How to Survive Targeted Fiber Cuts: A Game Theoretic Approach for Resilient SDON Control Plane Design

Software-defined optical networking (SDON) paradigm enables programmable, adaptive and application-aware backbone networks via centralized network control and management. Aside from the manifold advantages, the control plane (CP) of an SDON is exposed to diverse security threats. As the CP usually shares the underlying optical infrastructure with the data plane (DP), an attacker can launch physical-layer attacks to cause severe disruption of the CP. This paper studies the problem of resilient CP design under targeted fiber cut attacks, whose effectiveness depends on both the CP designer\u27s and the attacker\u27s strategies. Therefore, we model the problem as a non-cooperative game between the designer and the attacker, where the designer tries to set up the CP to minimize the attack effectiveness, while the attacker aims at maximizing the effectiveness by cutting the most critical links. We define the game strategies and utility functions, conduct theoretical analysis to obtain the Nash Equilibrium (NE) as the solution of the game. Extensive simulations confirm the effectiveness of our proposal in improving the CP resilience to targeted fiber cuts

Network-wide localization of optical-layer attacks

Optical networks are vulnerable to a range of attacks targeting service disruption at the physical layer, such as the insertion of harmful signals that can propagate through the network and affect co-propagating channels. Detection of such attacks and localization of their source, a prerequisite for securenetwork operation, is a challenging task due to the limitations in optical performance monitoring, as well as the scalability and cost issues. In this paper, we propose an approach for localizing the source of a jamming attack by modeling the worst-case scope of each connection as a potential carrier of a harmful signal. We define binary words called attack syndromes to model the health of each connection at the receiver which, when unique, unambiguously identify the harmful connection. To ensure attack syndrome uniqueness, we propose an optimization approach to design attack monitoring trails such that their number and length is minimal. This allows us to use the optical network as a sensor for physical-layer attacks. Numerical simulation results indicate that our approach obtains network-wide attack source localization at only 5.8% average resource overhead for the attackmonitoring trails

Network-Wide Localization of Optical-Layer Attacks

Optical networks are vulnerable to a range of attacks targeting service disruption at the physical layer, such as the insertion of harmful signals that can propagate through the network and affect co-propagating channels. Detection of such attacks and localization of their source, a prerequisite for secure network operation, is a challenging task due to the limitations in optical performance monitoring, as well as the scalability and cost issues. In this paper, we propose an approach for localizing the source of a jamming attack by modeling the worst-case scope of each connection as a potential carrier of a harmful signal. We define binary words called attack syndromes to model the health of each connection at the receiver which, when unique, unambiguously identify the harmful connection. To ensure attack syndrome uniqueness, we propose an optimization approach to design attack monitoring trails such that their number and length is minimal. This allows us to use the optical network as a sensor for physical-layer attacks. Numerical simulation results indicate that our approach obtains network-wide attack source localization at only 5.8% average resource overhead for the attack monitoring trails