Fog‐SDN: A light mitigation scheme for DDoS attack in fog computing framework

Summary Cloud computing is one of the most tempting technologies in today's computing scenario as it provides a cost‐efficient solutions by reducing the large upfront cost for buying hardware infrastructures and computing power. Fog computing is an added support to cloud environment by leveraging with doing some of the less compute intensive task to be done at the edge devices, which reduces the response time for end user computing. But the vulnerabilities to these systems are still a big concern. Among several security needs, availability is one that makes the demanded services available to the targeted customers all the time. Availability is often challenged by external attacks like Denial of service (DoS) and distributed denial of service (DDoS). This paper demonstrates a novel source‐based DDoS mitigating schemes that could be employed in both fog and cloud computing scenarios to eliminate these attacks. It deploys the DDoS defender module which works on a machine learning–based light detection method, present at the SDN controller. This scheme uses the network traffic data to analyze, predict, and filter incoming data, so that it can send the filtered legitimate packets to the server and blocking the rest. In this work, a source‐based defense scheme is proposed that could be used in fog, as well as in the cloud setup, to avoid DDoS attack. The defense module has been built in the SDN controller. The mentioned work presents an Ensemble machine learning (ML)–based light detection method by beforehand analyzing the packet characteristics and using an appropriate ML model, which gives better detection rate and processing rate.