ESMD-Flow: An Intelligent Flow Forwarding Scheme with Endogenous Security Based on Mimic Defense in Space-Air-Ground Integrated Network

Ziyong Li,Yuxiang Hu,Di Zhu,Jiangxing Wu,Yunjie Gu

1 PLA Strategic Support Force Information Engineering University,Zhengzhou 450002,China

2 61660 Unit of PLA,Beijing 100089,China

Abstract: The Space-Air-Ground Integrated Network (SAGIN) realizes the integration of space, air,and ground networks, obtaining the global communication coverage.Software-Defined Networking(SDN) architecture in SAGIN has become a promising solution to guarantee the Quality of Service(QoS).However,the current routing algorithms mainly focus on the QoS of the service,rarely considering the security requirement of flow.To realize the secure transmission of flows in SAGIN, we propose an intelligent flow forwarding scheme with endogenous security based on Mimic Defense (ESMD-Flow).In this scheme,SDN controller will evaluate the reliability of nodes and links,isolate malicious nodes based on the reliability evaluation value, and adapt multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths.In addition,in order to meet the security requirement of flows,we introduce the programming data plane to design a multiprotocol forwarding strategy for realizing the multiprotocol dynamic forwarding of flows.ESMD-Flow can reduce the network attack surface and improve the secure transmission capability of flows by implementing multipath routing and multi-protocol hybrid forwarding mechanism.The extensive simulations demonstrate that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while improving the network throughput and reducing the average packet delay.

Keywords:space-air-ground integrated network(SAGIN);endogenous security; multipath routing; multiprotocol forwarding

I.INTRODUCTION

The Space-Air-Ground Integrated Network (SAGIN)can provide a flexible hybrid communication mode and effectively improve the global communication coverage,which can provide the government,the military, and the public with diversified information services, such as global mobile communications, aviation applications and disaster relief,to meet the growing demand for information applications.However,the integrated network faces the demand of orders of magnitude improvement in coverage, access capability and network service capability,which could not be achieved under the existing access and management mechanisms.To improve the management and service capabilities of SAGIN,Software-Defined Networking(SDN) supports centralized control and fine-grained flow management by decoupling the control plane and the data plane, which shows huge advantages in the management and automation of the SAGIN[1].

SAGIN realizes the organic integration and unification of space-based, air-based, and ground-based networks,including mobile communication networks,Internet, and satellite networks.Although SDN can realize complex network logic and diversified routing decisions in the SAGIN scenario, its programmability is limited to the control plane.With the development of the programmable data plane, especially the emergence of the programmable protocol-independent packet processing language P4 [2], it is possible to make the network data plane programmable for the programmer.The programmability of data plane allows network administrators to customize the functions of data plane devices for supporting new functions and new protocols, so that some network functions can be offloaded to the data plane.In addition to quick innovation, this opens up the opportunities for a wide range of applications such as in-band telemetry [3], load balancing [4] and Network security [5].Therefore, the combination of SDN and P4 technology can form a good platform for the implementation of SAGIN.

Since SAGIN covers multiple heterogeneous networks,leading to huge heterogeneity on protocol identification, routing mode and network equipment between different networks,the security of the integrated network becomes more challenging [6].The current Internet still transmits data flows using one single path(e.g.,shortest path first algorithm).Once any switch on the link is compromised, the session information is easily cracked, causing information leakage.Therefore,many complicated forwarding mechanisms(e.g.,multipath routing)have been proposed to solve the problem.Basit et al.[7]implemented interdomain multipath routing to improve the load balancing and network security.Murali et al.[8] proposed an attack-resilient routing scheme that divides packets into different fragments by erasing elastic coding algorithm, and then developed an optimization formulation for multipath routing considering reliability and network load.The multipath routing mechanism prevents eavesdropping attacks by splitting data flows into different paths.But what if the attacker intercepts multiple paths at the same time? In this case, the attacker can easily aggregate all packets and intercept the content.This is because a single IP protocol is used for forwarding in the whole network.It is worth mentioning that various network protocols have been proposed to transmit packets.Multi-Protocol Label Switching [9] (MPLS) maps IP addresses into a series of fixed-length labels and uses labels to control the path of packets.Segment Routing[10]is a source routing scheme promoted by IETF.It supports MPLS protocol by encapsulating routing policy information on data packets and has flexible routing control capabilities.Besides, new addressing routing technologies centered on content identifier[11]and geographic location identifier [12] have been initially applied in some industrial networks and achieved good network performance.Hu et al.[13] proposed a Polymorphic Smart Network to solve the shortcomings of existing networks by supporting IP Identifier, Content Identifier,Geospatial Identifier and other multi-modal Identifier.Hence,to ensure the transmission security of the data flows on the SAGIN architecture, we aim to use the diversified protocols and multipath routing mechanism to realize endogenous security.For example,we can split security-sensitive flows into multiple network paths using different network protocols, even if an attacker can simultaneously eavesdrop on all network paths,it is difficult for him to crack all protocols for aggregating all data packets of the same flow.

