Open Access
ARTICLE
Edge-Computing with Graph Computation: A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN
Rashid Amin1, *, Mudassar Hussain2, Mohammed Alhameed3, Syed Mohsan Raza4, Fathe Jeribi3, Ali Tahir3
1 University of Engineering and Technology, Taxila, Pakistan.
2 University of Wah, Wah Cantt, Pakistan.
3 Jazan University, Jazan, Saudi Arabia.
4 Abasyn University Islamabad, Islamabad, Pakistan.
* Corresponding Author: Rashid Amin. Email: .
Computers, Materials & Continua 2020, 65(3), 1869-1890. https://doi.org/10.32604/cmc.2020.011758
Received 28 May 2020; Accepted 25 July 2020; Issue published 16 September 2020
Abstract
Software Defined Networking (SDN) being an emerging network control model
is widely recognized as a control and management platform. This model provides efficient
techniques to control and manage the enterprise network. Another emerging paradigm is
edge computing in which data processing is performed at the edges of the network instead
of a central controller. This data processing at the edge nodes reduces the latency and
bandwidth requirements. In SDN, the controller is a single point of failure. Several security
issues related to the traditional network can be solved by using SDN central management
and control. Address Spoofing and Network Intrusion are the most common attacks. These
attacks severely degrade performance and security. We propose an edge computing-based
mechanism that automatically detects and mitigates those attacks. In this mechanism, an
edge system gets the network topology from the controller and the Address Resolution
Protocol (ARP) traffic is directed to it for further analysis. As such, the controller is saved
from unnecessary processing related to addressing translation. We propose a graph
computation based method to identify the location of an attacker or intruder by
implementing a graph difference method. By using the correct location information, the
exact attacker or intruder is blocked, while the legitimate users get access to the network
resources. The proposed mechanism is evaluated in a Mininet simulator and a POX
controller. The results show that it improves system performance in terms of attack
mitigation time, attack detection time, and bandwidth requirements.
Keywords
Cite This Article
R. Amin, M. Hussain, M. Alhameed, S. Mohsan Raza, F. Jeribi
et al., "Edge-computing with graph computation: a novel mechanism to handle network intrusion and address spoofing in sdn,"
Computers, Materials & Continua, vol. 65, no.3, pp. 1869–1890, 2020.