Skip to main content
SpringerLink
Log in

SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

DDoS botnet attacks such as Advanced Persistent & Ransom DoS assaults, Botnets and Application DDoS flood attacks are examples of multi-vector, sophisticated application-layer attacks. Conventional IT security approaches are centralized and have limitations in terms of scale, network-wide monitoring and resources for distributed detection. This paper proposes a newer approach that integrates multi-layer cooperative security intelligence on to a converged Software-Defined-Networking/Network-Function-Virtualization architecture in typical Multi-access Edge Computing (MEC) scenario. The key features of framework include: a) distributed lightweight real-time DDoS Threat Analytics and Response Framework (DTARS), to identify DDoS/botnets closer to the source of attacks b) behavioral monitoring and profiling functions in data plane and validation of control plane operations, c) advanced correlation, signature, and anomaly detection techniques, d) real-time threat analytics system e) scalable and agile mitigation mechanisms based on a stateful-data plane and security-aware SDN stack. We evaluate the performance of DTARS framework within three practical MEC case studies: SDN enabled Mobile LTE MEC network, SDN enabled IoT MEC network and Software-Defined Datacenter Edge network. In comparison to legacy MEC network, DTARS incurs about 60% less overhead than the Legacy LTE and 40% lesser than a prior OVS SDN based MEC-LTE solution, detection speed that was about 10x faster, detection accuracy of about 96% at different attack intensities and improves the overall end-to-end connection management performance under rapid scaling of end users.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27
Fig. 28
Fig. 29
Fig. 30
Fig. 31
Fig. 32

Similar content being viewed by others

References

  1. Corero DDoS Trends Report (2017) http://info.corero.com/DDoS-Trends-Report.html

  2. Source code for IoT botnet Mirai released. https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

  3. Symantec Internet Security Threat Report (2019). https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf

  4. Kaspersky Securelist. DDoS Attacks, Honeypots and the Internet of Things. https://securelist.com/ddos-attacks-in-q4-2018/89565/, https://securelist.com/honeypots-and-the-internet-of-things/78751/

  5. McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J (2008) OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM Comput Commun Rev

  6. Sahay R et al (2017) Elsevier) ArOMA: An SDN based autonomic DDoS mitigation framework. Computers & Security 70. https://doi.org/10.1016/j.cose.2017.07.008

  7. Zhou L, Guo H (2017) Applying nfv/sdn in mitigating ddos attacks. Proceedings of IEEE TENCON, Penang

    Book  Google Scholar 

  8. Wang L et al (2018) Woodpecker: Detecting and mitigating link-flooding attacks via SDN. Elsevier Journal of Computer Networks 147:1–13. https://doi.org/10.1016/j.comnet.2018.09.021

    Article  Google Scholar 

  9. Nguyen B, Choi N, Thottan M, der Merwe JV (2017) SIMECA: SDN-based IoT Mobile Edge Cloud Ar- chitecture. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 503–509

  10. Nikaein HN, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. IEEE International Conference on Communications, ICC ‘17, pp. 1–6

  11. Wang K et al (2015) A fast moving personal cloud in the mobile network, in: Proceedings of the 5th Workshop on All Things Cellular: Operations, Applications and Challenges, AllThingsCellular ‘15, ACM, New York, pp. 19–24

  12. Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud, in: 2012 IEEE 8th International Confer- ence on Wireless and Mobile Computing. Networking and Communications (WiMob)

  13. Nikaein N et al (2015) Network store: Exploring slicing in future 5g networks. In Proceedings of the 10th International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ‘15, ACM, NY, pp. 8–13

  14. Shameli-Sendi et al (2015) Taxonomy of distributed denial of service mitigation approaches for cloud computing. J Netw Comput Appl 58:165–179

    Article  Google Scholar 

  15. Yunhe et al (2016) SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software-Defined Networks. J Netw Comput Appl 68:65–79

