Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

PNSICC: A Novel Parallel Network Security Inspection Mechanism Based on Cloud Computing

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9531))

Abstract

As we all know, application firewall provides in-depth inspection to ensure application-layer security services, but brings a serious decline for network performance of application service, even more serious impact on service usability, worse, in the face of increasingly complex and diverse network application services that require an integrated network security protection, different types of application firewall collaborate together to ensure security use of integrated services, but multiple application firewalls lead to more serious performance problems than a single one. Recent efforts have provided a large number of optimization measures and algorithms, what is more, have offered a lot of new security architecture for application firewalls, unfortunately, most of them did not achieve the desired results. We have proposed a novel architecture that combines the characteristics of cloud computing, namely, parallel network security inspection Mechanism based on cloud computing (PNSICC) that is able to addresses performance problems for multiple intertwined application firewalls that protect network security of integrated service. PNSICC not only provides effective network security protections for the protected objects, but also has greatly improved security inspection efficiency. We have proved by experiments that our scheme is an effective and efficient method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of it security and compliance challenges in security-as-a-service for cloud computing. In: 2012 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129. IEEE (2012)

    Google Scholar 

  2. Ali, S., Lawati, M.H.A., Naqvi, S.J.: Unified threat management system approach for securing SME’s network infrastructure. In: 2012 IEEE Ninth International Conference on e-Business Engineering (ICEBE), pp. 170–176. IEEE (2012)

    Google Scholar 

  3. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)

    Article  Google Scholar 

  4. Aziz, A., Zafran, M., Ibrahim, M.Y., Omar, A.M., Ab Rahman, R., Zan, M., Mahfudz, M., Yusof, M.I.: Performance analysis of application layer firewall. In: 2012 IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 182–186. IEEE (2012)

    Google Scholar 

  5. Chao, Y., Bingyao, C., Jiaying, D., Wei, G.: The research and implementation of UTM. In: IET International Communication Conference on Wireless Mobile and Computing (CCWMC 2009), pp. 389–392. IET (2009)

    Google Scholar 

  6. ClamAV. www.clamav.net

  7. Dong, M., Li, H., Ota, K., Yang, L.T., Zhu, H.: Multicloud-based evacuation services for emergency management. IEEE Cloud Comput. 1(4), 50–59 (2014). http://dx.doi.org/10.1109/MCC.2014.85

    Article  Google Scholar 

  8. Dong, M., Li, H., Ota, K., Zhu, H.: HVSTO: efficient privacy preserving hybrid storage in cloud data center. In: 2014 Proceedings IEEE INFOCOM Workshops, Toronto, ON, Canada, 27 April - 2 May 2014, pp. 529–534 (2014). http://dx.doi.org/10.1109/INFCOMW.2014.6849287

  9. He, J., Dong, M., Ota, K., Fan, M., Wang, G.: NetSecCC: A scalable and fault-tolerant architecture for cloud computing security. Peer-to-Peer Netw. Appl., pp. 1–15 (2014)

    Google Scholar 

  10. He, J., Dong, M., Ota, K., Fan, M., Wang, G.: NSCC: Self-service network security architecture for cloud computing. In: 2014 IEEE 17th International Conference on Computational Science and Engineering (CSE), pp. 444–449. IEEE (2014)

    Google Scholar 

  11. Mauch, V., Kunze, M., Hillenbrand, M.: High performance cloud computing. Future Gener. Comput. Syst. 29, 1408–1416 (2012)

    Article  Google Scholar 

  12. Nassar, S., El-Sayed, A., Aiad, N.: Improve the network performance by using parallel firewalls. In: 2010 6th International Conference on Networked Computing (INC), pp. 1–5. IEEE (2010)

    Google Scholar 

  13. amavisd new. http://www.amavis.org/

  14. Nguyen, A., Raj, H., Rayanchu, S., Saroiu, S., Wolman, A.: Delusional boot: securing hypervisors without massive re-engineering. In: Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys 2012, pp. 141–154. ACM, New York (2012). http://doi.acm.org/10.1145/2168836.2168851

  15. NVD. http://nvd.nist.gov/

  16. I. http://www.ixiacom.com/

  17. Proxy, H.A.V. http://www.server-side.de/download.htm

  18. for Proxy Server, K.A.V.:http://www.kaspersky.com/anti-virus_proxy_server

  19. Salah, K., Calero, A.J., Zeadally, S., Almulla, S., ZAaabi, M.: Using cloud computing to implement a security overlay network. IEEE Secur. Priv. 11, 44–53 (2012)

    Google Scholar 

  20. Sekar, V., Egi, N., Ratnasamy, S., Reiter, M.K., Shi, G.: Design and implementation of a consolidated middlebox architecture. In: Proceedings of NSDI (2012)

    Google Scholar 

  21. Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else’s problem: network processing as a cloud service. ACM SIGCOMM Comput. Commun. Rev. 42(4), 13–24 (2012)

    Article  Google Scholar 

  22. SonicWALL. http://www.sonicwall.com/

  23. SpamAssassin. http://spamassassin.apache.org/

  24. Szefer, J., Lee, R.B.: Architectural support for hypervisor-secure virtualization. SIGARCH Comput. Archit. News 40(1), 437–450 (2012). http://doi.acm.org/10.1145/2189750.2151022

    Article  Google Scholar 

Download references

Acknowledgments

This work is partially supported by JSPS KAKENHI Grant Number 26730056, 15K15976, JSPS A3 Foresight Program.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Electronic Science and Technology of China, Chengdu, 611731, People’s Republic of China

    Jin He, Minyu Fan & Guangwei Wang

  2. Department of Information and Electronic Engineering, Muroran Institute of Technology, Muroran, Japan

    Mianxiong Dong & Kaoru Ota

Authors
  1. Jin He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mianxiong Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kaoru Ota
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Minyu Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guangwei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jin He .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Guojun Wang

  2. The University of Sydney, Sydney, New South Wales, Australia

    Albert Zomaya

  3. University of Murcia, Murcia, Murcia, Spain

    Gregorio Martinez

  4. Hunan University, Changsha, China

    Kenli Li

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

He, J., Dong, M., Ota, K., Fan, M., Wang, G. (2015). PNSICC: A Novel Parallel Network Security Inspection Mechanism Based on Cloud Computing. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9531. Springer, Cham. https://doi.org/10.1007/978-3-319-27140-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27140-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27139-2

  • Online ISBN: 978-3-319-27140-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation