Edge computing (EC) has greatly facilitated the deployment of networked services with fast responses and low bandwidth, by deploying computing and storage at the network edge which is closer to the data sources. However, it is challenging to have the EC servers gain security protections like those in centralized data centers, making them more vulnerable to security attacks, especially distributed denial-of-service (DDoS) attacks. Existing detection approaches relying on the feedback from EC servers under the attacks can incur high bandwidth costs and service performance degradation. In this paper, we propose a new framework CoWatch for collaborative prediction and detection of DDoS Attacks in EC scenarios. Based on the distributed software-defined networking (SDN) architecture, CoWatch can collaboratively predict the DDoS attacks towards the EC servers and detect the attack flows in time. To efficiently filter the suspicious flows in distributed SDN, we devise an optimal threshold model by balancing the trade-off between collaboration efficiency and prediction effectiveness. We also explore and build on the LSTM model to design an algorithm for collaborative prediction and detection of DDoS Attacks. Experiment results on a number of datasets demonstrate the promising performance of CoWatch in effectiveness and efficiency.
Read full abstract