@Article{cmc.2020.011758,
AUTHOR = {Rashid Amin, Mudassar Hussain, Mohammed Alhameed, Syed Mohsan Raza, Fathe Jeribi, Ali Tahir},
TITLE = {Edge-Computing with Graph Computation: A Novel Mechanism  to Handle Network Intrusion and Address Spoofing in SDN},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {65},
YEAR = {2020},
NUMBER = {3},
PAGES = {1869--1890},
URL = {http://www.techscience.com/cmc/v65n3/40144},
ISSN = {1546-2226},
ABSTRACT = {Software Defined Networking (SDN) being an emerging network control model 
is widely recognized as a control and management platform. This model provides efficient 
techniques to control and manage the enterprise network. Another emerging paradigm is 
edge computing in which data processing is performed at the edges of the network instead 
of a central controller. This data processing at the edge nodes reduces the latency and 
bandwidth requirements. In SDN, the controller is a single point of failure. Several security 
issues related to the traditional network can be solved by using SDN central management 
and control. Address Spoofing and Network Intrusion are the most common attacks. These 
attacks severely degrade performance and security. We propose an edge computing-based 
mechanism that automatically detects and mitigates those attacks. In this mechanism, an 
edge system gets the network topology from the controller and the Address Resolution 
Protocol (ARP) traffic is directed to it for further analysis. As such, the controller is saved 
from unnecessary processing related to addressing translation. We propose a graph 
computation based method to identify the location of an attacker or intruder by 
implementing a graph difference method. By using the correct location information, the 
exact attacker or intruder is blocked, while the legitimate users get access to the network 
resources. The proposed mechanism is evaluated in a Mininet simulator and a POX 
controller. The results show that it improves system performance in terms of attack 
mitigation time, attack detection time, and bandwidth requirements.},
DOI = {10.32604/cmc.2020.011758}
}