Recently, academician Wu proposed a Mimic Defense theory with endogenous security [14], successfully improving the ability of the system to defend against unknown threats by constructing a dynamic heterogeneous redundant architecture and a negative feedback control mechanism.Drawing on the Mimic Defense theory,we design an intelligent flow forwarding scheme with endogenous security.Our contributions are as follows:

1) We identify the problem that the flow secure transmission problem of SAGIN arises due to the current routing algorithm rarely considering the security requirement of flow, SAGIN suffers from serious threat of attacks and performance degradation.Inspired by Mimic Defense theory,we propose an intelligent flow forwarding scheme with endogenous security (ESMD-Flow).ESMD-Flow introduces SDN architecture and P4 technology to implement multipath routing and multi-protocol hybrid forwarding mechanism to improve the secure transmission capability of flows.

2)We design an ESMD-Flow network architecture.This network architecture can evaluate the reliability of all nodes and links online and run multipath routing strategy to ensure that flows are always forwarded along the most reliable multiple paths by isolating malicious nodes or links.In addition,we develop a multiprotocol forwarding strategy based on P4 to realize multi-protocol dynamic forwarding of flows for preventing eavesdropping attacks.Based on the multipath routing and multi-protocol hybrid forwarding mechanism,ESMD-Flow can improve the capability of interconnection and endogenous security of the integrated network.

3) We carry out simulations to verify the network performance of ESMD-Flow.The simulation results show that ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping while achieving better network performance by simultaneously improving the network throughput and reducing the average packet delay.

The rest of this paper is organized as follows.Section II gives the related works.The ESMD-Flow network architecture is described in Section III.Section IV gives the workflows of ESMD-Flow.Section V elaborates the simulation results.Finally,our conclusion and future work are drawn in Section VI.

II.RELATED WORKS

Several works in the literatures have introduced multipath routing to achieve load balancing, efficient routing, and secure transmission.Yan et al.[15]distinguished different types of services and applied multipath routing and queuing schemes to ensure network QoS (bandwidth requirement, delay requirement, security requirement, etc.) by selecting multiple paths that meet specific QoS constraints.Cheng et al.[16]formulated the multipath routing problem as an integer programming problem and proposed an efficient network-aware multipath routing scheme to minimize the flow group transmission time by considering the heterogeneous network bandwidth.Sahhaf et al.[17]designed an adaptive multipath provisioning scheme to keep maximal bandwidth and resiliency of media transfer by implementing active probing and traffic predication.Farrugia et al.[18] proposed MSTCP(Multi-Flow TCP) scheme to increase network efficiency by allowing TCP applications to gain the advantages offered by a per-packet multipath routing algorithm.Zhang et al.[19] proposed a partial overlapping chunk based dual-path transmission scheme to maximize the probability of timely fetching of video contents by scheduling the transmissions of different sized chunks with partial overlapping according to the delivery capabilities of different paths.To achieve a tradeoff between security and delivery ratio in worst scenarios,Lou et al.[20]routed multiple shares of the message to the destination along several disjoint paths so as to maximize the probability of data packets being delivered.In addition to multipath routing for secure transmission,various new network protocols and routing addressing technologies have been proposed and used for the transmission of packets.To change the current IP addressing mode centered on the end-toend communication mode, Named Data Networking(NDN) [21] changed the IP address Identifier to data content identified by a given name, and unbound service resources and locations through content-based addressing and in-path caching, thereby improving data transmission effectiveness.Liu et al.[22] got rid of fixed-length identifier (e.g., IPv4 and IPv6) and proposed a variable-length identifier called VLI to interconnect different scales of networks.Zhang et al.[23]proposed a new network architecture named Smart Identifier Network (SINET) to solve the current Internet resource/location binding,user/network binding and control/data binding limitations, thus improving network flexibility.

