Security function virtualization in software defined infrastructure

Submitted by grigby1 on Wed, 03/08/2017 - 2:38pm

Title	Security function virtualization in software defined infrastructure
Publication Type	Conference Paper
Year of Publication	2015
Authors	Yasrebi, P., Monfared, S., Bannazadeh, H., Leon-Garcia, A.
Conference Name	2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)
Publisher	IEEE
Keywords	Bandwidth, CAPEX, capital and operational expense, computer network security, deep packet inspection system, DPI system, honey-pot, Inspection, IP networks, network intrusion detection and prevention, OPEX, pubcrawl170114, SAVI SDI testbed, security, security attack, security function virtualization, security solution, Servers, Software, software defined infrastructure, software defined networking, virtualisation, virtualized network function, VNF, Whales
Abstract	In this paper we present an approach to implement security as a Virtualized Network Function (VNF) that is implemented within a Software-Defined Infrastructure (SDI). We present a scalable, flexible, and seamless design for a Deep Packet Inspection (DPI) system for network intrusion detection and prevention. We discuss how our design introduces significant reductions in both capital and operational expenses (CAPEX and OPEX). As proof of concept, we describe an implementation for a modular security solution that uses the SAVI SDI testbed to first detect and then block an attack or to re-direct it to a honey-pot for further analysis. We discuss our testing methodology and provide measurement results for the test cases where an application faces various security attacks.
URL	https://ieeexplore.ieee.org/document/7140374
DOI	10.1109/INM.2015.7140374
Citation Key	yasrebi_security_2015

Groups:

Science of Security VO