SOID: Towards an Efficient Incremental Deployment Scheme for Source Address Validation.

The current Internet makes forwarding decisions based on only destination addresses, leading to a prevalence of IP source address spoofing. To mitigate the risks posed by IP spoofing, Source Address Validation in Intra-domain and Interdomain Networks (SAVNET) has been recently proposed and become a hot topic in both academia and industry. While all network equipment can not be upgraded to support SAVNET during one night, incremental deployment is needed for network operators. However, SAVNET can not defend against all spoofing attacks under partial deployment. Thus, we need to carefully choose nodes to be deployed, to improve incentive benefits during incremental deployment. In this paper, we formulate the incremental problem and prove that the problem is NP-Complete. To efficiently solve the problem, we propose a heuristic deployment scheme named SOID (SAV protocol optimized incremental deployment). The intuitive idea of SOID is using the sink-tree to get the detectable flow sets of each router. Then, it selects the routers which have the maximum total weight during each iteration. To evaluate the performance of the proposed algorithm, we conduct comprehensive simulations with generated and real topologies. The simulation results show that SOID performs much better compared with traditional schemes, such as random deployment and minimum vertex cover algorithms, with a manageable overhead.