An Adaptive Moving Target Defense Approach for Software-Defined Networking Protection.

The Software-Defined Networking (SDN) paradigm has been increasingly adopted in computer network infrastructures in the last decade. However, since it is a relatively recent approach, few security measures have been taken into account to protect it. Recently, Moving Target Defense (MTD) techniques has emerged as an effective technique to protect SDN infrastructures. However, MTD-based strategies can seriously degrade network performance owing to their operational reliance on delay tactics. Thus, in an attempt to provide feasible protection against scanning attacks without degrading network services, especially in terms of Quality of Service (QoS), we introduce the MTD Adaptive Delay System (MADS) solution. We extensively evaluated and compared MADS with the state-of-the-art in MTD-based defenses for SDN protection. Our results shows that MADS causes lower network degradation concerning latency, Bad TCP packets, and throughput.