    Article  Google Scholar 

  16. Kalkan et al (2016) Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey. IEEE Syst J

  17. Chang et al (2016) Detection DDoS attacks based on neural-network using Apache Spark. IEEE International Conference on (ICASI)

  18. Giotis K et al (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62(7):122–136

    Article  Google Scholar 

  19. Nagai R et al. Design and Implementation of an OpenFlow-based TCP SYN Flood Mitigation. 2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering

  20. Han B et al (2018) OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN. Hindawi Security and Communication Networks

  21. Pan J, Yang Z (2018) Cybersecurity Challenges and Opportunities in the New Edge Computing+ IoT World. In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 29–32

  22. Massonet P et al. (2017) End-to-end security architecture for federated cloud and IoT networks. IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–6

  23. Saguna, Cyber Defense – extend the perimeter with MEC DDoS Solution, https://www.saguna.net/blog/cyber-defense-extend-the-perimeter-with-mobile-edge-computing-ddos-solution/

  24. Nikaein N, Marina MK, Manickam S, Dawson A, Knopp R, Bonnet C (2014) OpenAirInterface: A flexible platform for 5g research. SIGCOMM Comput Commun Rev

  25. Schiller E, Nikaein N, Kalogeiton E, Gasparyan M, Braun T (2018) CDS-MEC: NFV/SDN-based Application Management for MEC in 5G Systems. Comput Netw 135:96–107

    Article  Google Scholar 

  26. Ali A et al (2017) SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures. Springer International Publishing AG Computer Communications and Networks. 10.1007/978-3-319-64653-4_7

  27. Bernini G et al. Combined NFV and SDN Applications for Mitigation of Cyber-Attacks Conducted by Botnets in 5G Mobile Networks:ICN 2017: The Sixteenth International Conference on Networks

  28. Son J, Buyya R (2017) A Taxonomy of SDN-enabled Cloud Computing. ACM Comput Surv 1(1):1

    Article  Google Scholar 

  29. Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT- GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 413–424

  30. Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 310–317

  31. Kalkan K JESS: Joint Entropy Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications. https://doi.org/10.1109/JSAC.2018.2869997

  32. ETSI, “Mobile Edge Computing (MEC); Framework and Reference Architecture.” ETSI GS MEC 003 V1.1.1 (2016-03)

  33. Yu M, Rexford J, Freedman MJ, Wang J (2010) Scalable flow-based networking with DIFANE. ACM SIGCOMM Comput Commun Rev 40(4):351–362

    Article  Google Scholar 

  34. Afek Y, Bremler-Barr A, Shafir L (2017) Network anti-spoofing with SDN data plane. IEEE INFOCOM - IEEE Conference on Computer Communications

  35. Hesham Mekky, Fang Hao, Sarit Mukherjee, Zhi-Li Zhang, and T.V. Lakshman (2014) Application-aware data plane processing in sdn. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN ‘14, pages 13–18, ACM, New York

  36. Bi Y et al (2018) Mobility Support for Fog Computing: An SDN Approach. IEEE Commun Mag

  37. Zhang PY et al (2018) Security and trust issues in Fog computing: A survey. Futur Gener Comput Syst 88:16–27

    Article  Google Scholar 

  38. Wang D et al (2018) MiFo: A novel edge network integration framework for fog computing. Peer-to-Peer Networking and Applications

  39. Li H, Wang L (2018) Online Orchestration of Cooperative Defense against DDoS Attacks for 5G MEC. IEEE Wireless Communications and Networking Conference (WCNC)

  40. Raghunath K, Krishnan P (2018) Towards A Secure SDN Architecture. 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

  41. Akamai (2017) State of the Internet Security report. Available: https://www.akamai.com/

  42. Varga P et al (2017) Real-Time Security Services for SDN-based Datacenters. In Network and Service Management (CNSM), 2017, IFIP/IEEE International Conference on. IEEE

  43. Krishnan et al (2017) SDN Framework for Securing IoT Networks. In International Conference on Ubiquitous Communications and Network Computing, pp. 116–129. Springer, Cham