In all the above schemes,many solutions adopt multipath routing only considering the QoS requirements.These solutions rarely consider the scenario where the network is attacked.Although many new protocols are used for transmission,the hybrid forwarding of multiple protocols is rarely introduced at present.Our work differs greatly from the above works, inspired by the Mimic Defense theory, we design an intelligent flow forwarding scheme with endogenous security based on the diversified routing protocols and multipath resources.

III.NETWORK ARCHITECTURE

In this section,we firstly introduce ESMD-Flow network architecture and describe how it works.The network architecture is shown in Figure 1.

Figure 1. The ESMD-Flow network architecture.

This architecture consists of three planes, namely the data plane, the control plane and the functional plane.Among them, the data plane consists of wired and wireless link resources.The control plane deploys a SDN controller to realize global network control.The functional plane consists of network monitoring module,multipath routing module and multi-protocol forwarding module.The network monitoring module uses the P4 programmable data plane to implement inband telemetry to measure network status information(link delay,link utilization,remaining bandwidth,etc.)for forming global network status information.The multipath routing module calculates the optimal path based on the network status information and selects multiple paths for each flow.In addition, considering some security requirements of some services,a multiprotocol hybrid forwarding module is implemented to forward different packets using different protocols for preventing eavesdropping attacks.

As can be seen, the core idea of ESMD-Flow network architecture is to combine multipath routing and multi-protocol hybrid forwarding mechanism to build an endogenous secure transmission model for enhancing the unknown-threat resistance of the system.

3.1 Multipath Routing

In order to ensure the secure transmission of data flows, we consider the reliability of nodes and links,introduce multipath routing to improve the network ability of attack-resilient.We model the integrated network based on graph theory and establish the optimization objective of our proposed ESMD-Flow.

Given a network, the entire network can be described as an undirected graphG= (V,E), whereVrepresents the set of nodes andErepresents the set of links.We defineBeas the bandwidth of each linke.The key concepts and expressions are described below:

Definition 1.Node reliability Ri.We assume that the reliability of a node Ri is related to the packet loss rate and the flow request rate λi on the node i, as shown in Eq.(1).The smaller the flow request rate, the smaller the packet loss rate, and the greater the reliability of a node.Among them,the packet loss rate of a node is as shown in Eq.(2)

Definition 2.Link congestion rate Pcongest(eij).We define link congestion rate Pcongest(eij)as a factor to evaluate the degree of link congestion.As shown in Eq.(3),the link congestion rate Pcongest(eij)is related to the link bandwidth bw(eij)and the traffic Tij transmitted in the unit time slotΔt.The larger the link bandwidth, the less the traffic transmitted by the link,and the smaller the link congestion rate.

Definition 3.Link delay Tdelay(eij).Link delay is an important indicator to measure the performance of network services.To obtain the network link delay accurately, the P4 in-band telemetry technology is used to record the network link delay.When a probe packet is forwarded by each hop, the switch on the path will encapsulate the current timestamp T(si)into the header of probe packet, thus the value of link delay Tdelay(eij)can be calculated by Eq.(4).TDownstream(sj)indicates the timestamp of the downstream switch sj and Tupstream(si)is the timestamp of the upstream switch si.

Definition 4.Link reliability R(eij).In the given network topology, the link reliability R(eij)determineswhether the flow can be successfully transmitted to the destination node.Literature[24]proposed a Network Utility Maximization (NUM) model, which assumes the network utility of a communication scenario with an end-to-end throughput xij is U(xij)=log(xij).Its main goal is to allocate network resources reasonably and avoid network congestion.Based on this model,we consider link congestion rate Pcongest(eij)and link delay Tdelay(eij)to evaluate link reliability,as shown in Eq.(5).

Definition 5.Path reliability Rl.Assuming that the forwarding path of a flow is described as l=(··· ,si,eij,sj,···),thus the forwarding path reliability of a flow Rl is defined as the minimum of all node reliability Rl and link reliability Reij on the forwarding path,which is calculated by Eq.(6).

Through the above analysis, our objective function is to select multiple paths for forwarding the flows,so that more flows are always forwarded along the most reliable paths.Therefore, for a given flowρ, the objective function is to maximize the weighted path reliability,which is defined as the reliability of the pathl,weighted by the number of packetsforwarded on the pathl,as shown in Eq.(7).

