{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T16:41:17Z","timestamp":1776530477236,"version":"3.51.2"},"reference-count":58,"publisher":"Wiley","issue":"5","license":[{"start":{"date-parts":[[2019,11,8]],"date-time":"2019-11-08T00:00:00Z","timestamp":1573171200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Softw Pract Exp"],"published-print":{"date-parts":[[2020,5]]},"abstract":"<jats:title>Summary<\/jats:title><jats:p>Currently, core networking architectures are facing disruptive developments, due to emergence of paradigms such as Software\u2010Defined\u2010Networking (SDN) for control, Network Function Virtualization (NFV) for services, and so on. These are the key enabling technologies for future applications in 5G and locality\u2010based Internet of things (IoT)\/wireless sensor network services. The proliferation of IoT devices at the Edge networks is driving the growth of <jats:italic>all\u2010connected<\/jats:italic> world of Internet traffic. In the <jats:italic>Cloud\u2010to\u2010Things<\/jats:italic> continuum, processing of information and data at the Edge mandates development of security best practices to arise within a fog computing environment. Service providers are transforming their business using NFV\u2010based services and SDN\u2010enabled networks. The SDN paradigm offers an easily programmable model, global view, and control for modern networks, which demand faster response to security incidents and dynamically enforce countermeasures to intrusions and cyberattacks. This article proposes an autonomic multilayer security framework called <jats:italic>Distributed Threat Analytics and Response System (DTARS)<\/jats:italic> for a converged architecture of Fog\/Edge computing and SDN infrastructures, for emerging applications in IoT and 5G networks. The major detection scheme is deployed within the data plane, consisting of a coarse\u2010grained behavioral, anti\u2010spoofing, flow monitoring and fine\u2010grained traffic multi\u2010feature entropy\u2010based algorithms. We developed exemplary defense applications under DTARS framework, on a malware testbed imitating the real\u2010life DDoS\/botnets such as Mirai. The experiments and analysis show that DTARS is capable of detecting attacks in real\u2010time with accuracy more than 95% under attack intensities up to 50\u2009000 packets\/s. The benign traffic forwarding rate remains unaffected with DTARS, while it drops down to 65% with traditional NIDS for advanced DDoS attacks. Further, DTARS achieves this performance without incurring additional latency due to data plane overhead.<\/jats:p>","DOI":"10.1002\/spe.2761","type":"journal-article","created":{"date-parts":[[2019,11,8]],"date-time":"2019-11-08T19:10:28Z","timestamp":1573240228000},"page":"757-800","update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":37,"title":["SDN\/NFV security framework for fog\u2010to\u2010things computing infrastructure"],"prefix":"10.1002","volume":"50","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6702-112X","authenticated-orcid":false,"given":"Prabhakar","family":"Krishnan","sequence":"first","affiliation":[{"name":"Amrita Center for Cybersecurity Systems and Networks Amrita Vishwa Vidyapeetham  Amritapuri India"}]},{"given":"Subhasri","family":"Duttagupta","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering Amrita Vishwa Vidyapeetham  Amritapuri India"}]},{"given":"Krishnashree","family":"Achuthan","sequence":"additional","affiliation":[{"name":"Amrita Center for Cybersecurity Systems and Networks Amrita Vishwa Vidyapeetham  Amritapuri India"}]}],"member":"311","published-online":{"date-parts":[[2019,11,8]]},"reference":[{"key":"e_1_2_14_2_1","doi-asserted-by":"crossref","unstructured":"BonomiF MilitoR ZhuJ AddepalliS.Fog computing and its role in the internet of things. In: Proceedings of the first edition of the MCC Workshop on Mobile Cloud Computing.2012;Helsinki Finland.https:\/\/doi.org\/10.1145\/2342509.2342513","DOI":"10.1145\/2342509.2342513"},{"key":"e_1_2_14_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2677046.2677052"},{"key":"e_1_2_14_4_1","unstructured":"ETSI ISG.Network Functions Virtualization (NFV): Introductory White Paper Virtualization Requirements.2014."},{"key":"e_1_2_14_5_1","unstructured":"Open Networking Foundation (ONF).Software\u2010Defined Networking: The New Norm for Networks White Paper.2014."},{"key":"e_1_2_14_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_2_14_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2330903"},{"key":"e_1_2_14_8_1","doi-asserted-by":"crossref","unstructured":"BragaR MotaE PassitoA.Lightweight DDoS flooding attack detection using NOX\/OpenFlow. In: Proceedings of the IEEE Local Computer Network Conference;2010;Denver Colorado.","DOI":"10.1109\/LCN.2010.5735752"},{"key":"e_1_2_14_9_1","unstructured":"FayazSK TobiokaY SekarV BaileyM.Bohatei: flexible and elastic DDoS defense. In: Proceedings of Usenix Security;2015;Washington DC."