skip to main content
research-article

SecEG: A Secure and Efficient Strategy against DDoS Attacks in Mobile Edge Computing

Published: 23 February 2024 Publication History

Abstract

Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%.

References

[1]
Neha Agrawal and Shashikala Tapaswi. 2019. Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Communications Surveys & Tutorials 21, 4 (2019), 3769–3795.
[2]
Ketan Bhardwaj, Joaquin Chung Miranda, and Ada Gavrilovska. 2018. Towards IoT-DDoS prevention using edge computing. In \(\lbrace\)USENIX\(\rbrace\) Workshop on Hot Topics in Edge Computing (HotEdge 18).
[3]
Raghavendra Chalapathy and Sanjay Chawla. 2019. Deep learning for anomaly detection: A survey. arXiv preprint arXiv:1901.03407 (2019), 1–50. DOI:
[4]
Michele De Donno, Nicola Dragoni, Alberto Giaretta, and Angelo Spognardi. 2018. DDoS-capable IoT malwares: Comparative analysis and Mirai investigation. Security and Communication Networks 2018 (2018), 1–30. DOI:
[5]
Wenhao Fan, Liang Zhao, Xun Liu, Yi Su, Shenmeng Li, Fan Wu, and Yuan’an Liu. 2022. Collaborative service placement, task scheduling, and resource allocation for task offloading with edge-cloud cooperation. IEEE Transactions on Mobile Computing (2022), 1–18. DOI:
[6]
Chunhui Feng, Zhong Shen, Qinghai Yang, and Weihua Wu. 2022. Two-stage task offloading optimization with large deviation delay analysis in IoT networks. IEEE Transactions on Communications 70, 3 (2022), 1834–1847.
[7]
Sahil Garg, Kuljeet Kaur, Neeraj Kumar, Georges Kaddoum, Albert Y. Zomaya, and Rajiv Ranjan. 2019. A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Transactions on Network and Service Management 16, 3 (2019), 924–935.
[8]
Dongqi Han, Zhiliang Wang, Wenqi Chen, Ying Zhong, Su Wang, Han Zhang, Jiahai Yang, Xingang Shi, and Xia Yin. 2021. DeepAID: Interpreting and improving deep learning-based anomaly detection in security applications. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 3197–3217.
[9]
Qiang He, Cheng Wang, Guangming Cui, Bo Li, Rui Zhou, Qingguo Zhou, Yang Xiang, Hai Jin, and Yun Yang. 2022. A game-theoretical approach for mitigating edge DDoS attack. IEEE Transactions on Dependable and Secure Computing 19, 4 (2022), 2333–2348.
[10]
Cheol-Ho Hong and Blesson Varghese. 2019. Resource management in fog/edge computing: A survey on architectures, infrastructure, and algorithms. ACM Computing Surveys (CSUR) 52, 5 (2019), 1–37.
[11]
Ladislav Huraj, Marek Simon, and Tibor Horák. 2018. IoT measuring of UDP-based distributed reflective DoS attack. In 2018 IEEE 16th International Symposium on Intelligent Systems and Informatics (SISY). IEEE, 000209–000214.
[12]
Junzhong Jia, Lei Yang, and Jiannong Cao. 2021. Reliability-aware dynamic service chain scheduling in 5G networks based on reinforcement learning. In IEEE INFOCOM 2021-IEEE Conference on Computer Communications. IEEE, 1–10.
[13]
Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, and Jeffrey Voas. 2017. DDoS in the IoT: Mirai and other botnets. Computer 50, 7 (2017), 80–84.
[14]
Iordanis Koutsopoulos. 2021. The impact of baseband functional splits on resource allocation in 5G radio access networks. In IEEE INFOCOM 2021-IEEE Conference on Computer Communications. IEEE, 1–10.
[15]
Hongjia Li, Chang Yang, Liming Wang, Nirwan Ansari, Ding Tang, Xueqing Huang, Zhen Xu, and Dan Hu. 2021. A cooperative defense framework against application-level DDoS attacks on mobile edge computing services. IEEE Transactions on Mobile Computing (2021). DOI:
[16]
Keqin Li. 2019. Computation offloading strategy optimization with multiple heterogeneous servers in mobile edge computing. IEEE Transactions on Sustainable Computing (2019), 1–15. DOI:
[17]
Siyi Liao, Jun Wu, Shahid Mumtaz, Jianhua Li, Rosario Morello, and Mohsen Guizani. 2022. Cognitive balance for fog computing resource in internet of things: An edge learning approach. IEEE Trans. Mob. Comput. 21, 5 (2022), 1596–1608.
[18]
Zhuofan Liao, Jingsheng Peng, Jiawei Huang, Jianxin Wang, Jin Wang, Pradip Kumar Sharma, and Uttam Ghosh. 2021. Distributed probabilistic offloading in edge computing for 6G-enabled massive internet of things. IEEE Internet of Things Journal 8, 7 (2021), 5298–5308.
[19]
Jianhua Liu, Xin Wang, Shigen Shen, Guangxue Yue, Shui Yu, and Minglu Li. 2020. A Bayesian Q-learning game for dependable task offloading against DDoS attacks in sensor edge cloud. IEEE Internet of Things Journal 8, 9 (2020), 7546–7561.