The constraint conditions are as follows: Eq.(8) is the reliability constraint.We define a lower reliability limitRlowerto ensure that the reliability of all nodes and links on the forwarding path are not lower thanRlower.The constraint in Eq.(9) ensures that the delay should be less than the thresholdTupperfor any forwarding pathl.Eq.(10)is the bandwidth constraint to keep the sum of the remaining bandwidth of all forwarding paths should meet the bandwidth requirementwρfor any flowρ.

When implementing multipath routing, the controller will periodically inject probes into the network to collect network node and link information.Then the controller will evaluate the node reliability and link reliability, isolate nodes or links whose reliability is lower than the threshold, and calculate the most reliable multiple paths for routing.

3.2 Multi-protocol Forwarding

SAGIN achieves the integration of space, air and ground networks.In the SAGIN architecture, various new network protocols have been proposed to meet the routing and service needs of different networks.Therefore, while implementing the multipath routing scheme for flows, this data plane needs to support a multi-protocol hybrid forwarding strategy for interconnection of various heterogeneous networks.

In order to implement the multi-protocol hybrid forwarding strategy of the data flow, we utilize the programmable ability of the data plane based on the BMv2 (Behavioral-Model version 2) software switch and write the P4 program to make P4 switches support the multi-protocol hybrid forwarding strategy.The programmable model of P4 is based on the PISA(Protocol Independent Switch Architecture) architecture.The design of multi-protocol hybrid forwarding strategy is shown in Figure 2, the packet processing consists of four parts: parsing process, ingress pipeline,multi-protocol hybrid forwarding process and egress pipeline.Among them, the parsing process, ingress pipeline and egress pipeline correspond to the PISA architecture.We write multiple protocol structures to make P4 switch support the analysis and processing of multiple protocols.The multi-protocol hybrid forwarding process is mainly completed by the control plane and data plane.The protocol forwarding controller can select different protocols to forward the flow according to different policies and download it to the protocol selection register of switch.When the packet goes through the parsing process and enters the ingress pipeline, it will trigger the protocol selection register.According to the protocol ID issued by the protocol forwarding controller,the packet will be distributed to different protocol forwarding queues.Then the egress pipeline will read its protocol ID and choose the corresponding protocol to forward the packets.

Figure 2. The design of multi-protocol hybrid forwarding strategy.

IV.WORKFLOWS OF ESMD-FLOW

The workflows of ESMD-Flow are shown in Figure 3, ESMD-Flow exploits SDN,P4 technology and intelligent routing algorithm for implementing flow forwarding scheme with endogenous security.SDN adopts centralized control to obtain network status information for implementing global optimal control.The data plane is composed of P4 switches, and each P4 switch supports multi-protocol parsing and processing.It can be seen from Figure 3 that the network has multipath resources including wired and wireless links.Besides, it also has multi-protocol resources such as IPV4,MPLS and custom identification protocol.Using the multi-path/protocol resources,a hybrid forwarding strategy is implemented to distribute flows on different paths using different protocols, which greatly increases the difficulty of eavesdropping.Its working process is as follows:

Figure 3. The workflows of ESMD-Flow.

(1) When the flow reaches the ingress switch, the ingress switch reads the protocol selection register to obtain the protocol-ID and matches the flow table rules.If no flow table rules are matched, the ingress switch uploads a flow request to the controller.

(2)After receiving the flow request,SDN controller will calculate theKmost reliable paths according to the reliability evaluation value and download flow table rules to the corresponding switches.Additionally,considering the security requirements of the flow,SDN controller will dynamically change the protocol ID value and write it into the protocol selection register of the ingress switch.For example, if the path policy and protocol ID issued by the controller are described by Γij,i=1,2,3;j=1,2,3, of whichidenotes the number of the path,jdenotes the protocol-ID.i=1,2,3 represents the 1st,2nd and 3rd path respectively.j= 1,2,3 represents IPV4, MPLS and custom identification protocol.In addition, the controller will frequently change protocol ID to make all the traffic packets too difficult to be intercepted.

(3) After reading the protocol selection register for obtain protocol-ID, ingress switch encapsulates the packets using different protocols based on protocol ID,then forwards the packets to different paths by matching the flow table rules.

(4)Finally,these packets are forwarded to the egress switch through different paths.The egress switch decapsulates the packets to aggregate all the packets belong to the same flow,and forwards them to the destination node.

