SDNFV Based Threat Monitoring and Security Framework for Multi-Access Edge Computing Infrastructure

DDoS botnet attacks such as Advanced Persistent & Ransom DoS assaults, Botnets and Application DDoS flood attacks are examples of multi-vector, sophisticated application-layer attacks. Conventional IT security approaches are centralized and have limitations in terms of scale, network-wide monitoring and resources for distributed detection. This paper proposes a newer approach that integrates multi-layer cooperative security intelligence on to a converged Software-Defined-Networking/Network-Function-Virtualization architecture in typical Multi-access Edge Computing (MEC) scenario. The key features of framework include: a) distributed lightweight real-time DDoS Threat Analytics and Response Framework (DTARS), to identify DDoS/botnets closer to the source of attacks b) behavioral monitoring and profiling functions in data plane and validation of control plane operations, c) advanced correlation, signature, and anomaly detection techniques, d) real-time threat analytics system e) scalable and agile mitigation mechanisms based on a stateful-data plane and security-aware SDN stack. We evaluate the performance of DTARS framework within three practical MEC case studies: SDN enabled Mobile LTE MEC network, SDN enabled IoT MEC network and Software-Defined Datacenter Edge network. In comparison to legacy MEC network, DTARS incurs about 60% less overhead than the Legacy LTE and 40% lesser than a prior OVS SDN based MEC-LTE solution, detection speed that was about 10x faster, detection accuracy of about 96% at different attack intensities and improves the overall end-to-end connection management performance under rapid scaling of end users.

[1]  William S. Dorn,et al.  Editor's Preview… , 1969, CSUR.

[2]  Gregory Blanc,et al.  ArOMA: An SDN based autonomic DDoS mitigation framework , 2017, Comput. Secur..

[3]  Chaitanya Aggarwal,et al.  Securing IOT devices using SDN and edge computing , 2016, 2016 2nd International Conference on Next Generation Computing Technologies (NGCT).

[4]  Jinshu Su,et al.  OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN , 2018, Secur. Commun. Networks.

[5]  Shuping Peng,et al.  QoE-Oriented Mobile Edge Service Management Leveraging SDN and NFV , 2017, Mob. Inf. Syst..

[6]  Mohamed Cheriet,et al.  Taxonomy of Distributed Denial of Service mitigation approaches for cloud computing , 2015, J. Netw. Comput. Appl..

[7]  Krishnashree Achuthan,et al.  Managing Network Functions in Stateful Application Aware SDN , 2018, SSCC.

[8]  Rajkumar Buyya,et al.  A Taxonomy of Software-Defined Networking (SDN)-Enabled Cloud Computing , 2018, ACM Comput. Surv..

[9]  Gürkan Gür,et al.  Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey , 2017, IEEE Systems Journal.

[10]  Karthik Raghunath,et al.  Towards A Secure SDN Architecture , 2018, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[11]  Jianli Pan,et al.  Cybersecurity Challenges and Opportunities in the New "Edge Computing + IoT" World , 2018, SDN-NFV@CODASPY.

[12]  Jianping Wu,et al.  Woodpecker: Detecting and mitigating link-flooding attacks via SDN , 2018, Comput. Networks.

[13]  Chang-Jung Hsieh,et al.  Detection DDoS attacks based on neural-network using Apache Spark , 2016, 2016 International Conference on Applied System Innovation (ICASI).

[14]  László Kovács,et al.  Real-time security services for SDN-based datacenters , 2017, 2017 13th International Conference on Network and Service Management (CNSM).

[15]  Sukyoung Ryu,et al.  Analysis of JavaScript Programs , 2017, ACM Comput. Surv..

[16]  Rui Wang,et al.  An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[17]  Fang Hao,et al.  Application-aware data plane processing in SDN , 2014, HotSDN.

[18]  Gürkan Gür,et al.  JESS: Joint Entropy-Based DDoS Defense Scheme in SDN , 2018, IEEE Journal on Selected Areas in Communications.

[19]  Philippe Massonet,et al.  End-To-End Security Architecture for Federated Cloud and IoT Networks , 2017, 2017 IEEE International Conference on Smart Computing (SMARTCOMP).

[20]  Anna Scaglione,et al.  LayBack: SDN Management of Multi-Access Edge Computing (MEC) for Network Access Services and Radio Resource Sharing , 2018, IEEE Access.

[21]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[22]  Feng Wang,et al.  MiFo: A novel edge network integration framework for fog computing , 2019, Peer Peer Netw. Appl..

[23]  Antonio F. Gómez-Skarmeta,et al.  Towards provisioning of SDN/NFV-based security enablers for integrated protection of IoT systems , 2017, 2017 IEEE Conference on Standards for Communications and Networking (CSCN).

[24]  Lei Guo,et al.  Mobility Support for Fog Computing: An SDN Approach , 2018, IEEE Communications Magazine.

[25]  Thanasis Korakis,et al.  Network Store: Exploring Slicing in Future 5G Networks , 2015, MobiArch.

[26]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[27]  Fatih Alagöz,et al.  A distributed filtering mechanism against DDoS attacks: ScoreForCore , 2016, Comput. Networks.

[28]  Toshio Hirotsu,et al.  Design and Implementation of an OpenFlow-Based TCP SYN Flood Mitigation , 2018, 2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud).

[29]  Dimitrios P. Pezaros,et al.  SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures , 2017, Guide to Security in SDN and NFV.

[30]  Yehuda Afek,et al.  Network anti-spoofing with SDN data plane , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[31]  Sungrae Cho,et al.  MAEC-X: DDoS prevention leveraging multi-access edge computing , 2018, 2018 International Conference on Information Networking (ICOIN).

[32]  James Kempf,et al.  Moving the mobile Evolved Packet Core to the cloud , 2012, 2012 IEEE 8th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[33]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[34]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[35]  Navid Nikaein,et al.  LL-MEC: Enabling Low Latency Edge Applications , 2018, 2018 IEEE 7th International Conference on Cloud Networking (CloudNet).

[36]  Christian Bonnet,et al.  OpenAirInterface: A Flexible Platform for 5G Research , 2014, CCRV.

[37]  Marina Thottan,et al.  SIMECA: SDN-based IoT Mobile Edge Cloud Architecture , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[38]  Luying Zhou,et al.  Applying NFV/SDN in mitigating DDoS attacks , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[39]  Liming Wang,et al.  Online orchestration of cooperative defense against DDoS attacks for 5G MEC , 2018, 2018 IEEE Wireless Communications and Networking Conference (WCNC).

[40]  Krishnashree Achuthan,et al.  SDN Framework for Securing IoT Networks , 2017 .

[41]  Navid Nikaein,et al.  CDS-MEC: NFV/SDN-based Application Management for MEC in 5G Systems , 2018, Comput. Networks.

[42]  Jia Wang,et al.  Scalable flow-based networking with DIFANE , 2010, SIGCOMM '10.

[43]  Christian Bonnet,et al.  Low latency MEC framework for SDN-based LTE/LTE-A networks , 2017, 2017 IEEE International Conference on Communications (ICC).

[44]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[45]  MengChu Zhou,et al.  Security and trust issues in Fog computing: A survey , 2018, Future Gener. Comput. Syst..