Open Access
ARTICLE
Edge-Computing with Graph Computation: A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN
1 University of Engineering and Technology, Taxila, Pakistan.
2 University of Wah, Wah Cantt, Pakistan.
3 Jazan University, Jazan, Saudi Arabia.
4 Abasyn University Islamabad, Islamabad, Pakistan.
* Corresponding Author: Rashid Amin. Email: .
Computers, Materials & Continua 2020, 65(3), 1869-1890. https://doi.org/10.32604/cmc.2020.011758
Received 28 May 2020; Accepted 25 July 2020; Issue published 16 September 2020
Abstract
Software Defined Networking (SDN) being an emerging network control model is widely recognized as a control and management platform. This model provides efficient techniques to control and manage the enterprise network. Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller. This data processing at the edge nodes reduces the latency and bandwidth requirements. In SDN, the controller is a single point of failure. Several security issues related to the traditional network can be solved by using SDN central management and control. Address Spoofing and Network Intrusion are the most common attacks. These attacks severely degrade performance and security. We propose an edge computing-based mechanism that automatically detects and mitigates those attacks. In this mechanism, an edge system gets the network topology from the controller and the Address Resolution Protocol (ARP) traffic is directed to it for further analysis. As such, the controller is saved from unnecessary processing related to addressing translation. We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method. By using the correct location information, the exact attacker or intruder is blocked, while the legitimate users get access to the network resources. The proposed mechanism is evaluated in a Mininet simulator and a POX controller. The results show that it improves system performance in terms of attack mitigation time, attack detection time, and bandwidth requirements.Keywords
Cite This Article
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.