},{"key":"e_1_2_14_10_1","unstructured":"LevinD CaniniM SchmidS SchaffertF FeldmannA.Panopticon: reaping the benefits of incremental SDN deployment in enterprise networks. In: Proceedings of USENIX ATC;2014;Philadelphia PA."},{"key":"e_1_2_14_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.bjp.2013.10.014"},{"key":"e_1_2_14_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.07.008"},{"key":"e_1_2_14_13_1","doi-asserted-by":"crossref","unstructured":"ZhouL GuoH.Applying NFV\/SDN in mitigating DDoS attacks. Paper presented at: 2017 IEEE Region 10 Conference;Penang Malaysia;2017.","DOI":"10.1109\/TENCON.2017.8228200"},{"key":"e_1_2_14_14_1","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/9649643"},{"key":"e_1_2_14_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.04.005"},{"key":"e_1_2_14_16_1","doi-asserted-by":"crossref","unstructured":"ShinS YegneswaranV PorrasP GuG.AVANT\u2010 GUARD: scalable and vigilant switch flow management in software\u2010defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security;2013;Berlin Germany.","DOI":"10.1145\/2508859.2516684"},{"key":"e_1_2_14_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2016.2626287"},{"key":"e_1_2_14_18_1","doi-asserted-by":"crossref","unstructured":"KrishnanP NajeemJS AchuthanK.SDN framework for securing IoT networks International Conference on Ubiquitous Communications and Network Computing pp.116\u2010129.Springer Cham 2017.","DOI":"10.1007\/978-3-319-73423-1_11"},{"issue":"8","key":"e_1_2_14_19_1","first-page":"93","article-title":"A review of security threats and mitigation solutions for SDN stack","volume":"115","author":"Krishnan P","year":"2017","journal-title":"Int J Pure Appl Math"},{"key":"e_1_2_14_20_1","doi-asserted-by":"crossref","unstructured":"RaghunathK PrabhakarK.Towards a secure SDN architecture 9th International Conference on Computing Communication and Networking Technologies (ICCCNT);2018;Bangalore India.","DOI":"10.1109\/ICCCNT.2018.8494043"},{"key":"e_1_2_14_21_1","unstructured":"KrishnanP AchuthanK.Managing Network Functions in Stateful Application Aware SDN 6th International Symposium on Security in Computing and Communications (2018) Springer Communications in Computer and Information Science Series (CCIS) ISSN: 1865:0929."},{"key":"e_1_2_14_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2009.2026415"},{"key":"e_1_2_14_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1384609.1384625"},{"key":"e_1_2_14_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.11.022"},{"key":"e_1_2_14_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.05.008"},{"key":"e_1_2_14_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.10.011"},{"key":"e_1_2_14_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.04.007"},{"key":"e_1_2_14_28_1","doi-asserted-by":"crossref","unstructured":"FlauzacO Gonz\u00e1lezC HachaniA NolotF.SDN based architecture for IoT and improvement of the security. Paper presented at: 2015 29th International Conference on Advanced Information Networking and Applications Workshops;2015;Gwangju South Korea.","DOI":"10.1109\/WAINA.2015.110"},{"key":"e_1_2_14_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2685596"},{"key":"e_1_2_14_30_1","doi-asserted-by":"crossref","unstructured":"YuT SekarV SeshanS AgarwalY XuC.Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet\u2010of\u2010Things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks;2015;Atlanta GA.","DOI":"10.1145\/2834050.2834095"},{"key":"e_1_2_14_31_1","doi-asserted-by":"crossref","unstructured":"ChakrabartyS EngelsDW ThathapudiS.Black SDN for the Internet of Things. Paper presented at: 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems;2015;Dallas TX.","DOI":"10.1109\/MASS.2015.100"},{"key":"e_1_2_14_32_1","doi-asserted-by":"crossref","unstructured":"BasileC LioyA PitscheiderC ValenzaF ValliniM.A novel approach for integrating security policy enforcement with dynamic network virtualization. In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft);2015;London UK.","DOI":"10.1109\/NETSOFT.2015.7116152"},{"key":"e_1_2_14_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2767608"},{"key":"e_1_2_14_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2017.26"},{"key":"e_1_2_14_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2685596"},{"key":"e_1_2_14_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2018.1700908"},{"key":"e_1_2_14_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-018-0663-z"},{"key":"e_1_2_14_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1096536.1096541"},{"key":"e_1_2_14_39_1","unstructured":"OS Specification. Version 1.0. 0 (wire protocol 0x01).Open Network Foundation.2009."