TY - JOUR
T1 - A Cooperative Defense Framework Against Application-Level DDoS Attacks on Mobile Edge Computing Services
AU - Li, Hongjia
AU - Yang, Chang
AU - Wang, Liming
AU - Ansari, Nirwan
AU - Tang, Ding
AU - Huang, Xueqing
AU - Xu, Zhen
AU - Hu, Dan
N1 - Funding Information:
The authors would like to thank the anonymous reviewers for their insightful comments and suggestions. This work was supported in part by the National Key R&D Program of China under Grant 2019YFB1005200 and in part by the NSF of China under Grant 61302108.
Publisher Copyright:
© 2002-2012 IEEE.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - Mobile edge computing (MEC), extending computing services from cloud to edge, is recognized as one of key pillars to facilitate real-time services and tackle backhaul bottleneck. However, it is not economically efficient to attach intensive security appliances to every MEC node to defend application-level DDoS attacks and ensure the availability of services. Thus, we explore the elasticity of security defense among MEC nodes by proposing a COoperative DEfense (CODE) framework for MEC, referred to as CODE4MEC. CODE4MEC aims to adapt to traffic changes by coordinating container-carried defensive resources among cooperative MEC nodes in an automatic way. Towards this aim, we propose four control plane functions to enable a life-cycle management for CODE4MEC, namely, CODE triggering, scheduling, coordination and releasing. However, an effective CODE4MEC requires non-trivial algorithmic schemes, in particular for CODE scheduling and coordination functions. We thus design an online combinatorial auction mechanism for real-time CODE scheduling, and prove a tighter performance bound relative to prior arts. As for CODE coordination, a flow-based traffic and context information coordination scheme is proposed to enable classical defense schemes to work properly and efficiently. Finally, using a combination of real testbed and simulation evaluations, we validate the effectiveness of CODE4MEC.
AB - Mobile edge computing (MEC), extending computing services from cloud to edge, is recognized as one of key pillars to facilitate real-time services and tackle backhaul bottleneck. However, it is not economically efficient to attach intensive security appliances to every MEC node to defend application-level DDoS attacks and ensure the availability of services. Thus, we explore the elasticity of security defense among MEC nodes by proposing a COoperative DEfense (CODE) framework for MEC, referred to as CODE4MEC. CODE4MEC aims to adapt to traffic changes by coordinating container-carried defensive resources among cooperative MEC nodes in an automatic way. Towards this aim, we propose four control plane functions to enable a life-cycle management for CODE4MEC, namely, CODE triggering, scheduling, coordination and releasing. However, an effective CODE4MEC requires non-trivial algorithmic schemes, in particular for CODE scheduling and coordination functions. We thus design an online combinatorial auction mechanism for real-time CODE scheduling, and prove a tighter performance bound relative to prior arts. As for CODE coordination, a flow-based traffic and context information coordination scheme is proposed to enable classical defense schemes to work properly and efficiently. Finally, using a combination of real testbed and simulation evaluations, we validate the effectiveness of CODE4MEC.
KW - DDoS
KW - Mobile edge computing
KW - cooperative security
KW - online scheduling
KW - prototype
UR - http://www.scopus.com/inward/record.url?scp=85107346949&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85107346949&partnerID=8YFLogxK
U2 - 10.1109/TMC.2021.3086219
DO - 10.1109/TMC.2021.3086219
M3 - Article
AN - SCOPUS:85107346949
SN - 1536-1233
VL - 22
SP - 1
EP - 18
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
IS - 1
ER -