Online orchestration of cooperative defense against DDoS attacks for 5G MEC

5G mobile edge computing (MEC), which pushes mobile services to the edge, has been recognized as an effective solution to enhance mobile users' quality of service, as well as to tackle the backhaul bottleneck. Although its architecture and service related techniques have drawn sufficient attentions, solutions to the security defense are still open. Therefore, we are motivated to propose a cooperative defense (CODE) framework against DDoS attacks for MEC by leveraging network function virtualization and software-defined networking architectures; in the framework, MEC nodes owning spare defense resource are orchestrated to help MEC nodes whose incoming traffic overwhelms their self-defense capability. To explore the elasticity space of CODE among multiple MEC nodes and develop an online resource management method of such CODE, we formulate the multi-requester multi-provider resource management problem for CODE, jointly considering the defense resource usage efficiency and the fairness of CODE participants. To balance complexity and performance for the formulated problem, we are motivated by online combinatorial auctions, and propose an online algorithm that has a provable performance guarantee. Finally, extending the MEC simulation platform that is used in our previous work, we validate the effectiveness in terms of resilient defense capability, fairness and computation efficiency.

[1]  Mary Baker,et al.  Measuring link bandwidths using a deterministic model of packet delay , 2000, SIGCOMM.

[2]  Hongjia Li,et al.  iCacheOS: In-RAN Caches Orchestration Strategy through Content Joint Wireless and Backhaul Routing in Small-Cell Networks , 2014, GLOBECOM 2014.

[3]  Otto Carlos Muniz Bandeira Duarte,et al.  Orchestrating Virtualized Network Functions , 2015, IEEE Transactions on Network and Service Management.

[4]  Nirwan Ansari,et al.  Cooperative RAN Caching Based on Local Altruistic Game for Single and Joint Transmissions , 2017, IEEE Communications Letters.

[5]  Guofei Gu,et al.  A First Step Toward Network Security Virtualization: From Concept To Prototype , 2015, IEEE Transactions on Information Forensics and Security.

[6]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[7]  Dan Hu,et al.  High-resolution cell breathing for improving energy efficiency of Ultra-Dense HetNets , 2015, 2015 IEEE Wireless Communications and Networking Conference (WCNC).

[8]  Hongjia Li,et al.  Real-world traffic analysis and joint caching and scheduling for in-RAN caching networks , 2016, Science China Information Sciences.

[9]  Shahar Dobzinski,et al.  An improved approximation algorithm for combinatorial auctions with submodular bidders , 2006, SODA '06.

[10]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[11]  Wei Yang,et al.  VFence: A Defense against Distributed Denial of Service Attacks Using Network Function Virtualization , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[12]  Michael D. Hirschhorn The AM-GM inequality , 2007 .