Abstract
Software-defined networking (SDN) and optical transmission are the most cost-effective technologies for implementing high-bandwidth-based communication in the fog/cloud computing environment. The passive optical network uses optical line terminals and optical network units as optical edge devices (OEDs) to deliver fog/cloud-based services effectively. The security of such OEDs is one of the key issues for successful implementation of fog/cloud computing over the SDN-based optical network. The main security challenge is to detect and prevent the malicious OED that transmitting abusing data-frames in the SDN-based optical fog/cloud computing network. An OED can be easily hacked by the attacker to launch intrusive attacks those affect the quality of service of the optical channel. In this paper, a secure framework is proposed for identifying malicious OED in the fog/cloud computing over the SDN-based optical network. It identifies the malicious OED and shifts it to the honeypot to mitigate and analyze the attack. It uses two-stage hidden Markov model (HMM), intrusion detection system (IDS)-based fog manager and an optical virtual honeypot device (OVHD). A two-stage HMM is effectively used to reduce the false alarms of IDS in the identification of malicious OED and shifting it onto the OVHD. The OVHD is created in the SDN-based optical network by using the concept of free-available-resource and optical network virtualization. The proposed OVHD logs all malicious activities as well as attacker’s path for preventing future attacks. In order to validate the proposed framework, the simulation of two-stage HMM is implemented in MATLAB and mitigation impacts of the internal attacks are studied by using iFogSim toolkit. The results show the effectiveness of the proposed framework.
References
1. Satyanarayanan M, Simoens P, Xiao Y, Pillai P, Chen Z, Ha K, Hu W, Amos B. Edge analytics in the internet of things. IEEE Pervasive Comput. 2015;14:24–31.10.1109/MPRV.2015.32Search in Google Scholar
2. Dastjerdi AV, Buyya R. Fog computing: helping the internet of things realize its potential. Computer. 2016;49:112–116.10.1109/MC.2016.245Search in Google Scholar
3. Nunes BA, Mendonca M, Nguyen X-N, Obraczka K, Turletti T. A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun Surv Tutorials. 2014;16:1617–1634.10.1109/SURV.2014.012214.00180Search in Google Scholar
4. Yan Q, Yu FR, Gong Q, Li J. Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials. 2016;18:602–622.10.1109/COMST.2015.2487361Search in Google Scholar
5. Farhady H, Lee H, Nakao A. Software-defined networking: a survey. Computer Networks. 81:79–95, 2015.10.1016/j.comnet.2015.02.014Search in Google Scholar
6. Sood SK, Singh KD. An optical-fog assisted eeg-based virtual reality framework for enhancing e-learning through educational games. Comput Appl Eng Educ. 2018;1–12. DOI:10.1002/cae.21965Search in Google Scholar
7. Dye SM, Scarfone K. A standard for developing secure mobile applications. Comput Stand Interfaces. 2014;36:524–530.10.1016/j.csi.2013.09.005Search in Google Scholar
8. Banerjee A, Park Y, Clarke F, Song H, Yang S, Kramer G, Kim K, Mukherjee B. Wavelength-division-multiplexed passive optical network (wdm-pon) technologies for broadband access: a review. J Opt Networking. 2005;41:737–758.10.1364/JON.4.000737Search in Google Scholar
9. Keromytis AD, Stolfo SJ. Systems, methods, and media for generating bait information for trap-based defenses. 2014, uS Patent 8,819,825.Search in Google Scholar
10. Bonomi F, Milito R, Zhu J, Addepalli S. Fog computing and its role in the internet of things. In: Proceedings of the first edition of the MCC workshop on Mobile cloud computing, 13-16. ACM, 2012.10.1145/2342509.2342513Search in Google Scholar
11. Develder C, De Leenheer M, Dhoedt B, Pickavet M, Colle D, De Turck F, Demeester P. Optical networks for grid and cloud computing applications. Proc IEEE, 2012;100:1149–1167.10.1109/JPROC.2011.2179629Search in Google Scholar
12. Channegowda M, Nejabati R, Simeonidou D. Software-defined optical networks technology and infrastructure: Enabling software-defined optical network operations. J Opt Commun Networking. 2013;50:A274–A282.10.1364/JOCN.5.00A274Search in Google Scholar
13. Jalali F, Hinton K, Ayre R, Alpcan T, Tucker RS. Fog computing may help to save energy in cloud computing. IEEE J Sel Areas Commun. 2016;34:1728–1739.10.1109/JSAC.2016.2545559Search in Google Scholar
