SecEG: A Secure and Efficient Strategy against DDoS Attacks in Mobile Edge Computing

IF 3.9 4区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

ACM Transactions on Sensor Networks Pub Date : 2024-01-23 DOI:10.1145/3641106

Haiyang Huang, Tianhui Meng, Jianxiong Guo, Xuekai Wei, Weijia Jia

{"title":"SecEG: A Secure and Efficient Strategy against DDoS Attacks in Mobile Edge Computing","authors":"Haiyang Huang, Tianhui Meng, Jianxiong Guo, Xuekai Wei, Weijia Jia","doi":"10.1145/3641106","DOIUrl":null,"url":null,"abstract":"<p>Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%.</p>","PeriodicalId":50910,"journal":{"name":"ACM Transactions on Sensor Networks","volume":"10 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Sensor Networks","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3641106","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%.

查看原文本刊更多论文

SecEG：针对移动边缘计算中 DDoS 攻击的安全高效策略

应用层分布式拒绝服务（DDoS）攻击会占用系统资源，导致系统瘫痪，造成服务中断、经济损失等。因此，先进的深度学习技术被用于检测和缓解云基础设施中的这些攻击。然而，在移动边缘计算（MEC）中，为每个节点配备防御资源在经济上并不现实，因为这些资源在边缘设备中可能大部分都未被使用。此外，目前的方法主要集中在提高 DDoS 攻击检测的准确性和节省 CPU 资源上，忽视了在 DDoS 攻击下为良性任务有效分配计算能力。为了解决这些问题，本文介绍了 SecEG，一种针对 MEC 的安全高效的 DDoS 攻击策略，它将基于容器的任务隔离与边缘节点上的轻量级在线异常检测集成在一起。更具体地说，本文提出了一个新模型来分析 DDoS 攻击与良性任务之间的资源争用动态。随后，通过采用周期性数据包采样和实时攻击强度预测，提出了一种基于自动编码器的方法来检测 DDoS 攻击。在 DDoS 攻击期间，我们利用高效的调度方法来优化边缘资源分配和良性用户的服务质量。在真实世界的边缘环境中，我们的实验结果验证了所提出的 SecEG 策略的有效性。与传统方法相比，在激烈的 DDoS 攻击下，良性请求的服务率提高了 23%，CPU 资源节省达 35%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Sensor Networks 工程技术-电信学

CiteScore

5.90

自引率

7.30%

发文量

131

审稿时长

6 months

期刊介绍： ACM Transactions on Sensor Networks (TOSN) is a central publication by the ACM in the interdisciplinary area of sensor networks spanning a broad discipline from signal processing, networking and protocols, embedded systems, information management, to distributed algorithms. It covers research contributions that introduce new concepts, techniques, analyses, or architectures, as well as applied contributions that report on development of new tools and systems or experiences and experiments with high-impact, innovative applications. The Transactions places special attention on contributions to systemic approaches to sensor networks as well as fundamental contributions.