Umeå University's logo

The advent of crucial areas such as smart healthcare and autonomous transportation, bring in new requirements on the computing infrastructure, including higher demand for real-time processing capability with minimized latency and maximized availability. The traditional cloud infrastructure has several deficiencies when meeting such requirements due to its centralization. Edge clouds seems to be the solution for the aforementioned requirements, in which the resources are much closer to the edge devices and provides local computing power and high Quality of Service (QoS). However, there are still security issues that endanger the functionality of edge clouds. One of the recent types of such issues is Very Short Intermittent Distributed Denial of Service (VSI-DDoS) which is a new category of low-rate DDoS attacks that targets both small and large-scale web services. This attack generates very short bursts of HTTP request intermittently towards target services to encounter unexpected degradation of QoS at edge clouds. In this paper, we formulate the problem with a sequence modeling approach to address short intermittent intervals of DDoS attacks during the rendering of services on edge clouds using Long Short-Term Memory (LSTM) with local attention. The proposed approach ameliorates the detection performance by learning from the most important discernible patterns of the sequence data rather than considering complete historical information and hence achieves a more sophisticated model approximation. Experimental results confirm the feasibility of the proposed approach for VSI-DDoS detection on edge clouds and it achieves 2% more accuracy when compared with baseline methods.

Web application services and networks become a major target of low-rate Distributed Denial of Service (DDoS) attacks such as Very Short Intermittent DDoS (VSI-DDoS). These threats exploit the TCP congestion control mechanism to cause transient resource outage and impute delays for legitimate users’ requests, while they bypass the secure systems. Besides that, cross-layer VSI-DDoS attacks, where the performed attacks are towards the different layers of the edge cloud infrastructures, are able to cause violation of customers’ Service-Level Agreements (SLAs) with less visible behavioral patterns. In this work, we propose a novel Deep Ensemble Learning Approach named DELA for detection of cross-layer VSI-DDoS on the edge cloud. This approach is developed based on Long Short-Term Memory (LSTM), ensemble learning, and a new voting mechanism based on Feed-Forward Neural Network (FFNN). In addition, it employs a novel training and detection algorithm to combat such attacks in web services and networks. The model shows improved results due to the utilization of historical information in decision- making and also the usage of neural network as aggregator instead of a static threshold-based aggregation. Moreover, we propose a novel overlapped data chunking algorithm that is able to ameliorate the detection performance. Furthermore, the evaluation of DELA shows its superior performance over our testbed and benchmark datasets. Accordingly, DELA achieves on average 4.88% higher F 1 score compared to state-of-the-art methods.

Anomaly detection and resolution are crucial in edge clouds to ensure that distributed systems operate reliably and securely. This survey presents a comprehensive overview of anomaly detection and resolution strategies specifically designed for edge cloud environments, exploring their strengths, limitations, and applicability in different scenarios. It explores the unique challenges and characteristics of edge cloud systems, providing an in-depth analysis of existing works and tools. Evaluation metrics and datasets used by different methods are examined to provide insights into assessing the performance and efficacy of anomaly detection and resolution approaches. The paper concludes by identifying open challenges, future research directions, and offering practical recommendations, making it a valuable resource for researchers and practitioners involved in enhancing the reliability and security of edge cloud systems.

Edge cloud resources, just as many other computing resources, are prone to both performance and security anomalies due to their decentralized nature and real-time requirements for processing of data. Their behaviour initially observed as anomalous may, however, in many cases be rather generic and hard to detect. To be able to address such anomalies, it is instrumental to determine whether the anomaly is a "Security" threat or only a "Performance" concern. Therefore, in this paper, we develop an anomaly detection model capable of distinguishing between security and performance anomalies. The model is based on sequential modeling and Probabilistic Graphical Model (PGM), which leverage historical information and dependencies between previous predictions to classify future anomalies accurately. The evaluation of our proposed model shows its superior performance on our testbed and benchmark datasets. Accordingly, the model achieves an average 5%, and 3% higher F1 score compared to state-of-the-art methods in binary and multi-label anomaly detection cases, respectively. Moreover, our testing time analysis demonstrates the ability of the proposed model in early detection of such anomalies on the edge cloud.