Top

Mobile Networks and Applications

Published in:

28-10-2019

SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure

Published in: Mobile Networks and Applications | Issue 6/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

DDoS botnet attacks such as Advanced Persistent & Ransom DoS assaults, Botnets and Application DDoS flood attacks are examples of multi-vector, sophisticated application-layer attacks. Conventional IT security approaches are centralized and have limitations in terms of scale, network-wide monitoring and resources for distributed detection. This paper proposes a newer approach that integrates multi-layer cooperative security intelligence on to a converged Software-Defined-Networking/Network-Function-Virtualization architecture in typical Multi-access Edge Computing (MEC) scenario. The key features of framework include: a) distributed lightweight real-time DDoS Threat Analytics and Response Framework (DTARS), to identify DDoS/botnets closer to the source of attacks b) behavioral monitoring and profiling functions in data plane and validation of control plane operations, c) advanced correlation, signature, and anomaly detection techniques, d) real-time threat analytics system e) scalable and agile mitigation mechanisms based on a stateful-data plane and security-aware SDN stack. We evaluate the performance of DTARS framework within three practical MEC case studies: SDN enabled Mobile LTE MEC network, SDN enabled IoT MEC network and Software-Defined Datacenter Edge network. In comparison to legacy MEC network, DTARS incurs about 60% less overhead than the Legacy LTE and 40% lesser than a prior OVS SDN based MEC-LTE solution, detection speed that was about 10x faster, detection accuracy of about 96% at different attack intensities and improves the overall end-to-end connection management performance under rapid scaling of end users.

previous article Extreme Gradient Boost Classification Based Interesting User Patterns Discovery for Web Service Composition

next article Editorial: Intelligent Cognitive Internet of Integrated Space and Terrestrial Things

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

inform now

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

inform now

Corero DDoS Trends Report (2017) http://info.corero.com/DDoS-Trends-Report.html

Source code for IoT botnet Mirai released. https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

Symantec Internet Security Threat Report (2019). https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf

Kaspersky Securelist. DDoS Attacks, Honeypots and the Internet of Things. https://securelist.com/ddos-attacks-in-q4-2018/89565/, https://securelist.com/honeypots-and-the-internet-of-things/78751/

McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM Comput Commun Rev

Sahay R et al (2017) Elsevier) ArOMA: An SDN based autonomic DDoS mitigation framework. Computers & Security 70. https://doi.org/10.1016/j.cose.2017.07.008

Zhou L, Guo H (2017) Applying nfv/sdn in mitigating ddos attacks. Proceedings of IEEE TENCON, PenangCrossRef

Wang L et al (2018) Woodpecker: Detecting and mitigating link-flooding attacks via SDN. Elsevier Journal of Computer Networks 147:1–13. https://doi.org/10.1016/j.comnet.2018.09.021 CrossRef

Nguyen B, Choi N, Thottan M, der Merwe JV (2017) SIMECA: SDN-based IoT Mobile Edge Cloud Ar- chitecture. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 503–509

10.

Nikaein HN, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. IEEE International Conference on Communications, ICC ‘17, pp. 1–6

11.

Wang K et al (2015) A fast moving personal cloud in the mobile network, in: Proceedings of the 5th Workshop on All Things Cellular: Operations, Applications and Challenges, AllThingsCellular ‘15, ACM, New York, pp. 19–24

12.

Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud, in: 2012 IEEE 8th International Confer- ence on Wireless and Mobile Computing. Networking and Communications (WiMob)

13.

Nikaein N et al (2015) Network store: Exploring slicing in future 5g networks. In Proceedings of the 10th International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ‘15, ACM, NY, pp. 8–13

14.

Shameli-Sendi et al (2015) Taxonomy of distributed denial of service mitigation approaches for cloud computing. J Netw Comput Appl 58:165–179CrossRef

15.

Yunhe et al (2016) SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software-Defined Networks. J Netw Comput Appl 68:65–79CrossRef

16.

Kalkan et al (2016) Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey. IEEE Syst J

17.

Chang et al (2016) Detection DDoS attacks based on neural-network using Apache Spark. IEEE International Conference on (ICASI)

18.

Giotis K et al (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62(7):122–136CrossRef

19.

Nagai R et al. Design and Implementation of an OpenFlow-based TCP SYN Flood Mitigation. 2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering

20.

Han B et al (2018) OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN. Hindawi Security and Communication Networks

21.

Pan J, Yang Z (2018) Cybersecurity Challenges and Opportunities in the New Edge Computing+ IoT World. In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 29–32

22.

Massonet P et al. (2017) End-to-end security architecture for federated cloud and IoT networks. IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6

23.

Saguna, Cyber Defense – extend the perimeter with MEC DDoS Solution, https://www.saguna.net/blog/cyber-defense-extend-the-perimeter-with-mobile-edge-computing-ddos-solution/

24.

Nikaein N, Marina MK, Manickam S, Dawson A, Knopp R, Bonnet C (2014) OpenAirInterface: A flexible platform for 5g research. SIGCOMM Comput Commun Rev

25.

Schiller E, Nikaein N, Kalogeiton E, Gasparyan M, Braun T (2018) CDS-MEC: NFV/SDN-based Application Management for MEC in 5G Systems. Comput Netw 135:96–107CrossRef

26.

Ali A et al (2017) SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures. Springer International Publishing AG Computer Communications and Networks. 10.1007/978-3-319-64653-4_7

27.

