The paper introduces a topology mutation – the novel concept in Moving Target Defense (MTD). MTD is a new technique that represents a significant shift in cyber defense. Traditional cybersecurity techniques have primarily focused on the passive defense of static networks only. In MTD approach cyber attackers are confused by making the attack surface dynamic, and thus harder to probe and infiltrate. The emergence of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technology has opened up new possibilities in network architecture management. The application of combined NFV and SDN technologies provides a unique platform for implementing MTD techniques for securing the network infrastructure by morphing the logical view of the network topology.
In the article, a validation module, being a component of an integrated system supporting routing in software defined networks (SDNRoute), is proposed and thoroughly examined. The module allows for the verification of the results provided by the optimization module before these results are deployed in the production network. Routing policies are validated for their impact on the network quality parameters and against the threat of overloading (congestion).