AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Search articles, authors, keywords, DOl and etc.

Published Date

Reset Search

{{expandStatus?'Exit ':''}}Advanced Search

Journals A - Z

About Us

Publish with Us

Support

PDF (2.9 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

HEDMGame: Fragmentation-Aware Mitigation of Heterogeneous Edge DoS Attacks

Jie Pan^¹, Qiang He^²(

), Guangming Cui^³, Yiwen Zhang^¹(

), Yun Yang^⁴

1School of Computer Science and Technology, Anhui University, Hefei 230601, China

2School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China, and also with Department of Computing Technologies, Swinburne University of Technology, Melbourne, VIC 3122, Australia

3School of Software, Nanjing University of Information Science and Technology, Nanjing 210044, China

4Department of Computing Technologies, Swinburne University of Technology, Melbourne, VIC 3122, Australia

Show Author Information

Abstract

Mobile Edge Computing (MEC) is a pivotal technology that provides agile-response services by deploying computation and storage resources in proximity to end-users. However, resource-constrained edge servers fall victim to Denial-of-Service (DoS) attacks easily. Failures to mitigate DoS attacks effectively hinder the delivery of reliable and sustainable edge services. Conventional DoS mitigation solutions in cloud computing environments are not directly applicable in MEC environments because their design did not factor in the unique characteristics of MEC environments, e.g., constrained resources on edge servers and requirements for low service latency. Existing solutions mitigate edge DoS attacks by transferring user requests from edge servers under attacks to others for processing. Furthermore, the heterogeneity in end-users’ resource demands can cause resource fragmentation on edge servers and undermine the ability of these solutions to mitigate DoS attacks effectively. User requests often have to be transferred far away for processing, which increases the service latency. To tackle this challenge, this paper presents a fragmentation-aware gaming approach called HEDMGame that attempts to minimize service latency by matching user requests to edge servers’ remaining resources while making request-transferring decisions. Through theoretical analysis and experimental evaluation, we validate the effectiveness and efficiency of HEDMGame, and demonstrate its superiority over the state-of-the-art solution.

Keywords

edge Denial-of-Service (DoS) attacks heterogeneous requests dominant resource potential game

References

[1]

Y. C. Hu, M. Patel, D. Sabella, N. Sprecher, and V. Young, Mobile edge computing—A key technology towards 5G, https://docslib.org/doc/612752/mobile-edge-computing-a-key-technology-towards-5g, 2015.

[2]

P. Mach and Z. Becvar, Mobile edge computing: A survey on architecture and computation offloading, IEEE Commun. Surv. Tutor., vol. 19, no. 3, pp. 1628–1656, 2017.

Crossref Google Scholar

[3]

G. Mitsis, E. E. Tsiropoulou, and S. Papavassiliou, Price and risk awareness for data offloading decision-making in edge computing systems, IEEE Syst. J., vol. 16, no. 4, pp. 6546–6557, 2022.

Crossref Google Scholar

[4]

Y. Chen, K. Li, Y. Wu, J. Huang, and L. Zhao, Energy efficient task offloading and resource allocation in air-ground integrated MEC systems: A distributed online approach, IEEE Trans. Mob. Comput., vol. 23, no. 8, pp. 8129–8142, 2024.

Crossref Google Scholar

[5]

X. Xia, F. Chen, Q. He, J. Grundy, A. Mohamed, and H. Jin, Online collaborative data caching in edge computing, IEEE Trans. Parallel Distrib. Syst., vol. 32, no. 2, pp. 281–294, 2021.

Crossref Google Scholar

[6]

Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu, and W. Lv, Edge computing security: State of the art and challenges, Proc. IEEE, vol. 107, no. 8, pp. 1608–1631, 2019.

Crossref Google Scholar

[7]

P. Ranaweera, A. D. Jurcut, and M. Liyanage, Survey on multi-access edge computing security and privacy, IEEE Commun. Surv. Tutor., vol. 23, no. 2, pp. 1078–1124, 2021.

Crossref Google Scholar

[8]

Y. Al-Hadhrami and F. K. Hussain, DDoS attacks in IoT networks: A comprehensive systematic literature review, World Wide Web, vol. 24, no. 3, pp. 971–1001, 2021.

Crossref Google Scholar

[9]

CISCO, Cisco Edge-to-enterprise IoT analytics for electric utilities solution overview, https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/big-data/solution-overview-c22-740248.html, 2018.

[10]

M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the Mirai botnet, in Proc. 26^th USENIX Security Symposium (USENIX Security), Vancouver, Canada, 2017, pp. 1093–1110.

[11]

Q. He, G. Cui, X. Zhang, F. Chen, S. Deng, H. Jin, Y. Li, and Y. Yang, A game-theoretical approach for user allocation in edge computing environment, IEEE Trans. Parallel Distrib. Syst., vol. 31, no. 3, pp. 515–529, 2020.

Crossref Google Scholar

[12]

G. S. Kushwah and V. Ranga, Optimized extreme learning machine for detecting DDoS attacks in cloud computing, Comput. Secur., vol. 105, p. 102260, 2021.