Bernini G et al. Combined NFV and SDN Applications for Mitigation of Cyber-Attacks Conducted by Botnets in 5G Mobile Networks:ICN 2017: The Sixteenth International Conference on Networks

28.

Son J, Buyya R (2017) A Taxonomy of SDN-enabled Cloud Computing. ACM Comput Surv 1(1):1CrossRef

29.

Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT- GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 413–424

30.

Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 310–317

31.

Kalkan K JESS: Joint Entropy Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications. https://doi.org/10.1109/JSAC.2018.2869997

32.

ETSI, “Mobile Edge Computing (MEC); Framework and Reference Architecture.” ETSI GS MEC 003 V1.1.1 (2016-03)

33.

Yu M, Rexford J, Freedman MJ, Wang J (2010) Scalable flow-based networking with DIFANE. ACM SIGCOMM Comput Commun Rev 40(4):351–362CrossRef

34.

Afek Y, Bremler-Barr A, Shafir L (2017) Network anti-spoofing with SDN data plane. IEEE INFOCOM - IEEE Conference on Computer Communications

35.

Hesham Mekky, Fang Hao, Sarit Mukherjee, Zhi-Li Zhang, and T.V. Lakshman (2014) Application-aware data plane processing in sdn. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ‘14, pages 13–18, ACM, New York

36.

Bi Y et al (2018) Mobility Support for Fog Computing: An SDN Approach. IEEE Commun Mag

37.

Zhang PY et al (2018) Security and trust issues in Fog computing: A survey. Futur Gener Comput Syst 88:16–27CrossRef

38.

Wang D et al (2018) MiFo: A novel edge network integration framework for fog computing. Peer-to-Peer Networking and Applications

39.

Li H, Wang L (2018) Online Orchestration of Cooperative Defense against DDoS Attacks for 5G MEC. IEEE Wireless Communications and Networking Conference (WCNC)

40.

Raghunath K, Krishnan P (2018) Towards A Secure SDN Architecture. 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

41.

Akamai (2017) State of the Internet Security report. Available: https://www.akamai.com/

42.

Varga P et al (2017) Real-Time Security Services for SDN-based Datacenters. In Network and Service Management (CNSM), 2017, IFIP/IEEE International Conference on. IEEE

43.

Krishnan et al (2017) SDN Framework for Securing IoT Networks. In International Conference on Ubiquitous Communications and Network Computing, pp. 116–129. Springer, Cham

44.

Krishnan P et al. Managing Network Functions in Stateful Application Aware SDN. 2018 6th International Symposium on Security in Computing and Communications, Springer Communications in Computer and Information Science Series (CCIS), ISSN: 1865:0929

45.

Bernstein DJ. Syn cookies. Web Document. retrieved January 2013. http://cr.yp.to/syncookies.html

46.

Huang A, Nikaein N, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. in: IEEE Interna- tional Conference on Communications, ICC ‘17, pp. 1–6

47.

Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud. In: IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 784–791. https://doi.org/10.1109/WiMOB.2012.6379165

48.

Roman R, Lopez J, Mambo M (2018) Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. Futur Gener Comput Syst 78:680–698CrossRef

49.

Peng S, Fajardo JO, Khodashenas PS, Blanco B, Liberal F, Ruiz C, Turyagyenda C, Wilson M, Vadgama S (2017) QoE-Oriented Mobile Edge Service Management Leveraging SDN and NFV. Mob Inf Syst 2017

50.

Farris I, Bernabe J, Toumi N, Garcia-Carrillo D, Taleb T, Skarmeta A, Sahlin B (2017) Towards Provisioning of SDN/NFV- based Security Enablers for Integrated Protection of IoT Systems. In IEEE Conference on Standards for Communications & Networking (CSCN), pp. 1–6

51.

Aggarwal C, Srivastava K (2016) Securing IoT devices using SDN and edge computing. In 2nd International Conference on Next Generation Computing Technologies (NGCT). IEEE, pp. 877–882

52.

“SESAME Project. H2020 EU project, Available: http://www.sesame-h2020-5g-ppp.eu/Home.aspx

53.

ANASTACIA Project. H2020 EU project. Available: http://www.anastacia-h2020.eu/

54.

Shantharama P et al (2018) LayBack: SDN Management of MEC for Network Access Services and Radio Resource Sharing. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2873984

55.

Nikaein N, Vasilakos X, Huang A. LL-MEC: Enabling Low Latency Edge Applications. CLOUDNET 2018, IEEE International Conference on Cloud Networking. https://doi.org/10.1109/CloudNet.2018.8549500

56.

Dao N-N, Vu D-N, Lee Y, Park M, Cho S. MAEC-X: DDoS prevention leveraging multi-access edge computing. 2018 International Conference on Information Networking (ICOIN)

57.

Open Network Foundation ONF: https://www.opennetworking.org/

Title: SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure
Publication date: 28-10-2019
Published in: Mobile Networks and Applications / Issue 6/2019
Print ISSN: 1383-469X
Electronic ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-019-01389-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Other articles of this Issue 6/2019

Co-Existence Analysis on Satellite-Terrestrial Integrated IMT System

Prediction of Individual’s Character in Social Media Using Contextual Semantic Sentiment Analysis

Intellectual Capital as a Key Factor in the Automotive Industry

An Improved Low Complex Offset Min-Sum Based Decoding Algorithm for LDPC Codes

Application of Exact Methods in Employee Selection in Accordance with the Age Management Concept

Editorial: Current Challenges of Smart Cities and Internet of Things