A Cooperative Defense Framework Against Application-Level DDoS Attacks on Mobile Edge Computing Services
Hongjia Li, Yang Chang, Liming Wang, Nirwan Ansari, Ding Yuan Tang, Xueqing Huang, Zhen Xu, Dan Hu
Abstract
Mobile edge computing (MEC), extending computing services from cloud to edge, is recognized as one of key pillars to facilitate real-time services and tackle backhaul bottleneck. However, it is not economically efficient to attach intensive security appliances to every MEC node to defend application-level DDoS attacks and ensure the availability of services. Thus, we explore the elasticity of security defense among MEC nodes by proposing a COoperative DEfense ( <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">CODE</i> ) framework for MEC, referred to as <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">CODE4MEC</i> . CODE4MEC aims to adapt to traffic changes by coordinating container-carried defensive resources among cooperative MEC nodes in an automatic way. Towards this aim, we propose four control plane functions to enable a life-cycle management for CODE4MEC, namely, CODE triggering, scheduling, coordination and releasing. However, an effective CODE4MEC requires non-trivial algorithmic schemes, in particular for CODE scheduling and coordination functions. We thus design an online combinatorial auction mechanism for real-time CODE scheduling, and prove a tighter performance bound relative to prior arts. As for CODE coordination, a flow-based traffic and context information coordination scheme is proposed to enable classical defense schemes to work properly and efficiently. Finally, using a combination of real testbed and simulation evaluations, we validate the effectiveness of CODE4MEC.