Mitigating DDoS Attacks in Cloud Network using Fog and SDN: A Conceptual Security Framework
K A Sadiq, A F Thompson and O A Ayeni. Mitigating DDoS Attacks in Cloud Network using Fog and SDN: A Conceptual Security Framework. International Journal of Applied Information Systems 12(32):11-16, August 2020. URL, DOI BibTeX
@article{10.5120/ijais2020451877, author = "K.A. Sadiq and A.F. Thompson and O.A. Ayeni", title = "Mitigating DDoS Attacks in Cloud Network using Fog and SDN: A Conceptual Security Framework", journal = "International Journal of Applied Information Systems", issue_date = "August 2020", volume = 12, number = 32, month = "August", year = 2020, issn = "2249-0868", pages = "11-16", url = "http://www.ijais.org/archives/volume12/number32/1095-2020451877", doi = "10.5120/ijais2020451877", publisher = "Foundation of Computer Science (FCS), NY, USA", address = "New York, USA" }
Abstract
In recent years, Cloud computing has changed the entire Information Technology (IT) domain due to bi-overlay focus points as against the traditional computer networks, i.e., capital expenditure (CapEx) and operational (OpEx) reduction. Both Cloud users’(CS) data and business reasons are stored in remote data centers and accessed through the network, typically the internet. The geographic distribution of Cloud data centers poses a risk to Cloud security. Consequently, a Distributed Denial of Service (DDoS) attacks remains the most prominent threats to Cloud data availability, confidentiality, and integrity. This paper explores Fog computing and Software-defined Networking (SDN) to mitigate Cloud networks against DDoS attacks. Fog computing center intermediate node between the CS and the data center, ”Fog computing is proposed as an additional firewall to complement the security of the Cloud networks due to its closeness to the ground, and internet of things IoT devices and also ensures better security, Quality of Service (QoS), low latency, real-time data process, location awareness, and mobility support.” Additionally, SDN that decouples the data plan (hardware) from the control plan (software) is employed to provide a global view of the Cloud network, and better management of the entire security architecture. The research presents DDoS security challenges and conceptual description of mitigating it with Fog computing and SDN.
Reference
- Chandrasekaran, K., 2015. Essentials Of Cloud Computing. London: Chapman & Hall, pp.14-17
- Osanaiye, O. A. (2015). Short Paper: IP spoofing detection for preventing DDoS attack in Cloud Computing. 2015 18th International Conference on Intelligence in Next Generation Networks, 139–141. https://doi.org/10.1109/icin.2015.7073820
- Buyya, R., & Srirama, S. N. (2019). Fog and Edge Computing: Principles and Paradigms (Wiley Series on Parallel and Distributed Computing) (1st ed.). Newyork, United States of America: Wiley.
- Osanaiye, O., Choo, K.-K. R., & Dlodlo, M. (2016). Distributed denial of service (DDoS) resilience in Cloud: Review and conceptual Cloud DDoS mitigation framework. Journal of Network and Computer Applications, 67, 147–165. https://doi.org/10.1016/j.jnca.2016.01.001
- Zhou, L., Guo, H., & Deng, G. (2019). A fog computing based approach to DDoS mitigation in IIoT systems. Computers & Security, 85, 51–62. https://doi.org/10.1016/j.cose.2019.04.017
- Ahmed, M. E., & Kim, H. (2017). DDoS Attack Mitigation in Internet of Things Using Software Defined Networking. 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), 271–276. https://doi.org/10.1109/bigdataservice.2017.41 admin. (2017, December 25). Fog Computing and Internet of Things. Retrieved from http://www.techplayon.com/fog-computing-and-internet-of-things/
- Morgan, H. (2016, December 21). Census outage marked boom year for global DDoS attacks.Retrieved from https://www.csoonline.com/article/3152724/census-outage.html
- Dharma, N. I. G., Muthohar, M. F., Prayuda, J. D. A., Priagung, K., & Choi, D. (2015). Time-based DDoS detection and mitigation for SDN controller. 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), 550–553. https://doi.org/10.1109/apnoms.2015.7275389
- Chin, T., Mountrouidou, X., Li, X., & Xiong, K. (2015). An SDN-supported collaborative approach for DDoS flooding detection and containment. MILCOM 2015 - 2015 IEEE Military Communications Conference, 1–6. https://doi.org/10.1109/milcom.2015.7357519
- Yan, Q., & Yu, F. R. (2015). Distributed denial of service attacks in software-defined networking with Cloud computing. IEEE Communications Magazine, 53(4), 52–59. https://doi.org/10.1109/mcom.2015.7081075
