Towards Effective Virtualization of Intrusion Detection Systems
| Title | Towards Effective Virtualization of Intrusion Detection Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Zhang, Nuyun, Li, Hongda, Hu, Hongxin, Park, Younghee |
| Conference Name | Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4908-6 |
| Keywords | composability, Human Behavior, Intrusion Detection Systems, Metrics, microservices, network function virtualization, privacy, pubcrawl, resilience, Resiliency, virtualization privacy |
| Abstract | Traditional Intrusion Detection Systems (IDSes) are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. Emerging Network Function Virtualization (NFV) technology can virtualize IDSes and elastically scale them to deal with attack traffic variations. However, existing NFV solutions treat a virtualized IDS as a monolithic piece of software, which could lead to inflexibility and significant waste of resources. In this paper, we propose a novel approach to virtualize IDSes as microservices where the virtualized IDSes can be customized on demand, and the underlying microservices could be shared and scaled independently. We also conduct experiments, which demonstrate that virtualizing IDSes as microservices can gain greater flexibility and resource efficiency. |
| URL | http://doi.acm.org/10.1145/3040992.3041004 |
| DOI | 10.1145/3040992.3041004 |
| Citation Key | zhang_towards_2017 |