Based on the principles of ESMD-Flow,we propose an intelligent multipath and multi-protocol hybrid forwarding algorithm in SAGIN.The algorithm is shown in Algorithm 1.The algorithm runs as follows: first,the inputs of the algorithm are the flow request information(ρ1,··· ,ρn), and its outputs are the multipath and multi-protocol forwarding decision generated for each flow requestρl.In step 2, the network system adopts in-band telemetry to collect network status information, including topology changes, packet loss rate, link congestion rate, link delay, etc.In step 3,SDN controller computes the node reliabilityRiand link reliabilityR(eij) according to network status information.In step 4,according to the reliability evaluation value from step 3, SDN controller isolates the nodes and links with lower reliability evaluation values to form a new network topologyFrom step 5 to step 10, the controller calculates theKmost reliable paths for each data flow request.Besides, the protocol-ID will be calculated according to the security requirements of the flow.In each time interval,the controller will update the network status information and perform reliability assessment of nodes and links in real time.Once the network topology changesor some nodes or links are attacked to cause performance degradation, the controller will efficiently update the multipath strategy to ensure the secure transmission of the data flow.In step 11,SDN controller installs flow table rules on the switch and write protocol-ID into the protocol selection register Protocol-register.In step 12, the switch reads protocol-ID to encapsulate the packet using the corresponding protocol and forwards the packets to different paths according to the flow table rules.

Algorithm 1. Intelligent flow multipath and multi-protocol hybrid forwarding algorithm.Require:The network topology: G=(V,E)Flow processing requests: (ρ1,··· ,ρn)Ensure:Multi-path and multi-protocol forwarding decision Γij 1: while TRUE do 2: Use in-band telemetry to start network status monitoring and collect network status information.case monitor G=(nodeV,linkE)3: Calculate the packet loss rate Pilost, data flow request rate λi per unit time of node, the link delay T(eij)and link congestion rate Pcongest(eij),and evaluate the reliability value.Calulate Node reliability Ri = 1 Pilostλi Calulate Link reliability R(eij)=αlog(1-Pcongest(eij))-βlog(Tdelay(eij))4: For each flow request ρi,according to the network reliability assessment,the controller isolates malicious nodes and links.Form new graph ˆG=(ˆV, ˆE)=isolate from(G=(V,E))5: The controller run the improved the Dijkstra algorithm to calculate the K most reliable paths.6: if ˆG ̸=G or min(Ri,R(eij))≥Rlower then 7: Calculate the paths Γ=Dijkstrareliability(ˆG=(ˆV, ˆE),Ri,R(eij)8: Determine the protocol combination decision φ according to the security requirements of the flow 9: Calculate the protocol strategy protocol ID =get protocol(Qsecurity)10: end if 11: The controller sends the flow table lrules to the switch,and writes the protocol combination decision φ into the P4 switch protocol selection register.Protocol register write(protocol ID)Install rules to switches on the path Γ 12: The switch reads protocol combination information and flow table information to forwards data packets.Protocol register read protocol ID Match the entry lrules 13: end while

Our proposed multipath and multi-protocol hybrid forwarding algorithm is based on the idea of dynamic heterogeneous redundancy architecture to guarantee flow secure transmission.Firstly,ESMD-Flow adapts in-band telemetry technology to obtain the network status online for realizing the dynamic update of the flow forwarding strategy.Secondly,based on the reliability evaluation,ESMD-Flow can effectively isolate malicious nodes and links to ensure that data flows are forwarded along the most reliable path.Finally,ESMD-Flow implements a multi-protocol hybrid forwarding mechanism to encapsulate the packets using different protocols, which increases the difficulty of eavesdropping.

V.PERFORMANCE EVALUATION

In this section,we evaluate ESMD-Flow performance and compare it with the conventional routing schemes.In the following,we first describe the experimental environment configuration and comparison schemes,and then present the experimental results to evaluate the advancement of ESMD-Flow.

5.1 Simulation Setup

Experiment Platform: we conduct the experiments on real network environment.For the implementation of the control plane,we write a python script as the SDN controller running on the Intel Core i7-3770 3.40 GHz processor with 8GB RAM.We choose a python library NetworkX[25]for the graph modeling and improve the Dijkstra algorithm to implement multipath routing strategy.Additionally,we design the protocol forwarding module on the control plane to implement multi-protocol hybrid forwarding of data flows.The SDN controller uses P4 Runtime API to interact with the data plane for collecting network status information and issuing flow table rules to control forwarding.

