跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.90) 您好!臺灣時間:2024/12/05 18:38
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:張維峻
研究生(外文):Wei-Chun Chang
論文名稱:邊緣計算的動態資源管理: 資安和應用體驗質量的權衡
論文名稱(外文):Edge Computing Dynamic Resource Management:Tradeoffs Between Security and Application QoE
指導教授:魏宏宇魏宏宇引用關係
指導教授(外文):Hung-Yu Wei
口試委員:謝宏昀曹孝櫟王志宇
口試委員(外文):Hung-Yun HsiehShiao-Li TsaoChih-Yu Wang
口試日期:2021-09-14
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:電信工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2021
畢業學年度:109
語文別:英文
論文頁數:71
中文關鍵詞:多接取邊緣運算分散式阻斷服務攻擊邊緣運算安全容器化管理容器化應用
外文關鍵詞:multi-access edge computingdistributed denial-of-serviceedge computing securitykubernetesdocker container
DOI:10.6342/NTU202103704
相關次數:
  • 被引用被引用:0
  • 點閱點閱:182
  • 評分評分:
  • 下載下載:38
  • 收藏至我的研究室書目清單書目收藏:0
由於5G和物聯網時代的發展,歐洲電信標準協會提出的行動邊緣運算,行動上網裝置透過異質性網路如智慧工廠網路和車載網路等可以低延遲的存取服務,此外,影音串流和線上遊戲的普及以及消耗網際網路半數以上的流量,因此,會有更多的邊緣運算伺服器部署在邊際網路以便卸載核心網路的流量,然而邊緣運算的伺服器因靠近接取裝置而更容易遭受攻擊,攻擊者可輕易透過多個受感染的物聯網裝置發動分散式阻斷服務攻擊,在此篇論文中,為了解決邊緣伺服器遇到的資安和資源管理的議題,我們提出邊緣計算的資源管理系統。首先,在行動運算的服務中加入安全防護、影音串流和線上遊戲的應用,透過入侵偵測和防禦系統緩解分散式阻斷服務攻擊,並設計資源分配的演算法去分配邊緣應用程式的資源,比較不同使用者情境和攻擊種類,去分析和探討在有限資源狀況下的不同模型的結果,實驗結果顯示在攻擊的狀態下,我們的系統透過邊緣運算的資源管理可以有效的改善使用者體驗。
With the advancement of the 5G network and Internet of Things (IoT) devices, Multiaccess Edge Computing (MEC) proposed by ETSI provides multiple devices to access with low latency through heterogeneous networks such as smart factories and vehicular networks. In addition, video streaming and online gaming have become more popular and consume more than half of the traffic on the internet. Thus, there will be more edge servers deployed on the edge of the network for offloading the core network. However, the edge server is more vulnerable because of its proximity to the user equipment (UE). Attackers can quickly launch distributed denial-of-service (DDoS) attacks with plenty of infected IoT devices. In this paper, we propose Tradeoffs Between Security and Application QoE (TBSA) system to solve the security and resource management problems on the edge server. First, we deploy network security, video streaming, and online gaming applications on the edge server. We use Intrusion Detection and Prevention Services (IDPS) to perform DDoS mitigation and design resource allocation algorithm to allocate the computing resources to the edge computing applications. Then, we compare different attack rates in the user scenarios and analyze multiple models under the resource limit condition. The experiments show that we can improve the Quality-of-Experience (QoE) of applications by edge computing resources management.
