Mobile Networks and Applications

, Volume 24, Issue 6, pp 1896–1923 | Cite as

SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure

  • Prabhakar KrishnanEmail author
  • Subhasri Duttagupta
  • Krishnashree Achuthan


DDoS botnet attacks such as Advanced Persistent & Ransom DoS assaults, Botnets and Application DDoS flood attacks are examples of multi-vector, sophisticated application-layer attacks. Conventional IT security approaches are centralized and have limitations in terms of scale, network-wide monitoring and resources for distributed detection. This paper proposes a newer approach that integrates multi-layer cooperative security intelligence on to a converged Software-Defined-Networking/Network-Function-Virtualization architecture in typical Multi-access Edge Computing (MEC) scenario. The key features of framework include: a) distributed lightweight real-time DDoS Threat Analytics and Response Framework (DTARS), to identify DDoS/botnets closer to the source of attacks b) behavioral monitoring and profiling functions in data plane and validation of control plane operations, c) advanced correlation, signature, and anomaly detection techniques, d) real-time threat analytics system e) scalable and agile mitigation mechanisms based on a stateful-data plane and security-aware SDN stack. We evaluate the performance of DTARS framework within three practical MEC case studies: SDN enabled Mobile LTE MEC network, SDN enabled IoT MEC network and Software-Defined Datacenter Edge network. In comparison to legacy MEC network, DTARS incurs about 60% less overhead than the Legacy LTE and 40% lesser than a prior OVS SDN based MEC-LTE solution, detection speed that was about 10x faster, detection accuracy of about 96% at different attack intensities and improves the overall end-to-end connection management performance under rapid scaling of end users.


MEC LTE SDN NFV SDNFV OpenFlow IoT Cloud Edge networks DDoS Botnet Network Security Threat Analytics Security Network Intrusion Detection system NIDS 



This research was supported by the office of Dean-Research at Amrita Vishwa Vidyapeetham, Amritapuri campus, India and the Visveswaraya Ph.D. fellowship from the Government of India.

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflicts of interest.