[20]
Liqing Liu, Zheng Chang, and Xijuan Guo. 2018. Socially aware dynamic computation offloading scheme for fog computing system with energy harvesting devices. IEEE Internet of Things Journal 5, 3 (2018), 1869–1879.
[21]
Liqing Liu, Zheng Chang, Xijuan Guo, Shiwen Mao, and Tapani Ristaniemi. 2018. Multiobjective optimization for computation offloading in fog computing. IEEE Internet of Things Journal 5, 1 (2018), 283–294.
[22]
Yumeng Liu, Hongan Wang, Xu Zheng, and Ling Tian. 2023. An efficient framework for unsupervised anomaly detection over edge-assisted internet of things. ACM Trans. Sen. Netw. (April2023). DOI:Just Accepted.
[23]
Zhicheng Liu and Junxing Zhang. 2018. Launching low-rate DoS attacks with cache-enabled WiFi offloading. In 2018 14th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN). 171–176.
[24]
Moreno Marzolla. 2022. Queueing networks and Markov chains analysis with the Octave queueing package. SIGMETRICS Perform. Eval. Rev. 49, 4 (June2022), 47–52.
[25]
Shagufta Mehnaz and Elisa Bertino. 2020. Privacy-preserving real-time anomaly detection using edge computing. In 2020 IEEE 36th International Conference on Data Engineering (ICDE). IEEE, 469–480.
[26]
Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. 2018. Kitsune: An ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018). DOI:
[27]
Sowmya Myneni, Ankur Chowdhary, Dijiang Huang, and Adel Alshamrani. 2022. SmartDefense: A distributed deep defense against DDoS attacks with edge computing. Computer Networks 209 (2022), 108874.
[28]
Mao V. Ngo, Tie Luo, Hakima Chaouchi, and Tony Q. S. Quek. 2020. Contextual-bandit anomaly detection for IoT data in distributed hierarchical edge computing. In 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). IEEE, 1227–1230.
[29]
Siddharth Reddy, Igor Labutov, and Siddhartha Banerjee. 2016. A queueing network model for spaced repetition. In Proceedings of the Third (2016) ACM Conference on Learning@ Scale. 289–292.
[30]
Jaspreet Singh, Yahuza Bello, Ahmed Refaey Hussein, Aiman Erbad, and Amr Mohamed. 2020. Hierarchical security paradigm for IoT multiaccess edge computing. IEEE Internet of Things Journal 8, 7 (2020), 5794–5805.
[31]
William J. Stewart. 2009. Probability, Markov Chains, Queues, and Simulation: The Mathematical Basis of Performance Modeling. Princeton University Press.
[32]
Zhiqing Tang, Jiong Lou, and Weijia Jia. 2023. Layer dependency-aware learning scheduling algorithms for containers in mobile edge computing. IEEE Transactions on Mobile Computing 22, 6 (2023), 3444–3459.
[33]
Judith Timmer and Werner Scheinhardt. 2018. Customer and cost sharing in a Jackson network. International Game Theory Review 20, 03 (2018), 1850002.
[34]
Loïc D. Tsobdjou, Samuel Pierre, and Alejandro Quintero. 2022. An online entropy-based DDoS flooding attack detection system with dynamic threshold. IEEE Transactions on Network and Service Management (2022).
[35]
Yinhao Xiao, Yizhen Jia, Chunchi Liu, Xiuzhen Cheng, Jiguo Yu, and Weifeng Lv. 2019. Edge computing security: State of the art and challenges. Proc. IEEE 107, 8 (2019), 1608–1631.
[36]
Yang Xu and Yong Liu. 2016. DDoS attack detection under SDN context. In IEEE INFOCOM 2016-the 35th Annual IEEE International Conference on Computer Communications. IEEE, 1–9.
[37]
Shui Yu, Theerasak Thapngam, Jianwen Liu, Su Wei, and Wanlei Zhou. 2009. Discriminating DDoS flows from flash crowds using information distance. In 2009 Third International Conference on Network and System Security. IEEE, 351–356.
[38]
Mengqi Zhan, Yang Li, Huiran Yang, Guangxi Yu, Bo Li, and Weiping Wang. 2023. Coda: Runtime detection of application-layer CPU-exhaustion DoS attacks in containers. IEEE Transactions on Services Computing 16, 3 (2023), 1686–1697.
[39]
Qinglong Zhang, Rui Han, Gaofeng Xin, Chi Harold Liu, Guoren Wang, and Lydia Y. Chen. 2022. Lightweight and accurate DNN-based anomaly detection at edge. IEEE Transactions on Parallel and Distributed Systems 33, 11 (2022), 2927–2942.
[40]
Yingqi Zhao, Yajie Li, Jun Li, Mingzhe Liu, Yifan Niu, Yongli Zhao, and Jie Zhang. 2020. Traffic scheduling strategy for mitigating DDoS attack in edge computing-enabled TWDM-PON. In 2020 Opto-Electronics and Communications Conference (OECC). IEEE, 1–4.