Verification Letter from the Oral Examination Committee i
Acknowledgements iii
摘要v
Abstract vii
Contents ix
List of Figures xiii
List of Tables xv
Chapter 1 Introduction 1
Chapter 2 Background 5
2.1 ETSI MEC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 IEEE P1935 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Edge Computing Security . . . . . . . . . . . . . . . . . . . . . . . 11
2.3.1 Edge Infrastructure Security . . . . . . . . . . . . . . . . . . . . . 11
2.3.2 Edge Network Security . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3.3 Edge Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3.4 Edge Application Security . . . . . . . . . . . . . . . . . . . . . . 16
ix
Chapter 3 Literature Review 19
3.1 DDoS mitigation on Edge Computing . . . . . . . . . . . . . . . . . 19
3.2 Resource Management on Edge Computing . . . . . . . . . . . . . . 20
3.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 4 System Overview 23
4.1 Intrusion Detection and Prevention System (IDPS) . . . . . . . . . . 23
4.1.1 Signature-based Detection . . . . . . . . . . . . . . . . . . . . . . 24
4.1.2 Anomaly-based Detection . . . . . . . . . . . . . . . . . . . . . . . 25
4.2 HTTP Live Streaming (HLS) . . . . . . . . . . . . . . . . . . . . . . 26
4.3 Cloud Gaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.4 Resource Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4.1 Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4.2 Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.3 Docker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.4 Kubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.5 System Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5.2 QoE Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.5.3 Resource Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 5 Experiment Results 45
5.1 Experiment Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2 Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 50
x
5.2.1 Performance of computing resources allocations on HLS and IDPS
under various DDoS attack rates . . . . . . . . . . . . . . . . . . . 51
5.2.2 Performance of computing resources allocations on Gaming and IDPS
under various DDoS attack rates . . . . . . . . . . . . . . . . . . . 53
5.2.3 Performance of computing resources allocations on HLS (1 HLS
user) and Gaming without IDPS under various DDoS attack rates . . 55
5.2.4 Performance of computing resources allocations on Gaming and HLS
(1 HLS user) with IDPS under various DDoS attack rates . . . . . . 57
5.2.5 Performance of computing resources allocations on HLS (20  HLS
users) and Gaming without IDPS under various DDoS attack rates . 59
5.2.6 Performance of computing resources allocations on Gaming and HLS
(20 HLS users) with IDPS under various DDoS attack rates . . . . . 61
Chapter 6 Conclusion 65
References 67
B. Ali, M. A. Gregory, and S. Li. Multi-Access Edge Computing Architecture,Data Security and Privacy: A Review. In IEEE Access, pages 18706–18721. IEEE, 2021.
K. Bhardwaj, J. C. Miranda, and A. Gavrilovska. Towards IoT-DDoS Prevention Using Edge Computing. In Workshop on Hot Topics in Edge Computing (HotEdge
18). USENIX, 2018.
W. Cai, R. Shea, C.-Y. Huang, K.-T. Chen, J. Liu, V. C. M. Leung, and C.-H. Hsu. A Survey on Cloud Gaming: Future of Computer Games. In IEEE Access. IEEE,2016.
K. Cao, Y. Liu, G. Meng, and Q. Sun. An Overview on Edge Computing Research. In IEEE Access, volume 8, pages 85714–85728. IEEE, 2020.
P. Chakraborty, S. Dev, and R. H. Naganur. Dynamic HTTP Live Streaming Method
for Live Feeds. In 2015 International Conference on Computational Intelligence and
Communication Networks (CICN). IEEE, 2015.
K.-T. Chen, Y.-C. Chang, P.-H. Tseng, C.-Y. Huang, and C.-L. Lei. Measuring the
Latency of Cloud Gaming Systems. In Proceedings of the 19th ACM international
conference on Multimedia, pages 1269–1272. ACM, 2011.
B. Chiang, Y.-H. Chao, C.-H. Hsu, C.-T. Chou, and H.-Y. Wei. Virtual Network Embedding with Dynamic Speed Switching Orchestration in Fog/Edge Network. In
IEEE Access, volume 8, pages 84753–84768. IEEE, 2020.
Y. Chiang, C.-H. Hsu, and H.-Y. Wei. Collaborative Social-Aware and QoEDriven Video Caching and Adaptation in Edge Network. In IEEE Transactions on Multimedia. IEEE, 2020.
COM/EdgeCloud-SC - Edge, Fog, Cloud Communications with IOT and Big Data Standards Committee. P1935 - standard for edge/fog manageability and orchestration.
N. Dao, D. Vu, Y. Lee, M. Park, and S. Cho. MAEC-X: DDoS Prevention Leveraging Multi-Access Edge Computing. In 2018 International Conference on Information Networking (ICOIN). IEEE, 2018.
Deepali and K. Bhushan. DDoS attack mitigation and Resource provisioning in Cloud using Fog Computing. In 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon). IEEE, 2017.
T. V. Doan, G. T. Nguyen, H. Salah, S. Pandi, M. Jarschel, and R. Pries. Containers vs Virtual Machines: Choosing the Right Virtualization Technology for Mobile Edge Cloud. In 2019 IEEE 2nd 5G World Forum (5GWF). IEEE, 2019.
D. Ermolenko, C. Kilicheva, A. Muthanna, and A. Khakimov. Internet of Things Services Orchestration Framework Based on Kubernetes and Edge Computing. In 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). IEEE, 2021.
ETSI. Multi-access Edge Computing (MEC); Framework and Reference Architecture.
In ETSI GS MEC 003 V2.1.1, 2019.