- Wang, S., Chavez, K. G., & Kandeepan, S. (2017). SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks. 2017 5th International Conference on Information and Communication Technology (ICoIC7), 1–6. https://doi.org/10.1109/icoict.2017.8074692
- Khakimov, A., Ateya, A. A., Muthanna, A., Gudkova, I., Markova, E., & Koucheryavy, A. (2018). IoT-fog based system structure with SDN enabled. Proceedings of the 2nd International Conference on Future Networks and Distributed Systems - ICFNDS ’18, 1–6. https://doi.org/10.1145/3231053.3231129
- Javaid, U., Siang, A. K., Aman, M. N., & Sikdar, B. (2018). Mitigating loT Device based DDoS Attacks using Blockchain. Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems - CryBlock’18, 71–76. https://doi.org/10.1145/3211933.3211946
- Bhushan, K., & Gupta, B. B. (2018). Detecting DDoS Attack using Software Defined Network (SDN) in Cloud Computing Environment. 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN), 872–877. https://doi.org/10.1109/spin.2018.8474062
- Zhang, P., Zhou, M., & Fortino, G. (2018). Security and trust issues in Fog computing: A survey. Future Generation Computer Systems, 88, 16–27. https://doi.org/10.1016/j.future.2018.05.008
- Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53. https://doi.org/10.1145/997150.997156
- Latah, M., & Toker, L. (2018). A novel intelligent approach for detecting DoS flooding attacks in software-defined networks. International Journal of Advances in Intelligent Informatics, 4(1), 11–20. https://doi.org/10.26555/ijain.v4i1.138
- Wani, A., & Revathi, S. (2020). DDoS Detection and Alleviation in IoT using SDN (SDIoT-DDoS-DA). Journal of The Institution of Engineers (India): Series B, 101(2), 117–128. https://doi.org/10.1007/s40031-020-00442-z
- Yu, J., Kim, E., Kim, H., & Huh, J. H. (2020). Design of a Framework to Detect Device Spoofing Attacks Using Network Characteristics. IEEE Consumer Electronics Magazine, 9(2), 34–40. https://doi.org/10.1109/mce.2019.2953737
- Singh, R., Tanwar, S., & Sharma, T. P. (2019). Utilization of blockchain for mitigating the distributed denial of service attacks. Security and Privacy, 3(3), 1–13. https://doi.org/10.1002/spy2.96
- Singh, R., Tanwar, S., & Sharma, T. P. (2019). Utilization of blockchain for mitigating the distributed denial of service attacks. Security and Privacy, 3(3), 1–13. https://doi.org/10.1002/spy2.96
- Priyadarshini, R., Kumar Barik, R., & Dubey, H. (2020). Fog-SDN: A light mitigation scheme for DDoS attack in fog computing framework. International Journal of Communication Systems, 33(9), 1–13. https://doi.org/10.1002/dac.4389
- Gkountis, C., Taha, M., Lloret, J., & Kambourakis, G. (2017). Lightweight algorithm for protecting SDN controller against DDoS attacks. 2017 10th IFIP Wireless and Mobile Networking Conference (WMNC), 1–6. https://doi.org/10.1109/wmnc.2017.8248858
- A.Ayeni, A., Faruk, N., & A. Sadiq, K. (2014). Energy-Efficient Planning Tool for WCDMA Heterogeneous Network Deployment. International Journal of Applied Information Systems, 6(8), 30–36. https://doi.org/10.5120/ijais14-451101
- Tomovic, S., Yoshigoe, K., Maljevic, I., & Radusinovic, I. (2016). Software-Defined Fog Network Architecture for IoT. Wireless Personal Communications, 92(1), 181–196. https://doi.org/10.1007/s11277-016-3845-0
- Stojmenovic, I., & Wen, S. (2014). The Fog Computing Paradigm: Scenarios and Security Issues. Proceedings of the 2014 Federated Conference on Computer Science and Information Systems, 1–8. https://doi.org/10.15439/2014f503
- admin. (2017, December 25). Fog Computing and Internet of Things. Retrieved from http://www.techplayon.com/fog-computing-and-internet-of-things/
- Deepali, & Bhushan, K. (2017). DDoS attack mitigation and resource provisioning in Cloud using fog computing. 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon), 308-313. doi:10.1109/smarttechcon.2017.8358387
- Yang, L., & Zhao, H. (2018). DDoS Attack Identification and Defense Using SDN Based on Machine Learning Method. 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), 174-178. doi:10.1109/i-span.2018.00036
- Arif, M., Wang, G., Wang, T., & Peng, T. (2018). SDN-Based Secure VANETs Communication with Fog Computing.Security, Privacy, and Anonymity in Computation, Communication, and Storage, 46–59. https://doi.org/10.1007/978-3-030-05345-1_4
Keywords
Cloud Computing, Fog computing, Software-defined network SDN, DDoS