moving target defense, cyber mimic defense, and other active defense technologies, we present a security scheduling mechanism with heterogeneous redundant structure, which provides system dynamics and diversity for improved security. We also consider the load factor while designing the scheduling algorithm in our model, thus transforming it into a dynamic optimization problem. Several solutions are compared in terms of anti-attack capability, and simulation results show that proactive scheduling strategies can obviously improve system security as dynamic and diversity properties block the adversary’s attack process.