Cited By

View all
  • (2024)EdgeShield: Enabling Collaborative DDoS Mitigation at the EdgeIEEE Transactions on Mobile Computing10.1109/TMC.2024.344326023:12(14502-14513)Online publication date: 1-Dec-2024
  • (2024)Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using KubernetesIEEE Access10.1109/ACCESS.2024.350119212(172980-172991)Online publication date: 2024

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Sensor Networks
ACM Transactions on Sensor Networks  Volume 20, Issue 3
May 2024
634 pages
EISSN:1550-4867
DOI:10.1145/3613571
  • Editor:
  • Wen Hu
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 23 February 2024
Online AM: 23 January 2024
Accepted: 06 January 2024
Revised: 27 September 2023
Received: 16 April 2023
Published in TOSN Volume 20, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Mobile edge computing
  2. DDoS attacks
  3. container
  4. queue networks
  5. scheduling

Qualifiers

  • Research-article

Funding Sources

  • Guangdong Key Lab of AI and Multi-modal Data Processing
  • United International College (UIC), Zhuhai
  • Computer Science
  • Chinese National Research Fund (NSFC)
  • Guangdong Basic and Applied Basic Research Fund
  • The Institute of Artificial Intelligence and Future Networks
  • Beijing Normal University (Zhuhai) Guangdong
  • China Zhuhai Science-Tech Innovation Bureau
  • Interdisciplinary Intelligence SuperComputer Center of Beijing Normal University Zhuhai

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)437
  • Downloads (Last 6 weeks)35
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)EdgeShield: Enabling Collaborative DDoS Mitigation at the EdgeIEEE Transactions on Mobile Computing10.1109/TMC.2024.344326023:12(14502-14513)Online publication date: 1-Dec-2024
  • (2024)Flexible and Lightweight Mitigation Framework for Distributed Denial-of-Service Attacks in Container-Based Edge Networks Using KubernetesIEEE Access10.1109/ACCESS.2024.350119212(172980-172991)Online publication date: 2024

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

Full Text

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media