  44. Krishnan P et al. Managing Network Functions in Stateful Application Aware SDN. 2018 6th International Symposium on Security in Computing and Communications, Springer Communications in Computer and Information Science Series (CCIS), ISSN: 1865:0929

  45. Bernstein DJ. Syn cookies. Web Document. retrieved January 2013. http://cr.yp.to/syncookies.html

  46. Huang A, Nikaein N, Stenbock T, Ksentini A, Bonnet C (2017) Low Latency MEC Framework for SDN- based LTE/LTE-A Networks. in: IEEE Interna- tional Conference on Communications, ICC ‘17, pp. 1–6

  47. Kempf J, Johansson B, Pettersson S, Lning H, Nilsson T (2012) Moving the mobile evolved packet core to the cloud. In: IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 784–791. https://doi.org/10.1109/WiMOB.2012.6379165

  48. Roman R, Lopez J, Mambo M (2018) Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. Futur Gener Comput Syst 78:680–698

    Article  Google Scholar 

  49. Peng S, Fajardo JO, Khodashenas PS, Blanco B, Liberal F, Ruiz C, Turyagyenda C, Wilson M, Vadgama S (2017) QoE-Oriented Mobile Edge Service Management Leveraging SDN and NFV. Mob Inf Syst 2017

  50. Farris I, Bernabe J, Toumi N, Garcia-Carrillo D, Taleb T, Skarmeta A, Sahlin B (2017) Towards Provisioning of SDN/NFV- based Security Enablers for Integrated Protection of IoT Systems. In IEEE Conference on Standards for Communications & Networking (CSCN), pp. 1–6

  51. Aggarwal C, Srivastava K (2016) Securing IoT devices using SDN and edge computing. In 2nd International Conference on Next Generation Computing Technologies (NGCT). IEEE, pp. 877–882

  52. “SESAME Project. H2020 EU project, Available: http://www.sesame-h2020-5g-ppp.eu/Home.aspx

  53. ANASTACIA Project. H2020 EU project. Available: http://www.anastacia-h2020.eu/

  54. Shantharama P et al (2018) LayBack: SDN Management of MEC for Network Access Services and Radio Resource Sharing. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2873984

  55. Nikaein N, Vasilakos X, Huang A. LL-MEC: Enabling Low Latency Edge Applications. CLOUDNET 2018, IEEE International Conference on Cloud Networking. https://doi.org/10.1109/CloudNet.2018.8549500

  56. Dao N-N, Vu D-N, Lee Y, Park M, Cho S. MAEC-X: DDoS prevention leveraging multi-access edge computing. 2018 International Conference on Information Networking (ICOIN)

  57. Open Network Foundation ONF: https://www.opennetworking.org/

Download references

Acknowledgments

This research was supported by the office of Dean-Research at Amrita Vishwa Vidyapeetham, Amritapuri campus, India and the Visveswaraya Ph.D. fellowship from the Government of India.

Author information

Authors and Affiliations

  1. Center for Cybersecurity Systems and Networks, Amrita Vishwa Vidyapeetham, Amritapuri Campus Clappana PO, Kollam, Kerala, 690525, India

    Prabhakar Krishnan & Krishnashree Achuthan

  2. Department of Computer Science and Engineering, Amrita Vishwa Vidyapeetham, Amritapuri Campus Clappana PO, Kollam, Kerala, 690525, India

    Subhasri Duttagupta

Authors
  1. Prabhakar Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Subhasri Duttagupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Krishnashree Achuthan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prabhakar Krishnan.

Ethics declarations

Conflict of interest

The authors declare that they have no conflicts of interest.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Krishnan, P., Duttagupta, S. & Achuthan, K. SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure. Mobile Netw Appl 24, 1896–1923 (2019). https://doi.org/10.1007/s11036-019-01389-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-019-01389-2

Keywords

Search

Navigation