C.-Y. Huang, D.-Y. Chen, C.-H. Hsu, and K.-T. Chen. GamingAnywhere: an opensource cloud gaming testbed. In MM ’13: Proceedings of the 21st ACM international conference on Multimedia, volume 38, pages 827–830. ACM, 2013.
Y. Jia, F. Zhong, A. Alrawais, B. Gong, and X. Cheng. FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks. In IEEE Internet of Things Journal, volume 7, pages 9552–9562. IEEE, 2020.
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman. Survey of intrusion detection systems:techniques, datasets and challenges. In Cybersecurity, volume 2. SpringerOpen, 2019.
H. Li and L. Wang. Online Orchestration of Cooperative Defense against DDoS Attacks for 5G MEC. In 2018 IEEE Wireless Communications and Networking Conference (WCNC). IEEE, 2018.
F. Lin, Y. Zhou, X. An, I. You, and K. R. Choo. Fair Resource Allocation in an Intrusion-Detection System for Edge Computing. In IEEE Consumer Electronics Magazine. IEEE, 2018.
C. Liu, C. Huang, C. Tseng, Y. Yang, and L. Chou. Service Resource Management in Edge Computing Based on Microservices. In 2019 IEEE International Conference on Smart Internet of Things (SmartIoT). IEEE, 2019.
Y. Liu, S. Dey, D. Gillies, F. Ulupinar, and M. Luby. User Experience Modeling for
DASH Video. In 20th International Packet Video Workshop. ACM, 2013.
E. Marin-Tordera, X. Masip-Bruin, B. Otero, and E. Rodriguez. Virtualizing the Edge: Needs, Opportunities and Trends. In IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud). IEEE, 2018.
I. Mavridis and H. Karatza. Performance and Overhead Study of Containers Running on Top of Virtual Machines. In 2017 IEEE 19th Conference on Business Informatics(CBI). IEEE, 2017.
M. Pinson and S. Wolf. A new standardized method for objectively measuring video quality. In IEEE Transactions on Broadcasting. IEEE, 2004.
G. Potrino, F. D. Rango, and P. Fazio. A Distributed Mitigation Strategy against DoS attacks in Edge Computing. In 2019 Wireless Telecommunications Symposium (WTS). IEEE, 2019.
D. Rajan. Common Platform Architecture for Network Function. In IEEE
International Conference on Mobile Cloud Computing, Services, and Engineering
(MobileCloud) Virtualization Deployments. IEEE, 2016.
P. Ranaweera, V. N. Imrith, M. Liyanage, and A. D. Jurcut. Security as a Service
Platform Leveraging Multi-Access Edge Computing Infrastructure Provisions. In
ICC 2020 - 2020 IEEE International Conference on Communications (ICC). IEEE,
2020.
T. Sechkova, M. Paolino, and D. Raho. Virtualized Infrastructure Managers for edge computing: OpenVIM and OpenStack comparison. In 2018 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting (BMSB). IEEE,2018.
S. Singh and N. Singh. Containers and Docker: Emerging roles and future of Cloud technology. In 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT). IEEE, 2016.
J. Smith and R. Nair. The architecture of virtual machines. In Computer, volume 38,pages 32–38. IEEE, 2005.
X. Tan, H. Li, L. Wang, and Z. Xu. Global Orchestration of Cooperative Defense against DDoS Attacks for MEC. In 2019 IEEE Wireless Communications and Networking Conference (WCNC). IEEE, 2019.
Z. Tao, Q. Xia, Z. Hao, C. Li, L. Ma, S. Yi, and Q. Li. A Survey of Virtual Machine
Management in Edge Computing. In Proceedings of the IEEE, volume 107, pages
1482–1499. IEEE, 2019.
R. Tourani, A. Bos, S. Misra, and F. Esposito. Towards Security-as-a-Service in Multi-Access Edge. In SEC ’19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing, pages 358–363. ACM, 2019.
S. Wang and S. Dey. Modeling and Characterizing User Experience in a Cloud Server Based Mobile Gaming Approach. In GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference. IEEE, 2009.
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu, and W. Lv. Edge Computing Security: State of the Art and Challenges. In Proceedings of the IEEE, volume 107, pages 1608–1631. IEEE, 2020.
H. Zeyu, X. Geming, W. Zhaohang, and Y. Sen. Survey on Edge Computing Security. In IEEE International Conference on Big Data, Artificial Intelligence and Internet of Things Engineering (ICBAIE). IEEE, 2020.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top