Investigation of secure routing models based on basic vulnerability metrics in SDN networks

Abstract

The article presents and investigates flow-based models of secure routing under base score metrics of vulnerability criticality in Software-Defined Networks (SDN). The analysis of the routing means functionality against possible attacks confirmed the perspective of their application, taking into account the base score metrics of vulnerability criticality to increase the level of network security of the SDN data plane. It is proposed to improve the existing secure routing model taking into account the base score metrics of vulnerability criticality by modifying the routing metrics so that the resulting model acquires the properties of secure QoS routing. In the improved model, the optimal route was chosen considering base score metrics of vulnerability criticality and the bandwidth of the communication links that make up this route. In addition, the quadratic optimality criterion is used in the model for the balanced distribution of flows transmitted in the data plane of the software-defined network into sub-flows taking into account the multipath routing strategy. The comparative analysis of the existing secure routing model, the QoS-routing model with metrics similar to the OSPF protocol, and the improved secure-QoS-routing model taking into account the base score metrics of vulnerability criticality proved the adequacy and efficiency of the model proposed in work. The comparison of models was based on calculating the compromise probability of the transmitted packet flow.