Policy-based Bigdata Security and QoS Framework for SDN/IoT: An Analytic Approach

Policy-based Bigdata Security and QoS Framework for SDN/IoT: An Analytic Approach

Table of Contents


With the explosive growth of the Internet of Things (IoT) using WiFi networks along with their huge data flows (especially Bigdata using TCP connections), the significant challenges are the application performance and network security. Big data comes in the form of varying volume, velocity, etc. and is very challenging to manage with traditional networks. Therefore, we advocate the Software-defined networking (SDN) paradigm in this paper. Using SDN, firstly, from a security perspective, we are able to diagnose Bigdata TCP streams that may come from both attack or non-attack sources. Secondly, when the Bigdata TCP streams come from legitimate sources, SDN can help in maintaining Quality of Service (QoS) to a particular flow or application. In this paper, we have proposed a Policy-based framework that maintains the security as well the flow specific QoS requirement in SDN enabled IoT network. In our network settings, we proposed an algorithm at WiFi Access Point (AP) or at a network edge router, to learn the incoming traffic from different Things and then take appropriate action/s based on the policies in place. A mathematical model is developed considering TCP CUBIC streams over WiFi networks to understand and evaluate our idea. Our extensive simulation results demonstrate how we jointly enhance the security and effectively maintain the desired QoS of the streams in real-time.

  • Author Keywords

    • Bigdata,
    • SDN networks,
    • IoT,
    • Security
  • IEEE Keywords

    • Security ,
    • Quality of service,
    • Wireless fidelity,
    • Microsoft Windows,
    • Computer architecture,
    • Analytical models,
    • Routing



Big data security is a term collectively used to collect, analyze, and measure the incoming data streams for many reasons including security and Quality of Service (QoS) to the individual applications [1]. In the Bigdata domain, it is challenging to investigate whether the surge of flow is coming from attack or non-attack sources. The Bigdata traffic, thus, may have both kinds of traffic flows. Thus, we observed two different cases in our research. In the first case, if the Bigdata TCP streams come from attack sources then network security is at potential risk, particularly due to traditional and limited computing capacity than the incoming flow rates. In the second case, if the BigdataTCP streams come in a surge of volume then to maintain the application-specific QoS is another big issue, the reason is the same as mentioned above in security case. Eventually, this further greatly impacts business costs which is a non-negotiable factor for industry [2], [3].

n the existing literature, there have been many solutions provided to address these issues. Authors in [4] introduced an architecture for security monitoring of local enterprise networks. This architecture integrates scalable distributed data storage and management and the data exploitation system.DNS data, NetFlow records, HTTP traffic, and honeypot data are mined and correlated in a distributed system that leverage state of the art big data solution. In [5], authors have implemented two metrics, relative entropy, and Pearson correlation, to dynamically detect anomalies in order to provide efficient and effective detection of anomalies.Researchers also used some filtering methods for anomaly detection or differentiate the attack traffic. Authors in [6] used two filtering models by using lexical features and descriptive features to detect nearly two million malicious URLs inBigdata domain. Ahmed et al. analyzed DDoS attacks on Hadoop models and checked Hadoop behavior during the DDoS attack and impact of DDoS in Hadoop different models [7].Further, researchers in SDN conclude that SDN has a strong potential to significantly enhance the performance of Bigdataapplications on extreme-scale networks [8], [9]. Researchers pointed out that the notion of IoT is to make use of protocols, most often TCP, for a broad range of things and convert them into smart objects (see [10] and references therein.). Therefore, to handle the influx of IoT-based (multiple TCP flows generated) Bigdata, new protocols, hardware, or technologies are required. In fact, Big data and IoT are closely knitted and we emphasize that SDN can solve many challenges in this coupled environment. Security in such a system is always at the forefront of researchers. IoT already has significant application domains such as shipping, health care, mining, etc. where the performance of the network or application is considered highly sensitive. With the aforementioned two major challenges we have proposed a novel architecture to guarantee security and QoS jointly.We have observed that traditional solutions have addressed these two issues separately. We present the attractive features of SDN, in IoT generated Bigdata streams, in order to defeat-ing security attacks and maintaining QoS issues. In a Bigdatadomain, from a security perspective, we have seen two distinct issues: securing the organization and its customer’s information in a Big Data context. In this paper, we focus on the secure routing of the flow. Also, we focus to maintain the QoS of the flow.In the first case, our objective in this paper is to detect the rate of incoming flow/s and divert the detected flow/s to the firewall for deep packet inspection. Further, if the volume of flows (from nonattack sources) is higher than the computing capacity of the network, then we propose an algorithm maintaining QoSof particular flow. We proposed a policy-based architecture control plane of SDN-IoT networks to accomplish our objective.The biggest advantages of jointly considering the security and QoS are a) our policy-based architecture, to detect an attack or nonattack traffic, provides a fine line between the legitimate use of the network services by a legitimate user, b) organizations have the right mechanisms in place to protect the network resources of being attacked. c) improving QoS, in our opinion, provide another line of defense before the network resources knocked down by the attackers by generating a surge of Bigdatastreams [11].Our idea can be implemented at any end, i.e., either at the wifi AP or at the control plane devices (example at SDNcontroller, etc.) at the control plane. Researchers can argue that the SDN controller is responsible for maintaining, storage, and taking necessary action on Big data, therefore, novel algorithms should be well placed at the controller. In counter-argument, as we have proposed our idea wifi AP or at the router level, we emphasize that our framework provides technical feasibility analysis of the Bigdata generated from the WiFi-enabled sensors for IoT. We nip the issues from the security side just at the level exactly from where the data originates. It will provide the first line of defense in the network.