Crossref Google Scholar

[13]

S. Yu, Y. Tian, S. Guo, and D. O. Wu, Can we beat DDoS attacks in clouds? IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 9, pp. 2245–2254, 2014.

Crossref Google Scholar

[14]

L. Gu, M. Cui, L. Xu, and X. Xu, Collaborative offloading method for digital twin empowered cloud edge computing on Internet of vehicles, Tsinghua Science and Technology, vol. 28, no. 3, pp. 433–451, 2023.

Crossref Google Scholar

[15]

Q. He, C. Wang, G. Cui, B. Li, R. Zhou, Q. Zhou, Y. Xiang, H. Jin, and Y. Yang, A game-theoretical approach for mitigating edge DDoS attack, IEEE Trans. Depend. Secur. Comput., vol. 19, no. 4, pp. 2333–2348, 2022.

Crossref Google Scholar

[16]

G. Cui, Q. He, X. Xia, F. Chen, and Y. Yang, EESaver: saving energy dynamically for green multi-access edge computing, IEEE Trans. Parallel Distrib. Syst., vol. 34, no. 7, pp. 2155–2166, 2023.

Crossref

[17]

J. Huang, B. Ma, M. Wang, X. Zhou, L. Yao, S. Wang, L. Qi, and Y. Chen, Incentive mechanism design of federated learning for recommendation systems in MEC, IEEE Trans. Consum. Electr., vol. 70, no. 1, pp. 2596–2607, 2024.

Crossref Google Scholar

[18]

Y. Chen, J. Xu, Y. Wu, J. Gao, and L. Zhao, Dynamic task offloading and resource allocation for NOMA-aided mobile edge computing: An energy efficient design, IEEE Trans. Serv. Comput., vol. 17, no. 4, pp. 1492–1503, 2024.

Crossref Google Scholar

[19]

G. Chen, Q. Wu, W. Chen, D. W. K. Ng, and L. Hanzo, IRS-aided wireless powered MEC systems: TDMA or NOMA for computation offloading? IEEE Trans. Wirel. Commun., vol. 22, no. 2, pp. 1201–1218, 2023.

Crossref

[20]

Z. Xiao, J. Shu, H. Jiang, J. C. S. Lui, G. Min, J. Liu, and S. Dustdar, Multi-objective parallel task offloading and content caching in D2D-aided MEC networks, IEEE Trans. Mob. Comput., pp. 1–16, 2022.

Crossref

[21]

J. Mirkovic and P. Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, pp. 39–53, 2004.

Crossref Google Scholar

[22]

L. Popa, N. Egi, S. Ratnasamy, and I. Stoica, Building extensible networks with rule-based forwarding, in Proc. 9th USENIX Symposium on Operating Systems Design and Implementations, Vancouver, Canada, 2010, pp. 379–392.

[23]

M. Hajimaghsoodi and R. Jalili, RAD: A statistical mechanism based on behavioral analysis for DDoS attack countermeasure, IEEE Trans. Inf. Forens. Secur., vol. 17, pp. 2732–2745, 2022.

Crossref

[24]

M. S. El Sayed, N.-A. Le-Khac, M. A. Azer, and A. D. Jurcut, A flow-based anomaly detection approach with feature selection method against DDoS attacks in SDNs, IEEE Trans. Cogn. Commun. Netw., vol. 8, no. 4, pp. 1862–1880, 2022.

Crossref Google Scholar

[25]

B. Hussain, Q. Du, B. Sun, and Z. Han, Deep learning-based DDoS-attack detection for cyber–physical system over 5G network, IEEE Trans. Ind. Inf., vol. 17, no. 2, pp. 860–870, 2021.

Crossref Google Scholar

[26]

I. Farris, T. Taleb, Y. Khettab, and J. Song, A survey on emerging SDN and NFV security mechanisms for IoT systems, IEEE Commun. Surv. Tutorials, vol. 21, no. 1, pp. 812–837, 2019.

Crossref Google Scholar

[27]

S. K. Fayaz, Y. Tobioka, V. Sekar, and M. Bailey, Bohatei: Flexible and elastic DDoS defense, in Proc. 24th USENIX Security Symposium (USENIX Security), Washington, DC, USA, 2015, pp. 817–832.

[28]

V. Olteanu, A. Agache, A. Voinescu, and C. Raiciu, Stateless datacenter load-balancing with beamer, in Proc. 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Renton, WA, USA, 2018, pp. 125–139.

[29]

N. K. Sharma, A. Kaufmann, T. E. Anderson, A. Krishnamurthy, J. Nelson, and S. Peter, Evaluating the power of flexible packet processing for network resource allocation, in Proc. 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, USA, 2017, pp. 67–82.

[30]

M. Zhang, G. Li, S. Wang, C. Liu, A. Chen, H. Hu, G. Gu, Q. Li, M. Xu, and J. Wu, Poseidon: Mitigating volumetric DDoS attacks with programmable switches, in Proc. 2020 Network and Distributed System Security Symp., San Diego, CA, USA, 2020.

