Deployment of Robust Security Scheme in SDN Based 5G Network over NFV Enabled Cloud Environment

In this Modern era, Software Defined Network (SDN), Network Function Virtualization (NFV), and cloud computing participating of Fifth Generation (5G) network emergence. This paper presents a robust security scheme to provide fortification against major threats along with user privacy in 5G network, two additional entities are introduced. For mobile users, initial authentication is provided at access points by an inventive Highly Secured Authentication and Handover Mechanism (HSAOHM) scheme. Which minimize handover latency without loss of user privacy. Then the authorized user packets are arrived at dispatcher in which a novel Tree Based Switch Assignment (TBSA) algorithm is incorporated. TBSA mitigates the flow table overloading attack by assigning packets to underloaded switches. In controller, DDoS attack is detected with the assist of entropy analysis. Then the suspicious packets are redirected to scrubbing Virtual Network Function (sVNF) in cloud. In sVNF, suspicious packets are classified into normal packets and malicious packets by using Hybrid Fuzzy with Artificial Neural Network (HF-ANN) classifier based on packet features. Normal packets are allowed to access applications whereas malicious packets are dropped at sVNF. Extensive simulation shows security improvement in 5G network in terms of handover latency, holding time, switch failure rate, detection accuracy, and delay.

[1]  Min Chen,et al.  Software-Defined Network Function Virtualization: A Survey , 2015, IEEE Access.

[2]  Raimo Kantola,et al.  Enhancing Security of Software Defined Mobile Networks , 2017, IEEE Access.

[3]  Ilsun You,et al.  SPFP: Ticket-based secure handover for fast proxy mobile IPv6 in 5G networks , 2017, Comput. Networks.

[4]  Tanesh Kumar,et al.  Overview of 5G Security Challenges and Solutions , 2018, IEEE Communications Standards Magazine.

[5]  Jeongho Kwak,et al.  Hybrid Content Caching in 5G Wireless Networks: Cloud Versus Edge Caching , 2018, IEEE Transactions on Wireless Communications.

[6]  Yuan-Cheng Lai,et al.  An extended SDN architecture for network function virtualization with a case study on intrusion prevention , 2015, IEEE Network.

[7]  Nicolae Paladi,et al.  Providing User Security Guarantees in Public Infrastructure Clouds , 2017, IEEE Transactions on Cloud Computing.

[8]  Dijiang Huang,et al.  Brew: A Security Policy Analysis Framework for Distributed SDN-Based Cloud Environments , 2019, IEEE Transactions on Dependable and Secure Computing.

[9]  Laxmana Rao Battula Network Security Function Virtualization(NSFV) towards Cloud computing with NFV Over Openflow infrastructure: Challenges and novel approaches , 2014, 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[10]  Hai Jin,et al.  Defending Against Flow Table Overloading Attack in Software-Defined Networks , 2019, IEEE Transactions on Services Computing.

[11]  Muttukrishnan Rajarajan,et al.  Cloud Security Engineering: Theory, Practice and Future Research , 2017, IEEE Trans. Cloud Comput..

[12]  H. Jonathan Chao,et al.  STAR: Preventing flow-table overflow in software-defined networks , 2017, Comput. Networks.

[13]  Yan Han,et al.  Recent advances and future challenges for mobile network virtualization , 2017, Science China Information Sciences.

[14]  Luigi V. Mancini,et al.  A Novel Stealthy Attack to Gather SDN Configuration-Information , 2020, IEEE Transactions on Emerging Topics in Computing.

[15]  Yazhe Tang,et al.  Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense , 2018, Secur. Commun. Networks.

[16]  Dimitrios Kritharidis,et al.  Policy based virtualised security architecture for SDN/NFV enabled 5G access networks , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[17]  Safaa O. Al-Mamory,et al.  Using DBSCAN Clustering Algorithm in Detecting DDoS Attack , 2016 .

[18]  Sundeep Rangan,et al.  Improved Handover Through Dual Connectivity in 5G mmWave Mobile Networks , 2016, IEEE Journal on Selected Areas in Communications.

[19]  Chen Qian,et al.  SDN-Based Privacy Preserving Cross Domain Routing , 2019, IEEE Transactions on Dependable and Secure Computing.

[20]  Xianbin Wang,et al.  Authentication handover and privacy protection in 5G hetnets using software-defined networking , 2015, IEEE Communications Magazine.

[21]  Jiann-Liang Chen,et al.  Software-Defined Network Virtualization Platform for Enterprise Network Resource Management , 2016, IEEE Transactions on Emerging Topics in Computing.

[22]  H. S. Al-Raweshidy,et al.  A Resource Allocation Mechanism for Cloud Radio Access Network Based on Cell Differentiation and Integration Concept , 2018, IEEE Transactions on Network Science and Engineering.

[23]  Naoaki Yamanaka,et al.  Network Function Virtualization: A Survey , 2017, IEICE Trans. Commun..

[24]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[25]  Hyogon Kim,et al.  Controller scheduling for continued SDN operation under DDoS attacks , 2015 .

[26]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[27]  AKHIL GUPTA,et al.  A Survey of 5G Network: Architecture and Emerging Technologies , 2015, IEEE Access.

[28]  Raj Jain,et al.  Network virtualization and software defined networking for cloud computing: a survey , 2013, IEEE Communications Magazine.

[29]  Andres Garcia-Saavedra,et al.  5G-Crosshaul: An SDN/NFV Integrated Fronthaul/Backhaul Transport Network Architecture , 2017, IEEE Wireless Communications.

[30]  Min Chen,et al.  Green and Mobility-Aware Caching in 5G Networks , 2017, IEEE Transactions on Wireless Communications.

[31]  Zonghua Zhang,et al.  Towards Autonomic DDoS Mitigation using Software Defined Networking , 2015 .

[32]  Zhangjie Fu,et al.  A novel optimized vertical handover framework for seamless networking integration in cyber-enabled systems , 2018, Future Gener. Comput. Syst..

[33]  Berk Canberk,et al.  Handover Management in Software-Defined Ultra-Dense 5G Networks , 2017, IEEE Network.

[34]  Victor Valeriu Patriciu,et al.  Bio-cryptographic authentication in cloud storage sharing , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[35]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[36]  Mingyan Liu,et al.  Provision of Public Goods on Networks: On Existence, Uniqueness, and Centralities , 2016, IEEE Transactions on Network Science and Engineering.

[37]  Fang-Yie Leu,et al.  Secure and efficient protocol for fast handover in 5G mobile Xhaul networks , 2018, J. Netw. Comput. Appl..