14. Yang H, Zhang J, Ji Y, Tan Y, Lin Y, Han J, Lee Y. Performance evaluation of data center service localization based on virtual resource migration in software defined elastic optical network. Opt Express. 2015;238:23 059–23 071.10.1364/OE.23.023059Search in Google Scholar PubMed
15. Satyanarayanan M. The emergence of edge computing. Computer. 2017;50:30–39.10.1109/MC.2017.9Search in Google Scholar
16. Sood SK, Singh KD. SNA based resource optimization in optical network using fog and cloud computing. Opt Switching Networking. 2017. DOI:10.1016/j.osn.2017.12.007.Search in Google Scholar
17. Stojmenovic I, Wen S. The fog computing paradigm: Scenarios and security issues. in Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on:1–8, IEEE, 2014.Search in Google Scholar
18. A. Harris, M. K. Al Akkoumi, and J. J. Sluss. A comparison of passive optical network security. In Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009, vol. 7344, International Society for Optics and Photonics, 2009.Search in Google Scholar
19. Sohal AS, Sandhu R, Sood SK, Chang V. A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments. Comput Secur. 2017. DOI:https://doi.org/10.1016/j.cose.2017.08.016.Search in Google Scholar
20. Contreras LM, López V, De Dios OG, Tovar A, Muñoz F, Azañón A, Fernandez-Palacios JP, Folgueira J. Toward cloud-ready transport networks. IEEE Commun Mag. 2012;50:48–55.10.1109/MCOM.2012.6295711Search in Google Scholar
21. Stolfo SJ, Salem MB, Keromytis AD. Fog computing: mitigating insider data theft attacks in the cloud. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW), 125-128. IEEE, 2012.Search in Google Scholar
22. Ni J, Zhang K, Lin X, Shen X. Securing fog computing for internet of things applications: Challenges and solutions. IEEE Commun Surv Tutorials. 2017;20:601–628.10.1109/COMST.2017.2762345Search in Google Scholar
23. Yan Q, Huang W, Luo X, Gong Q, Yu FR. A multi-level ddos mitigation framework for the industrial internet of things. IEEE Commun Mag. 2018;56:30–36.10.1109/MCOM.2018.1700621Search in Google Scholar
24. An X, Zhou X, Lü X, Lin F, Yang L. Sample selected extreme learning machine based intrusion detection in fog computing and mec. Wirel Commun Mobile Comput. 2018. DOI:https://doi.org/10.1155/2018/7472095.Search in Google Scholar
25. Li G, Wu J, Li J, Guan Z, Guo L. Fog computing-enabled secure demand response for internet of energy against collusion attacks using consensus and ace. IEEE Access. 2018;6:11278–11 288.10.1109/ACCESS.2018.2799543Search in Google Scholar
26. Fok MP, Wang Z, Deng Y, Prucnal PR. Optical layer security in fiber-optic networks. IEEE Trans Inf Forensics Secur. 2011;6:725–736.10.1109/TIFS.2011.2141990Search in Google Scholar
27. Peng S, Nejabati R, Simeonidou D. Role of optical network virtualization in cloud computing. J Opt Commun Networking. 2013;50:162–170.10.1364/JOCN.5.00A162Search in Google Scholar
28. Horvath T, Malina L, Munster P. On security in gigabit passive optical networks. In: 2015 International Workshop on Fiber Optics in Access Network (FOAN), 51-55. IEEE, 2015.10.1109/FOAN.2015.7320479Search in Google Scholar
29. Hu X, Yang X, Shen Z, He H, Hu W, Bai C. Chaos-based partial transmit sequence technique for physical layer security in ofdm-pon. IEEE Photonics Technol Lett. 2015;273:2429–2432.10.1109/LPT.2015.2466092Search in Google Scholar
30. Zhang H, Wang Y, Chen H, Zhao Y, Zhang J. Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks. Opt Fiber Technol. 2017;39:37–42.10.1016/j.yofte.2017.09.023Search in Google Scholar
31. Gill HS, Gill SS, Bhatia KS. A novel approach for physical layer security in future-generation passive optical networks. Photonic Network Commun 2017;1–10.10.1007/s11107-017-0738-4Search in Google Scholar
32. Lim K, Ko H, Suh C, Rhee J-K. Security analysis of quantum key distribution on passive optical networks. Optics Express. 2017;250:11894–11 909.10.1364/OE.25.011894Search in Google Scholar PubMed
33. Hu F, Hao Q, Bao K. A survey on software-defined network and openflow: From concept to implementation. IEEE Commun Surv Tutorials. 2014;16:2181–2206.10.1109/COMST.2014.2326417Search in Google Scholar
34. Ifogsim Available at: https://air.imag.fr/index.php/IFogSim. Accessed: 25 May 2018.Search in Google Scholar
© 2018 Walter de Gruyter GmbH, Berlin/Boston
