An intrusion tolerant system (ITS) is a network security system that is composed of redundant virtual servers that are online only\nin a short time window, called exposure time.The servers are periodically recovered to their clean state, and any infected servers\nare refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting\ninterest in determining exposure time, short for security and long for performance. In other words, the short exposure time can\nincrease security but requires more servers to run in order to process requests in a timely manner. In this paper, we propose Duo,\nan ITS incorporated in SDN, which can reduce exposure time without consuming computing resources. In Duo, there are two\ntypes of servers: some servers with long exposure time (White server) and others with short exposure time (Gray server). Then,\nDuo classifies traffic into benign and suspicious with the help of SDN/NFV technology that also allows dynamically forwarding\nthe classified traffic toWhite and Gray servers, respectively, based on the classification result. By reducing exposure time of a set of\nservers, Duo can decrease exposure time on average.We have implemented the prototype of Duo and evaluated its performance in\na realistic environment.
Loading....