Adaptive Network Security Service Orchestration Based on SDN/NFV
Publication Date
1-1-2021
Document Type
Conference Proceeding
Publication Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume
13009 LNCS
DOI
10.1007/978-3-030-89432-0_19
First Page
231
Last Page
242
Abstract
The integration of Software-Defined Network (SDN) and Network Function Virtualization (NFV) is an innovative network architecture that abstracts lower-level functionalities through the separation of the control plane from the data plane and enhances the management of network behavior and network services in real time. It provides unprecedented programmability, automation, and control for network dynamics. In this paper, we propose a flexible and elastic network security service management system for timely reacting to abnormal network behavior by orchestrating network security functions based on the technology of SDN/NFV. In designing the system, we address key challenges associated with scalability, responsiveness, and adversary resilience. The proposed system provides a real time and lightweight monitoring and response function by integrating security functions in the SDN/NFV domain. The SDN automatically learns the network conditions to orchestrate security functions for effective monitoring against attacks. The system is implemented based on an open-source SDN controller, RYU, and consists of three main agents; network monitoring, orchestration agents, and response agents. Experimental results have shown that our approach achieved low network latency with small memory usages for virtual intrusion detection systems.
Funding Sponsor
National Science Foundation
Department
Computer Engineering
Recommended Citation
Priyatham Ganta, Kicho Yu, Dharma Dheeraj Chintala, and Younghee Park. "Adaptive Network Security Service Orchestration Based on SDN/NFV" Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2021): 231-242. https://doi.org/10.1007/978-3-030-89432-0_19