},{"key":"e_1_2_14_40_1","unstructured":"GuoZ HuiS XuY ChaoHJ.Dynamic flow scheduling for power\u2010efficient data center networks. Paper presented at: 2016 IEEE\/ACM 24th International Symposium on Quality of Service (IWQoS);2016;Beijing China."},{"key":"e_1_2_14_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-64653-4_7"},{"key":"e_1_2_14_42_1","unstructured":"BerniniG GiardinaPG CarrozzoG et al.Combined NFV and SDN Applications for mitigation of cyber\u2010attacks conducted by Botnets in 5G mobile networks. Paper presented at: ICN 2017: The 16th International Conference on Networks;2017;Venice Italy."},{"key":"e_1_2_14_43_1","article-title":"A taxonomy of SDN\u2010enabled cloud computing","author":"Son J","year":"2017","journal-title":"ACM Comput Surv"},{"key":"e_1_2_14_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1851275.1851224"},{"key":"e_1_2_14_45_1","doi-asserted-by":"crossref","unstructured":"WangR JiaZ JuL.An entropy\u2010based distributed DDoS detection mechanism in software\u2010defined networking. Paper presented at: 2015 IEEE Trustcom\/BigDataSE\/ISPA;2015;Helsinki Finland.","DOI":"10.1109\/Trustcom.2015.389"},{"key":"e_1_2_14_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2018.2869997"},{"key":"e_1_2_14_47_1","doi-asserted-by":"crossref","unstructured":"KalkanK G\u00fcrG Alag\u00f6zF.SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. Paper presented at: 2017 IEEE Symposium on Computers and Communications (ISCC);2017;Heraklion Greece.","DOI":"10.1109\/ISCC.2017.8024605"},{"key":"e_1_2_14_48_1","unstructured":"JacksonEJ WallsM PandaA et al.SoftFlow: a middlebox architecture for Open vSwitch. Paper presented at: USENIX Annual Technical Conference (USENIX ATC'16);2016;Denver CO."},{"key":"e_1_2_14_49_1","unstructured":"ChaignonP LazriK Fran\u00e7oisJ DelmasT FestorO.Oko: Extending Open vSwitch with Stateful Filters. In: Proceedings of the Symposium on SDN Research;2018;Los Angeles CA."},{"key":"e_1_2_14_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2602204.2602211"},{"key":"e_1_2_14_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2017.2726550"},{"key":"e_1_2_14_52_1","doi-asserted-by":"crossref","unstructured":"MekkyH HaoF MukherjeeS ZhangZ\u2010L LakshmanTV.Application\u2010aware data plane processing in SDN. In: Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking (HotSDN'14);2014;New York NY.","DOI":"10.1145\/2620728.2620735"},{"issue":"3","key":"e_1_2_14_53_1","first-page":"1725","article-title":"A survey on the security of Stateful SDN data planes","volume":"19","author":"Dargahi T","year":"2015","journal-title":"IEEE Commun Surv Tutor"},{"key":"e_1_2_14_54_1","unstructured":"ShaghaghiA KaafarMA BuyyaR JhaS.Software\u2010Defined Network (SDN) Data Plane Security: Issues Solutions and Future Directions. arXiv preprint arXiv:1804.00262.2018."},{"key":"e_1_2_14_55_1","unstructured":"BernsteinDJ.Syn cookies. Web Document. Retrieved January2013.http:\/\/cr.yp.to\/syncookies.html"},{"key":"e_1_2_14_56_1","unstructured":"Anna\u2010Senpai. Mirai BotNet.https:\/\/github.com\/jgamblin\/Mirai-Source-Code"},{"key":"e_1_2_14_57_1","unstructured":"Open Virtual Network Project.https:\/\/www.openvswitch.org\/"},{"key":"e_1_2_14_58_1","doi-asserted-by":"crossref","unstructured":"AfekY Bremler\u2010BarrA ShafirL.Network anti\u2010spoofing with SDN data plane. Paper presented at: IEEE INFOCOM 2017 \u2010 IEEE Conference on Computer Communications;2017;Atlanta GA.","DOI":"10.1109\/INFOCOM.2017.8057008"},{"key":"e_1_2_14_59_1","doi-asserted-by":"crossref","unstructured":"LimS HaJ KimH KimY YangS.A SDN\u2010oriented DDoS blocking scheme for botnet\u2010based attacks. Paper presented at: 2014 6th International Conference on Ubiquitous and Future Networks (ICUFN);2014;Shanghai China.","DOI":"10.1109\/ICUFN.2014.6876752"}],"container-title":["Software: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fspe.2761","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.2761","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/spe.2761","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.2761","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,6]],"date-time":"2023-09-06T17:47:10Z","timestamp":1694022430000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spe.2761"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,8]]},"references-count":58,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,5]]}},"alternative-id":["10.1002\/spe.2761"],"URL":"https:\/\/doi.org\/10.1002\/spe.2761","archive":["Portico"],"relation":{},"ISSN":["0038-0644","1097-024X"],"issn-type":[{"value":"0038-0644","type":"print"},{"value":"1097-024X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,11,8]]},"assertion":[{"value":"2018-08-04","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-08-12","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}