BottleNet: Hiding Network Bottlenecks Using SDN-Based Topology Deception

Abstract

The robustness of a network's connectivity to other networks is often highly dependent on a few critical nodes and links that tie the network to the larger topology. The failure or degradation to such network bottlenecks can result in outages that may propagate throughout the network. Unfortunately, the presence of the bottlenecks also offers opportunities for targeted link flooding attacks (LFAs). Researchers have proposed a new and promising defense to counter LFAs, referred to as topology deception. This strategy centers on hindering the discovery of bottlenecks by presenting false trace responses to adversaries as they perform topological probing of the target network. Even though the goal of topology deception centers on obscuring critical links, node dependencies can be exploited by an adversary. However, current approaches do not consider a wide range of metrics that may reveal important and diverse aspects of network bottlenecks. Furthermore, existing approaches create a simple form of virtual topology, which is subject to relatively easy detection by the adversary, reducing its effectiveness. In this paper, we propose a comprehensive topology deception framework, which we refer to as BottleNet. Our suggested approach can analyze various network topology features both with respect to static and dynamic metrics and then use this information to identify bottlenecks, finally producing complex virtual topologies that are resilient to adversarial detection.