Network tomography plays a crucial role in network monitoring and management, where network topology serves as the fundamental basis for various tomography tasks including traffic matrix estimation and link performance inference. The topology information, however, can be inferred through end-to-end measurements using various inference algorithms, posing significant security risks to network infrastructure. While existing protection methods attempt to secure topology information by manipulating end-to-end delay measurements, they often require complex computation and sophisticated modification strategies, making real-time protection challenging. Moreover, these delay-based modifications typically render the measurements unusable for network monitoring, even by trusted users, as the manipulated delays distort the actual network performance characteristics. This paper presents a novel privacy-preserving framework that addresses these limitations. Our approach provides efficient topology protection while maintaining the utility of measurements for authorized network monitoring. Through extensive evaluation on both simulated and real-world networks topology, we demonstrate that our framework achieves superior privacy protection compared to existing methods while enabling trusted users to effectively monitor network performance. Our solution offers a practical approach for organizations to protect sensitive topology information without sacrificing their network monitoring capabilities.
翻译:网络层析成像在网络监控与管理中扮演着关键角色,其中网络拓扑是流量矩阵估计和链路性能推断等多种层析任务的基础。然而,拓扑信息可通过端到端测量结合多种推断算法被推测出来,这给网络基础设施带来了重大的安全风险。现有的保护方法试图通过操控端到端延迟测量来保护拓扑信息,但它们通常需要复杂的计算和精细的修改策略,使得实时保护具有挑战性。此外,这些基于延迟的修改通常会使测量数据即使对可信用户也变得无法用于网络监控,因为被操控的延迟扭曲了实际的网络性能特征。本文提出了一种新颖的隐私保护框架,以解决这些局限性。我们的方法在保持测量数据对授权网络监控的可用性的同时,提供了高效的拓扑保护。通过对仿真和真实世界网络拓扑的广泛评估,我们证明,与现有方法相比,我们的框架在实现卓越隐私保护的同时,使可信用户能够有效监控网络性能。我们的解决方案为组织提供了一种实用的方法,使其能够在不牺牲网络监控能力的前提下保护敏感的拓扑信息。