For the data plane, we choose P4 to implement ESMD-Flow prototype.The data plane is composed of P4-16 BMv2 software switches, built on the Mininet emulator [26].The simulation uses the actual network topology ChinaNet (38 nodes, 56 links) from zoo topology[27].ChinaNet is China Telecom’s ISP Topology,the alternative paths between the source and destination node pairs is set to 3.Several links are added between the edge switches to simulate wireless links.To obtain more accurate and comprehensive network data for evaluating network reliability,we adapt MRI (Multi-Hop Route Inspection) [28] which is a specific version of P4 in-band telemetry(INT)to monitor the network status in real time.MRI is implemented as a P4 program, which collects the network data and appends it to the header stack of every packet.

Trace:we used iperf to generate TCP flows with different sizes, and the average packet size of the flow is set to 50Kb-50M.To simulate dynamic network traffic, the flow arrival rate on the hosts follows the Poisson distribution to generate 100-400 flows/s,each flow’s destination is randomly chosen.

Schemes Compared: (1) OSPF [29]: The shortest path first algorithm, all data flows are routed to the shortest path, this scheme is easy to cause network node and link congestion, resulting in lower network reliability.(2)ECMP[30]:Hash-based multipath load balancing algorithm, which evenly distributes different flows to different paths,but this algorithm has limited effect on the network with uneven large and small flows.

5.2 Experimental Results

Experiment 1: the average path reliability comparison

In order to quantify the path reliability of ESMDFlow,we define the concept of average path reliability.Assuming that a flow withxpacket forwarded along the pathl1andypacket forwarded along the pathl2,and the reliability of pathl1andl2areRl1andRl2respectively.the average path reliability for routing the flow is calculated by (xRl1+yRl1)/(x+y).Figure 4 shows the average path reliability about the three schemes.It can be seen from the Figure 4 that the average path reliability of OSPF is the smallest,followed by ECMP, and the average path reliability of ESMDFlow is the largest.OSPF always forwards the flows along the shortest path,which easily leads to node and link congestion.ECMP distributes different flows to multiple paths based on Hash algorithm for relieving link congestion.Hence, its average path reliability is higher than OSPF.ESMD-Flow isolates malicious nodes and links by evaluating the reliability of nodes and links,and then ensures that data flows are always forwarded along the most reliable paths,therefore obtaining the highest average path reliability.

Figure 4. The average path reliability comparison.

Experiment 2: the anti-eavesdropping attack comparison

We quantify the anti-eavesdropping attack ability of different schemes as the eavesdropping success rate and use the Wireshark tool as an attacker to eavesdrop on multiple forwarding paths.Figure 5 shows the eavesdropping success rate under the same network environment.In this experiment, the attacker randomly eavesdrops 1, 2, and 3 paths, respectively.We can see that ESMD-Flow has the powerful antieavesdropping ability when the attacker eavesdrops on different network paths,and its eavesdropping success rate is 10%,25%,and 37%respectively.Since OSPF uses a single path to forwarding flows,once an attacker attacks the forwarding path,all session content will be stolen.ECMP implements a multipath routing strategy to distribute flows into multiple network paths.Only by attacking all reachable paths, can attackers crack all session content.Therefore,the anti-attack capability of ECMP is stronger than OSPF.The ESMD-Flow mechanism uses a multi-protocol hybrid forwarding strategy while implementing multipath routing.Even if an attacker eavesdrops all forwarding paths at the same time, it is difficult to crack all session content because identifying multiple protocols and aggregating all the packets belong to the flow is difficult for an attacker.

Figure 5. The eavesdropping success rate comparison.

Figure 6 and Figure 7 show the results of eavesdropping on the first and second forwarding paths.It can be seen that different data packets from the same flow are forwarded on multiple paths using different protocols.Based on multi-protocol forwarding, the flow can be divided into sub-flows encapsulated with different protocols.Even if an attacker succeeds in eavesdropping a certain path, it is difficult to identify all data packets from the same flow and crack the complete session content.Moreover,operators can dynamically change the protocol type to prevent security threats caused by a single protocol.Hence, through implementing multipath routing and multi-protocol hybrid forwarding mechanism, the data flows from the same service are encapsulated by different protocols and transmitted along different paths, which can greatly increase the difficulty of eavesdropping.

