Software Defined Network(SDN)-Based Moving Target Defense(MTD)Mechanism For Protecting Cloud Datacenter Network

For last decade,cloud computing has undergone a remarkable expansion and rapid growth.The newly introduced concepts like virtualization,multi-tenancy,on-demand network access to a shared pool of configurable computing recourses that can rapidly provisioned and released with minimal management efforts and reduced costs are among the main reasons that leveraged many organizations to migrate their traditional data centers to cloud.However,this impressive shifting to the cloud is hampered by various security issues that have escalated with the most newly introduced computing concepts and make the security of cloud data center network more difficult.To address security problems,researchers have leveraged to conduct extensive research work and come up with a variety of defensive techniques and solutions.While these defense methods have grown significantly over many years in complexity and scale,the attackers have still effectively break through detection-based security defense approaches which give an extremely valuable and asymmetric dominance time.Despite the invention of SDN,by separating the functions of the forwarding device,a new approach is provided for establishing a dynamic and proactive defense system.With this brand-new SDN approach,researchers have promising a new game changer security defense method,called SDN-based MTD.The SDN-based MTD security defense mechanism tilt the balance towards the defender by presenting the attackers with a completely chaotic environment that reduces/eliminates the windows of successful attack probability.These impressive characteristics of SDN-based MTD mechanism as well as the little work done to verify the effectiveness of the SDN-based MTD defense mechanism in the SDN-enabled cloud datacenter network,impel the needs to made it interesting,to study and examine the effectiveness of the SDN-based MTD mechanism in protecting cloud datacenter network.To validate the effectiveness of the SDN-based MTD mechanism in protecting cloud datacenter network security,the vulnerable attack surface that explored by attacker before attacking should be characterized.To this end,we proposed the SDN-based MTD mechanism framework,which uses run time model that allows the proposed framework to infer the current state of the system.Based on the obtained information,the SDN-based MTD mechanism can adapt exploitable aspects of the cloud datacenter network to increase uncertainty and complexity to the attackers and reduces the likelihood of an attack.To confirm this,three different simulation-based experiments were conducted using the designed framework to determine frequencies at which the SDN-based MTD mechanism should adapt the exploitable aspects of the network to reduce the attack probability of the attackers and improves the resilience of the system.The experimental results of the three simulations show that when average attack arrival interval/rate become 100 and the adaptation interval decreases,the SDN-based MTD mechanism can successfully reduce the likelihood of successful attacks.The results demonstrate that when the adaptation is static or in the absence of adaptation,the number of successful attacks become maximum.This is the maximum number of attacks given the probabilities of single step attack success at a scenario when no adaptation/refreshing were going on.However,once the SDN-based MTD mechanism is activated,the number of the successful attacks decreases.In other words,as the adaptation interval(i.e.25,50,100,200,300,and static)decreases,the effectiveness of the SDN-based MTD mechanism in maintaining the security of the cloud datacenter network increased(e.g.when an adaptation interval of 25,almost all successful attack against the target node is eliminated).