  1. 1.
    Corero DDoS Trends Report (2017)
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM Comput Commun RevGoogle Scholar
  6. 6.
    Sahay R et al (2017) Elsevier) ArOMA: An SDN based autonomic DDoS mitigation framework. Computers & Security 70. CrossRefGoogle Scholar
  7. 7.
    Zhou L, Guo H (2017) Applying nfv/sdn in mitigating ddos attacks. Proceedings of IEEE TENCON, PenangCrossRefGoogle Scholar
  8. 8.
    Wang L et al (2018) Woodpecker: Detecting and mitigating link-flooding attacks via SDN. Elsevier Journal of Computer Networks 147:1–13. CrossRefGoogle Scholar
  9. 9.
    Nguyen B, Choi N, Thottan M, der Merwe JV (2017) SIMECA: SDN-based IoT Mobile Edge Cloud Ar- chitecture. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 503–509Google Scholar
  10. 10.
    Nikaein HN, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. IEEE International Conference on Communications, ICC ‘17, pp. 1–6Google Scholar
  11. 11.
    Wang K et al (2015) A fast moving personal cloud in the mobile network, in: Proceedings of the 5th Workshop on All Things Cellular: Operations, Applications and Challenges, AllThingsCellular ‘15, ACM, New York, pp. 19–24Google Scholar
  12. 12.
    Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud, in: 2012 IEEE 8th International Confer- ence on Wireless and Mobile Computing. Networking and Communications (WiMob)Google Scholar
  13. 13.
    Nikaein N et al (2015) Network store: Exploring slicing in future 5g networks. In Proceedings of the 10th International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ‘15, ACM, NY, pp. 8–13Google Scholar
  14. 14.
    Shameli-Sendi et al (2015) Taxonomy of distributed denial of service mitigation approaches for cloud computing. J Netw Comput Appl 58:165–179CrossRefGoogle Scholar
  15. 15.
    Yunhe et al (2016) SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software-Defined Networks. J Netw Comput Appl 68:65–79CrossRefGoogle Scholar
  16. 16.
    Kalkan et al (2016) Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey. IEEE Syst JGoogle Scholar
  17. 17.
    Chang et al (2016) Detection DDoS attacks based on neural-network using Apache Spark. IEEE International Conference on (ICASI)Google Scholar
  18. 18.
    Giotis K et al (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62(7):122–136CrossRefGoogle Scholar
  19. 19.
    Nagai R et al. Design and Implementation of an OpenFlow-based TCP SYN Flood Mitigation. 2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and EngineeringGoogle Scholar
  20. 20.
    Han B et al (2018) OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN. Hindawi Security and Communication NetworksGoogle Scholar
  21. 21.
    Pan J, Yang Z (2018) Cybersecurity Challenges and Opportunities in the New Edge Computing+ IoT World. In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 29–32Google Scholar
  22. 22.
    Massonet P et al. (2017) End-to-end security architecture for federated cloud and IoT networks. IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6Google Scholar
  23. 23.
    Saguna, Cyber Defense – extend the perimeter with MEC DDoS Solution,
  24. 24.
    Nikaein N, Marina MK, Manickam S, Dawson A, Knopp R, Bonnet C (2014) OpenAirInterface: A flexible platform for 5g research. SIGCOMM Comput Commun RevGoogle Scholar
  25. 25.
    Schiller E, Nikaein N, Kalogeiton E, Gasparyan M, Braun T (2018) CDS-MEC: NFV/SDN-based Application Management for MEC in 5G Systems. Comput Netw 135:96–107CrossRefGoogle Scholar
  26. 26.
    Ali A et al (2017) SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures. Springer International Publishing AG Computer Communications and Networks. 10.1007/978-3-319-64653-4_7Google Scholar
  27. 27.
    Bernini G et al. Combined NFV and SDN Applications for Mitigation of Cyber-Attacks Conducted by Botnets in 5G Mobile Networks:ICN 2017: The Sixteenth International Conference on NetworksGoogle Scholar
  28. 28.
    Son J, Buyya R (2017) A Taxonomy of SDN-enabled Cloud Computing. ACM Comput Surv 1(1):1CrossRefGoogle Scholar
  29. 29.
    Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT- GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 413–424Google Scholar
  30. 30.
    Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 310–317Google Scholar
  31. 31.
    Kalkan K JESS: Joint Entropy Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications. CrossRefGoogle Scholar
  32. 32.
    ETSI, “Mobile Edge Computing (MEC); Framework and Reference Architecture.” ETSI GS MEC 003 V1.1.1 (2016-03)Google Scholar
  33. 33.
    Yu M, Rexford J, Freedman MJ, Wang J (2010) Scalable flow-based networking with DIFANE. ACM SIGCOMM Comput Commun Rev 40(4):351–362CrossRefGoogle Scholar
  34. 34.
    Afek Y, Bremler-Barr A, Shafir L (2017) Network anti-spoofing with SDN data plane. IEEE INFOCOM - IEEE Conference on Computer CommunicationsGoogle Scholar
  35. 35.
    Hesham Mekky, Fang Hao, Sarit Mukherjee, Zhi-Li Zhang, and T.V. Lakshman (2014) Application-aware data plane processing in sdn. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ‘14, pages 13–18, ACM, New YorkGoogle Scholar
  36. 36.
    Bi Y et al (2018) Mobility Support for Fog Computing: An SDN Approach. IEEE Commun MagGoogle Scholar
  37. 37.
    Zhang PY et al (2018) Security and trust issues in Fog computing: A survey. Futur Gener Comput Syst 88:16–27CrossRefGoogle Scholar
  38. 38.
    Wang D et al (2018) MiFo: A novel edge network integration framework for fog computing. Peer-to-Peer Networking and ApplicationsGoogle Scholar
  39. 39.
    Li H, Wang L (2018) Online Orchestration of Cooperative Defense against DDoS Attacks for 5G MEC. IEEE Wireless Communications and Networking Conference (WCNC)Google Scholar
  40. 40.
    Raghunath K, Krishnan P (2018) Towards A Secure SDN Architecture. 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT)Google Scholar
  41. 41.
    Akamai (2017) State of the Internet Security report. Available:
  42. 42.
    Varga P et al (2017) Real-Time Security Services for SDN-based Datacenters. In Network and Service Management (CNSM), 2017, IFIP/IEEE International Conference on. IEEEGoogle Scholar
  43. 43.
    Krishnan et al (2017) SDN Framework for Securing IoT Networks. In International Conference on Ubiquitous Communications and Network Computing, pp. 116–129. Springer, ChamGoogle Scholar
  44. 44.
    Krishnan P et al. Managing Network Functions in Stateful Application Aware SDN. 2018 6th International Symposium on Security in Computing and Communications, Springer Communications in Computer and Information Science Series (CCIS), ISSN: 1865:0929Google Scholar
  45. 45.
    Bernstein DJ. Syn cookies. Web Document. retrieved January 2013.
  46. 46.
    Huang A, Nikaein N, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. in: IEEE Interna- tional Conference on Communications, ICC ‘17, pp. 1–6Google Scholar
  47. 47.
    Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud. In: IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 784–791.
  48. 48.
    Roman R, Lopez J, Mambo M (2018) Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. Futur Gener Comput Syst 78:680–698CrossRefGoogle Scholar
  49. 49.
    Peng S, Fajardo JO, Khodashenas PS, Blanco B, Liberal F, Ruiz C, Turyagyenda C, Wilson M, Vadgama S (2017) QoE-Oriented Mobile Edge Service Management Leveraging SDN and NFV. Mob Inf Syst 2017Google Scholar
  50. 50.
    Farris I, Bernabe J, Toumi N, Garcia-Carrillo D, Taleb T, Skarmeta A, Sahlin B (2017) Towards Provisioning of SDN/NFV- based Security Enablers for Integrated Protection of IoT Systems. In IEEE Conference on Standards for Communications & Networking (CSCN), pp. 1–6Google Scholar
  51. 51.
    Aggarwal C, Srivastava K (2016) Securing IoT devices using SDN and edge computing. In 2nd International Conference on Next Generation Computing Technologies (NGCT). IEEE, pp. 877–882Google Scholar
  52. 52.
    “SESAME Project. H2020 EU project, Available:
  53. 53.
    ANASTACIA Project. H2020 EU project. Available:
  54. 54.
    Shantharama P et al (2018) LayBack: SDN Management of MEC for Network Access Services and Radio Resource Sharing. IEEE Access. CrossRefGoogle Scholar
  55. 55.
    Nikaein N, Vasilakos X, Huang A. LL-MEC: Enabling Low Latency Edge Applications. CLOUDNET 2018, IEEE International Conference on Cloud Networking.
  56. 56.
    Dao N-N, Vu D-N, Lee Y, Park M, Cho S. MAEC-X: DDoS prevention leveraging multi-access edge computing. 2018 International Conference on Information Networking (ICOIN)Google Scholar
  57. 57.
    Open Network Foundation ONF:

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Prabhakar Krishnan
    • 1
    Email author
  • Subhasri Duttagupta
    • 2
  • Krishnashree Achuthan
    • 1
  1. 1.Center for Cybersecurity Systems and NetworksKollamIndia
  2. 2.Department of Computer Science and EngineeringAmrita Vishwa VidyapeethamKollamIndia

Personalised recommendations