Figure 6. The result of eavesdropping on first forwarding path.

Figure 7. The result of eavesdropping on second forwarding path.

Experiment 3: the average packet delay comparison

Figure 8 shows the average packet delay of the three schemes under different flow arrival rates.As can be seen from Figure 8,Our proposed ESMD-Flow mechanism obtains better performance with a lower latency.Because OSPF will cause link congestion under high traffic load, resulting in a sharp increase in average packet delay.ECMP evenly distributes the flows to multiple paths,which has a certain load balancing effect,but it does not consider the size of the data flow.Some elephant flows will cause some link congestion.ESMD-Flow mechanism realizes the optimal decision based on the global flow view to ensure that the flow is always forwarded along the most reliable paths,which improves the forwarding efficiency of flow.Additionally, ESMD-Flow is a routing algorithm based on packet granularity, which can effectively alleviate the link congestion and achieve lower packet delay.

Figure 8.The average packet delay comparison of the three schemes.

Experiment 4: the network throughput comparison

Figure 9 shows the network throughput of the three schemes under different flow arrival rates.It can be seen from Figure 9 that OSPF has the lowest network throughput,followed by ECMP,and ESMD-Flow has the largest network throughput.Because OSPF routes all flows to the shortest path, it is easy to cause congestion on the shortest link.In order to improve the network throughput, ECMP uses the Hash algorithm to route different flows to multiple paths, which can alleviate link congestion to a certain extent.In fact,ECMP is a routing algorithm based on the granularity of flow,its load balancing effect is limited in a network with uneven distribution of elephant and mouse flows.Through the reliability evaluation of nodes and links,ESMD-Flow always forwards the packets to the most reliable multiple paths.Hence,ESMD-Flow keeps the overall network link utilization at a high level and has much better network performance.

Figure 9. The network throughput comparison of the three schemes.

Experiment 5: average retransmission ratio and outof-order ratio comparison

When evaluating the throughput performance of ESMD-Flow, we found that ESMD-Flow will cause some TCP retransmission and out-of-order packets.To further analyze the transmission performance of ESMD-Flow,we count the ratio of retransmission and out-of-order packets.The experimental results are shown in Figure 10.In terms of the retransmission and out-of-order packets, ESMD-Flow has the worst performance than the other mechanisms.Concretely,the retransmission ratio and out-of-order ratio of ESMDFlow are 3.1%and 7.3%respectively,which is larger than OSPF (1.1% and 0.9%) and ECMP (2.8% and 5.7%).This is because ESMD-Flow uses the multipath and multi-protocol hybrid forwarding mechanism, whose link performance are greatly different from different paths.In other words, ESMD-Flow suffers from a higher retransmission ratio and out-oforder ratio due to the greatly difference between different paths.Hence, ESMD-Flow performs better in terms of throughput and security,but causes more retransmission ratio and out-of-order ratio.In the future,we will further improve the flow routing strategy to reduce the retransmission and out-of-order packets.

Figure 10. Average retransmission ratio and out-of-order ratio comparison of the three schemes.

VI.CONCLUSION

In order to achieve the secure transmission of flows in the Air-Space-Ground Integrated Network,inspired by the Mimic Defense theory, we propose an intelligent flow forwarding scheme with endogenous security named ESMD-Flow.ESMD-Flow introduces the SDN architecture and programmable data plane into the integrated network to implement multipath routing and multi-protocol hybrid forwarding mechanism to improve the secure transmission capability of data flows.Specifically, our proposed ESMD-Flow can implement multipath routing strategy based on reliability evaluation of node and link to guarantee that flows are always forwarded along the most reliable multiple paths.Meantime, a multi-protocol hybrid forwarding strategy is designed to realize the multiprotocol dynamic forwarding of flows for preventing network eavesdropping attacks.The simulation results show that while achieve the better QoS performance,ESMD-Flow can significantly improve the average path reliability for routing and increase the difficulty of network eavesdropping.As a future work,we will test the algorithm in a physical network.

ACKNOWLEDGEMENT

The work has been supported by the National Key Research and Development Program of China under Grant 2020YFB1804803, the National Natural Science Foundation of China under Grant 61872382,and the Research and Development Program in Key Areas of Guangdong Province under Grant No.2018B010113001.