Our contributions are highlighted below.1) We propose a policy-based high-level secure routing framework that jointly consider QoS and security. This is an early work in a secure Bigdata context for SDN-IoT.2) We develop a novel mathematical model of TCP CUBICtraffic over WiFi forming IoT network. We show that the attack traffic can be well mitigated at the entry point of the IoT network. In particular, a QoS based policy mechanism for IoT is proposed, which is compatible with the existing Internet protocols and WiFi standards.3) With relevant insights from the model, we design a simple algorithm at the WiFi APs and/or network routers that implement the proposed policy. The algorithm at the AP is evaluated with extensive experiments and simulations. Our aim is to show the feasibility of our simple and reasonable approach to alleviate the discussed issues. Further, it is worth noting that the idea proposed in the paper can only be regarded as proof of concept. The proposed solution therefore will be prototyped and tested on the real SDN-IoT platform in the future. The remaining part is organized as follows. Section II highlights our high level proposed framework. In Section III, we have discussed our network settings and in Section IV the analytic model is derived. Algorithm design is shown in Section V and Section VI discusses our results. Finally, in Section VII, we have concluded the paper.


In Bigdata context, where Bigdata streams come from IoT devices, a Policy-based algorithm in SDN/IoT network is proposed to jointly tackle security as well as the application-specific QoS requirement. The algorithm, at WiFi Access Pointer edge router, is able to diagnose Bigdata streams that may come from attack or non-attack sources. This further takes appropriate action/s based on the policies in place. A mathematical model is developed considering TCP CUBIC flows over WiFi networks to understand and evaluate our idea. The new insights from this work provide researchers to understand and tackle security and QoS requirements concurrently.

About KSRA

The Kavian Scientific Research Association (KSRA) is a non-profit research organization to provide research / educational services in December 2013. The members of the community had formed a virtual group on the Viber social network. The core of the Kavian Scientific Association was formed with these members as founders. These individuals, led by Professor Siavosh Kaviani, decided to launch a scientific / research association with an emphasis on education.

KSRA research association, as a non-profit research firm, is committed to providing research services in the field of knowledge. The main beneficiaries of this association are public or private knowledge-based companies, students, researchers, researchers, professors, universities, and industrial and semi-industrial centers around the world.

Our main services Based on Education for all Spectrum people in the world. We want to make an integration between researches and educations. We believe education is the main right of Human beings. So our services should be concentrated on inclusive education.

The KSRA team partners with local under-served communities around the world to improve the access to and quality of knowledge based on education, amplify and augment learning programs where they exist, and create new opportunities for e-learning where traditional education systems are lacking or non-existent.

FULL Paper PDF file:

Policy-based Bigdata Security and QoS Framework for SDN/IoT: An Analytic Approach



S. R. Pokhrel, K. Sood, S. Yu, and M. R. Nosouhi,




Policy-based Bigdata Security and QoS Framework for SDN/IoT: An Analytic Approach,

Publish in

IEEE INFOCOM 2019 – IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France, 2019, pp. 73-78, 



PDF reference and original file: Click here

+ posts

Somayeh Nosrati was born in 1982 in Tehran. She holds a Master's degree in artificial intelligence from Khatam University of Tehran.

Website | + posts

Professor Siavosh Kaviani was born in 1961 in Tehran. He had a professorship. He holds a Ph.D. in Software Engineering from the QL University of Software Development Methodology and an honorary Ph.D. from the University of Chelsea.

Website | + posts

Nasim Gazerani was born in 1983 in Arak. She holds a Master's degree in Software Engineering from UM University of Malaysia.