An End-Host-Importance-Aware Secure Service-Enabled Hybrid SDN Deployment

Security is critical to networks, but TCP/IP-based legacy networks are difficult to advance new security functions due to the use of costly inflexible hardware devices and error-prone network configurations. Recent literature explores the paradigm of consolidating security services with the forwarding functionality using Software-defined Networking (SDN). Existing full SDN deployment, replacing all legacy network devices with SDN devices, is cost-prohibitive. Whereas the hybrid SDN that only upgrades partial legacy devices to SDN switches is considered practical. However, the challenge is to minimize threats and deployment expenses simultaneously under heterogeneous end-host businesses that have various importance. In this paper, we study the challenge and propose the End-host-importance-Aware secure service-enabled hybrid Sdn deplOymeNt (EASON) problem. We mathematically formulate the EASON problem as an integer programming problem, prove its non-polynomial time complexity, and propose a heuristic algorithm called BonSec. We conduct rigorous simulations on real-world topologies and traces. Experimental results show that BonSec achieves comparable security and cost performances to the optimal solution on small topologies. Meanwhile, it is scalable on larger topologies.