Dynamic Defense Provision via Network Functions Virtualization
作者: Younghee Park , Pritesh Chandaliya , Akshaya Muralidharan , Nikash Kumar , Hongxin Hu
关键词:
摘要: Network Function Virtualization (NFV) is a critical part of new defense paradigm providing high flexibility at lower cost through software-based virtual instances. Despite the promise NFV, original Intrusion Detection System (IDS) designed for NFV still draws heavily on processing power and requires significant CPU resources. In this paper, we provide framework dynamic provision by building in light intrusion detection network functions (NFs) over NFV. Without using existing IDSes, our system constructs chain The entire IDS broken down into separate according to different protocols. NFs cover various protocol stacks from link layer application They also include deep packet inspection experimental results show proposed reduces resource consumption while performing valid functions.
sci-hub.se 参考文章(17)
Costin Raiciu, Vladimir Olteanu, Michio Honda, Roberto Bifulco, Mohamed Ahmed, Felipe Huici, Joao Martins, ClickOS and the art of network function virtualization networked systems design and implementation. pp. 459- 473 ,(2014) , 10.5555/2616448.2616491
Seyed Kaveh Fayaz, Yoshiaki Tobioka, Vyas Sekar, Michael Bailey, None, Bohatei: flexible and elastic DDoS defense usenix security symposium. ,vol. 2015, pp. 817- 832 ,(2015)
Timothy Wood, K. K. Ramakrishnan, Jinho Hwang, Grace Liu, Wei Zhang, Toward a software-based network: integrating software defined networking and network function virtualization IEEE Network. ,vol. 29, pp. 36- 41 ,(2015) , 10.1109/MNET.2015.7113223
Taekhee Kim, Taehwan Koo, Eunkyoung Paik, SDN and NFV benchmarking for performance and reliability asia pacific network operations and management symposium. pp. 600- 603 ,(2015) , 10.1109/APNOMS.2015.7275403
Anat Bremler-Barr, Yotam Harchol, David Hay, Yaron Koral, Deep Packet Inspection as a Service conference on emerging network experiment and technology. pp. 271- 282 ,(2014) , 10.1145/2674005.2674984
Konglong Tang, Yong Wang, Hao Liu, Yanxiu Sheng, Xi Wang, Zhiqiang Wei, Design and Implementation of Push Notification System Based on the MQTT Protocol Proceedings of the 2013 International Conference on Information Science and Computer Applications (ISCA 2013). pp. 116- 119 ,(2013) , 10.2991/ISCA-13.2013.20
Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, Ziming Zhao, FLOWGUARD: building robust firewalls for software-defined networks acm special interest group on data communication. pp. 97- 102 ,(2014) , 10.1145/2620728.2620749
Laxmana Rao Battula, Network Security Function Virtualization(NSFV) towards Cloud computing with NFV Over Openflow infrastructure: Challenges and novel approaches. advances in computing and communications. pp. 1622- 1628 ,(2014) , 10.1109/ICACCI.2014.6968453
M. Vijayalakshmi, S. Mercy Shalinie, A. Arun Pragash, IP traceback system for network and application layer attacks international conference on recent trends in information technology. pp. 439- 444 ,(2012) , 10.1109/ICRTIT.2012.6206778
S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, E. Knightly, DDoS-shield: DDoS-resilient scheduling to counter application layer attacks IEEE ACM Transactions on Networking. ,vol. 17, pp. 26- 39 ,(2009) , 10.1109/TNET.2008.926503