Cost-Based Placement of Virtualized Deep Packet Inspection Functions in SDN
作者: Mathieu Bouet , Jeremie Leguay , Vania Conan
关键词:
摘要: In today's IT systems, cyber security requires fine-grained, flexible, adaptable and cost optimized monitoring mechanisms. The emergence of new networking technologies, like Network Function Virtualization (NFV) Software Defined Networking (SDN), opens up venues for large scale adoption these tools. particular, Deep Packet Inspection (DPI) engines can be virtualized dynamically deployed as pieces software on commodity hardware. Deploying such DPI is costly in terms license fees power consumption. Designing effective engine deployment strategies that meet the cybersecurity operational constraints thus mandatory this approach. For purpose, we propose a method, based genetic algorithms, optimizes deployment, minimizing their number, global network load number unanalyzed flows. We conduct several experiments with different types traffic structures. results show method able to reach trade-off between load. Furthermore, reduced 58% when relaxing constraint used link capacity, provisioning rate.
sci-hub.se 参考文章(11)
Miroslav Marić, An Efficient Genetic Algorithm for Solving the Multi-Level Uncapacitated Facility Location Problem Computing and Informatics \/ Computers and Artificial Intelligence. ,vol. 29, pp. 183- 201 ,(2012)
Chen Gen-Huey, Hung Yung-Chen, Algorithms for the constrained quickest path problem and the enumeration of quickest paths Computers & Operations Research. ,vol. 21, pp. 113- 118 ,(1994) , 10.1016/0305-0548(94)90045-0
Kevin Phemius, Mathieu Bouet, Implementing OpenFlow-based resilient network services ieee international conference on cloud networking. pp. 212- 214 ,(2012) , 10.1109/CLOUDNET.2012.6483685
Francesco Gringoli, Alice Este, Luca Salgarelli, MTCLASS: Traffic classification on high-speed links with commodity hardware international conference on communications. pp. 1177- 1182 ,(2012) , 10.1109/ICC.2012.6363806
Dave Mcdysan, Software defined networking opportunities for transport IEEE Communications Magazine. ,vol. 51, pp. 28- 31 ,(2013) , 10.1109/MCOM.2013.6476862
Joe Wenjie Jiang, Tian Lan, Sangtae Ha, Minghua Chen, Mung Chiang, Joint VM placement and routing for data center traffic engineering international conference on computer communications. pp. 2876- 2880 ,(2012) , 10.1109/INFCOM.2012.6195719
Dmitry Drutskoy, Eric Keller, Jennifer Rexford, Scalable Network Virtualization in Software-Defined Networks IEEE Internet Computing. ,vol. 17, pp. 20- 27 ,(2013) , 10.1109/MIC.2012.144
Ofer Biran, Antonio Corradi, Mario Fanelli, Luca Foschini, Alexander Nus, Danny Raz, Ezra Silvera, A Stable Network-Aware VM Placement for Cloud Systems cluster computing and the grid. pp. 498- 506 ,(2012) , 10.1109/CCGRID.2012.119
Wendong Xiao, Boon Hee Soong, Choi Look Law, Yong Liang Guan, Evaluation of heuristic path selection algorithms for multi-constrained QoS routing international conference on networking, sensing and control. ,vol. 1, pp. 112- 116 ,(2004) , 10.1109/ICNSC.2004.1297418
Guohan Lu, Rui Miao, Yongqiang Xiong, Chuanxiong Guo, Using CPU as a traffic co-processing unit in commodity switches acm special interest group on data communication. pp. 31- 36 ,(2012) , 10.1145/2342441.2342448