Crossref

[31]

Z. Liu, H. Namkung, G. Nikolaidis, J. Lee, C. Kim, X. Jin, V. Braverman, M. Yu, and V. Sekar, Jaqen: A high-performance switchnative approach for detecting and mitigating volumetric DDoS attacks with programmable switches, https://www.usenix.org/conference/usenixsecurity21/presentation/liu-zaoxing, 2021.

[32]

J. Xing, W. Wu, and A. Chen, Ripple: A programmable, decentralized link-flooding defense against adaptive adversaries, https://www.usenix.org/conference/usenixsecurity21/presentation/xing, 2021.

[33]

Q. Zhang, R. Han, G. Xin, C. H. Liu, G. Wang, and L. Y. Chen, Lightweight and accurate DNN-based anomaly detection at edge, IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 11, pp. 2927−2942, 2022.

[34]

M. V. Ngo, T. Luo, H. Chaouchi, and T. Q. S. Quek, Contextual-bandit anomaly detection for IoT data in distributed hierarchical edge computing, in Proc. IEEE 40th Int. Conf. Distributed Computing Systems (ICDCS), Singapore, 2020, pp. 1227–1230.

Crossref

[35]

Y. Liu, H. Wang, X. Zheng, and L. Tian, An efficient framework for unsupervised anomaly detection over edge-assisted Internet of Things, ACM Trans. Sen. Netw., 2023.

Crossref

[36]

S. Myneni, A. Chowdhary, D. Huang, and A. Alshamrani, SmartDefense: A distributed deep defense against DDoS attacks with edge computing, Comput. Netw., vol. 209, p. 108874, 2022.

Crossref Google Scholar

[37]

H. Li, C. Yang, L. Wang, N. Ansari, D. Tang, X. Huang, Z. Xu, and D. Hu, A cooperative defense framework against application-level DDoS attacks on mobile edge computing services, IEEE Trans. Mob. Comput., vol. 22, no. 1, pp. 1–18, 2023.

Crossref Google Scholar

[38]

W. Wang, B. Li, and B. Liang, Dominant resource fairness in cloud computing systems with heterogeneous servers, in Proc. IEEE INFOCOM 2014 - IEEE Conf. Computer Communications, Toronto, Canada, 2014, pp. 583–591.

Crossref

[39]

A. Ghodsi, M. Zaharia, B. Hindman, A. Konwinski, S. Shenker, and I. Stoica, Dominant resource fairness: Fair allocation of multiple resource types, in Proc. Symposium on Network System Design and Implementation (NDSI), Boston, MA, USA, 2011.

[40]

J. Mohan, A. Phanishayee, J. Kulkarni, and V. Chidambaram, Looking beyond GPUs for DNN scheduling on Multi-Tenant clusters, in Proc. 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), Carlsbad, CA, USA, 2022, pp. 579–596.

[41]

D. Tang, X. Wang, X. Li, P. Vijayakumar, and N. Kumar, AKN-FGD: Adaptive kohonen network based fine-grained detection of LDoS attacks, IEEE Trans. Depend. Secur. Comput., vol. 20, no. 1, pp. 273–287, 2023.

Crossref

[42]

S. Khuri, T. Bäck, and J. Heitkötter, The zero/one multiple knapsack problem and genetic algorithms, in Proc. 1994 ACM Symp. on Applied computing - SAC ’94, Phoenix, AZ, USA, 1994, pp. 188–193.

Crossref

[43]

R. B. Myerson, Game Theory: Harvard University Press, https://www.hup.harvard.edu/books/9780674728615, 2013.

Crossref

[44]

G. Cui, Q. He, X. Xia, F. Chen, T. Gu, H. Jin, and Y. Yang, Demand response in NOMA-based mobile edge computing: A two-phase game-theoretical approach, IEEE Trans. Mob. Comput., vol. 22, no. 3, pp. 1449−1463, 2023.

[45]

A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, Non-gaussian and long memory statistical characterizations for Internet traffic with anomalies, IEEE Trans. Depend. Secur. Comput., vol. 4, no. 1, pp. 56–70, 2007.

Crossref Google Scholar

[46]

A. D. Keromytis, V. Misra, and D. Rubenstein, SOS: An architecture for mitigating DDoS attacks, IEEE J. Select. Areas Commun., vol. 22, no. 1, pp. 176–188, 2004.

Crossref

Tsinghua Science and Technology

Volume 30 Issue 4,
August 2025

Pages 1724-1743

DOI: 10.26599/TST.2024.9010061

Cite this article:

Pan J, He Q, Cui G, et al. HEDMGame: Fragmentation-Aware Mitigation of Heterogeneous Edge DoS Attacks. Tsinghua Science and Technology, 2025, 30(4): 1724-1743. https://doi.org/10.26599/TST.2024.9010061

Views

Downloads

Crossref

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 11 January 2024

Revised: 06 March 2024

Accepted: 20 March 2024

Published: 03 March 2025

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).