Today, telecommunication networks are crucial infrastructures, as has, for example, been demonstrated by the COVID-19 crisis. Thus, protecting such infrastructures, including software-defined based networks (SDN), is of the utmost importance for network providers to assure society has constant access to reliable services. Targeted attacks on SDN can seriously affect their connectivity and thus service continuity. Such an attack, launched on network nodes, divides the network into disjoint components and, since the number of SDN controllers is limited, results in isolating a significant proportion of nodes from the (surviving) controllers, causing major disruptions in service availability. In this paper, we present an optimization approach which can be used by the SDN network operator to properly locate the controllers by taking into account predictable sets of critical targeted attacks on network topology. The proposed approach includes an algorithm for predicting, on the basis of appropriately defined attack effectiveness measures, the sets of most dangerous attacks. Such sets are then used as input data for controller placement optimization, which is performed by means of mixed-integer programming methods. In the optimization, the impact of the considered attacks is measured by a novel network availability measure. To minimize the consequences of attacks we consider additional backup controllers. Finally, we present results of a numerical study based on the introduced approach that illustrate the effectiveness of our approach.

如今，电信网络已成为至关重要的基础设施，例如COVID-19危机已证明了这一点。因此，保护​​此类基础设施（包括基于软件定义的网络（SDN））对于网络提供商至关重要，以确保社会不断获得可靠的服务。对SDN的定向攻击会严重影响其连接性，进而影响服务的连续性。在网络节点上发起的这种攻击将网络划分为不相交的组件，并且由于SDN控制器的数量有限，导致将大量节点与（幸存的）控制器隔离开，从而导致服务可用性的重大中断。在本文中，我们提出了一种优化方法，SDN网络运营商可以通过考虑可预测的网络拓扑关键目标攻击集来正确定位控制器。所提出的方法包括一种算法，该算法用于在适当定义的攻击有效性度量的基础上预测最危险的攻击集。然后将这些集合用作控制器布局优化的输入数据，该数据是通过混合整数编程方法执行的。在优化中，通过新颖的网络可用性度量来衡量所考虑的攻击的影响。为了最大程度地减少攻击的后果，我们考虑使用其他备份控制器。最后，我们介绍了一种基于所介绍方法的数值研究结果，该结果说明了我们方法的有效性。