SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks

摘要

Evolution of smart cities induces critical challenges related to cyber and network security. The increased reliance of a smart city on Information and Communication Technologies (ICT) infrastructure improves automation, efficiency, and sustainability of city services. However, it also poses enormous challenges for ensuring continued operations and services at all times and especially under cyber-attacks. Any lapse in cyber security can lead to critical disaster across the city. Distributed Denial of Service (DDoS) attacks are considered to be the most predominant and prevalent cyber-attacks. We believe that smart city could consist of numerous applications with varying level of network and security requirements. Therefore, providing an adaptive mechanism against DDoS attacks for all applications in a smart city is a key challenge. Further, considering the wide-scale requirements of a smart city, developing an adaptive and flexible solution is a key requirement. Considering these requirements, this paper presents SEAL (SEcure and AgiLe) - a novel Software Defined Networking (SDN) based adaptive framework for protecting smart city applications against DDoS attacks. The SEAL framework leverages key characteristics of SDN such as the global visibility, centralized control, and programmability to enhance the security and resilience. SEAL is capable of effectively detecting and mitigating DDoS attacks not only on application servers but also on network resources. SEAL is also unique in this regard that it provides application specific DDoS attack security solution instead of static threshold mechanism. Moreover, inherently distributed architecture of the SEAL framework ensures fault tolerance, scalability and reliability of the smart city. The SEAL framework comprises three modules, namely D-Defense, A-Defense and C-Defense. These modules collectively provide a mechanism to detect and mitigate DDoS attack on smart city applications and the network infrastructure. Adaptability in SEAL is achieved through implementing customized version of estimated-weighted moving average (EWMA) filters. Three types of filters, Proactive Filter, Active Filter, and Passive Filter are proposed and implemented to compute the dynamic threshold in real time for various types of applications. Experimental evaluation of the SEAL framework has been conducted to establish the efficacy of the framework and its components in detecting and mitigating DDoS attacks. The results prove that SEAL is able to detect and mitigate DDoS attacks effectively. The focus of the SEAL framework is to protect smart city applications, however, the SEAL framework can potentially be utilized in a wide range of systems.