Vol.65, No.3, 2020, pp.1869-1890, doi:10.32604/cmc.2020.011758
OPEN ACCESS
ARTICLE
Edge-Computing with Graph Computation: A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN
  • Rashid Amin1, *, Mudassar Hussain2, Mohammed Alhameed3, Syed Mohsan Raza4, Fathe Jeribi3, Ali Tahir3
1 University of Engineering and Technology, Taxila, Pakistan.
2 University of Wah, Wah Cantt, Pakistan.
3 Jazan University, Jazan, Saudi Arabia.
4 Abasyn University Islamabad, Islamabad, Pakistan.
* Corresponding Author: Rashid Amin. Email: rashid.sdn1@gmail.com.
Received 28 May 2020; Accepted 25 July 2020; Issue published 16 September 2020
Abstract
Software Defined Networking (SDN) being an emerging network control model is widely recognized as a control and management platform. This model provides efficient techniques to control and manage the enterprise network. Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller. This data processing at the edge nodes reduces the latency and bandwidth requirements. In SDN, the controller is a single point of failure. Several security issues related to the traditional network can be solved by using SDN central management and control. Address Spoofing and Network Intrusion are the most common attacks. These attacks severely degrade performance and security. We propose an edge computing-based mechanism that automatically detects and mitigates those attacks. In this mechanism, an edge system gets the network topology from the controller and the Address Resolution Protocol (ARP) traffic is directed to it for further analysis. As such, the controller is saved from unnecessary processing related to addressing translation. We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method. By using the correct location information, the exact attacker or intruder is blocked, while the legitimate users get access to the network resources. The proposed mechanism is evaluated in a Mininet simulator and a POX controller. The results show that it improves system performance in terms of attack mitigation time, attack detection time, and bandwidth requirements.
Keywords
Software Defined Networking (SDN), edge computing, Address Resolution Protocol (ARP), ARP inspection, security, graph difference.
Cite This Article
Amin, R., Hussain, M., Alhameed, M., Raza, S. M., Jeribi, F. et al. (2020). Edge-Computing with Graph Computation: A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN. CMC-Computers, Materials & Continua, 65(3), 1869–1890.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.