research-article

The Vision of Self-aware Reordering of Security Network Function Chains

Authors:

Lukas Iffländer,

Jürgen Walter,

Simon Eismann,

Samuel KounevAuthors Info & Claims

ICPE '18: Companion of the 2018 ACM/SPEC International Conference on Performance Engineering

Pages 1 - 4

https://doi.org/10.1145/3185768.3186309

Published: 02 April 2018 Publication History

Get Access

Abstract

Services provided online are subject to various types of attacks. Security appliances can be chained to protect a system against multiple types of network attacks. The sequence of appliances has a significant impact on the efficiency of the whole chain. While the operation of security appliance chains is currently based on a static order, traffic-aware reordering of security appliances may significantly improve efficiency and accuracy. In this paper, we present the vision of a self-aware system to automatically reorder security appliances according to incoming traffic. To achieve this, we propose to apply a model-based learning, reasoning, and acting (LRA-M) loop. To this end, we describe a corresponding system architecture and explain its building blocks.

References

[1]

A. Fischer. Performance evaluation for service function chains through automated model building. In 11th EAI International Conference on Performance Evaluation Methodologies and Tools (ValueTools'17), 2017.

Digital Library

Google Scholar

[2]

S. Kounev, P. Lewis, K. L. Bellman, N. Bencomo, J. Camara, A. Diaconescu, L. Esterle, K. Geihs, H. Giese, S. Götz, et al. The notion of self-aware computing. In Self-Aware Computing Systems, pages 3--16. Springer, 2017.

Crossref

Google Scholar

[3]

M. Mechtri, C. Ghribi, and D. Zeghlache. A scalable algorithm for the placement of service function chains. IEEE Transactions on Network and Service Management, 13(3):533--546, Sept 2016.

Digital Library

Google Scholar

[4]

A. F. Ocampo, J. Gil-Herrera, P. H. Isolani, M. C. Neves, J. F. Botero, S. Latré, L. Zambenedetti, M. P. Barcellos, and L. P. Gaspary. Optimal Service Function Chain Composition in Network Functions Virtualization, pages 62--76. Springer International Publishing, Cham, 2017.

Google Scholar

[5]

P. Rygielski, M. Seliuchenko, and S. Kounev. Modeling and Prediction of Software-Defined Networks Performance using Queueing Petri Nets. In Proceedings of the Ninth International Conference on Simulation Tools and Techniques (SIMUTools 2016), pages 66--75, August 2016.

Digital Library

Google Scholar

[6]

P. Rygielski, V. Simko, F. Sittner, D. Aschenbrenner, S. Kounev, and K. Schilling. Automated Extraction of Network Traffic Models Suitable for Performance Simulation. In Proceedings of the 7th ACM/SPEC International Conference on Performance Engineering (ICPE 2016), pages 27--35. ACM, March 2016.

Digital Library

Google Scholar

[7]

T. N. Theis and H.-S. P. Wong. The end of moore's law: A new beginning for information technology. Computing in Science & Engineering, 19(2):41--50, 2017.

Digital Library

Google Scholar

[8]

S. Thian-ngam and M. Lertwatechakul. False positive decrement for snort intrusion detection. Engineering and Applied Science Research, 36(3):251--259, 2012.

Google Scholar

[9]

J. Walter, C. Stier, H. Koziolek, and S. Kounev. An Expandable Extraction Framework for Architectural Performance Models. In Proceedings of the 3rd International Workshop on Quality-Aware DevOps (QUDOS'17). ACM, April 2017.

Digital Library

Google Scholar

Cited By

View all

Ahmed SKhan ZMohsin SLatif SAslam SMujlid HAdil MNajam Z(2023)Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer PerceptronFuture Internet10.3390/fi1502007615:2(76)Online publication date: 15-Feb-2023
https://doi.org/10.3390/fi15020076
Bin DYang CHan S(2023)Application Design of Data Security Pool System Based on Network Security Data Link Technology2023 8th International Conference on Information Systems Engineering (ICISE)10.1109/ICISE60366.2023.00095(419-423)Online publication date: 23-Jun-2023
https://doi.org/10.1109/ICISE60366.2023.00095
Ifflander LCiner HFella NKounev SRawtani NLange K(2020)Architecture for a Dynamic Security Service Function Chain Reordering Framework2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C51401.2020.00064(232-233)Online publication date: Aug-2020
https://doi.org/10.1109/ACSOS-C51401.2020.00064
Show More Cited By

Index Terms

Recommendations

Scalable and coordinated allocation of service function chains

Network Functions Virtualization is an emerging initiative where standard IT virtualization evolves to consolidate network functions onto high volume servers, switches and storage that can be located anywhere in the network. In NFV, network services are ...
Service Chaining Implementation in Network Function Virtualization with Software Defined Networking
ICCBN '17: Proceedings of the 5th International Conference on Communications and Broadband Networking

In this paper we are presenting Service Function Chaining for network services in a virtualised environment. This kind of problem does not still have a commonly used solution. We have tested our design; explained in detail the issues of the currently ...
Enabling network function combination via service chain instantiation

Isolated network functions (also known as middleboxes) are difficult and costly to manage in a cooperative fashion due to their hardware-based implementation and proprietary interfaces. The integration of software-defined networking (SDN) and network ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICPE '18: Companion of the 2018 ACM/SPEC International Conference on Performance Engineering

April 2018

212 pages

ISBN:9781450356299

DOI:10.1145/3185768

General Chairs:
Katinka Wolter
Free University of Berlin, Germany
,
Will Knottenbelt
Imperial College London, UK
,
Program Chairs:
André van Hoorn
University of Stuttgart, Germany
,
Manoj Nambiar
Tata Consultancy Services, India
,
Heiko Koziolek
ABB, Germany

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

DFG
German Research Foundation (DFG)

Conference

ICPE '18

Sponsor:

ICPE '18: ACM/SPEC International Conference on Performance Engineering

April 9 - 13, 2018

Berlin, Germany

Acceptance Rates

Overall Acceptance Rate 252 of 851 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
119
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ahmed SKhan ZMohsin SLatif SAslam SMujlid HAdil MNajam Z(2023)Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer PerceptronFuture Internet10.3390/fi1502007615:2(76)Online publication date: 15-Feb-2023
https://doi.org/10.3390/fi15020076
Bin DYang CHan S(2023)Application Design of Data Security Pool System Based on Network Security Data Link Technology2023 8th International Conference on Information Systems Engineering (ICISE)10.1109/ICISE60366.2023.00095(419-423)Online publication date: 23-Jun-2023
https://doi.org/10.1109/ICISE60366.2023.00095
Ifflander LCiner HFella NKounev SRawtani NLange K(2020)Architecture for a Dynamic Security Service Function Chain Reordering Framework2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C51401.2020.00064(232-233)Online publication date: Aug-2020
https://doi.org/10.1109/ACSOS-C51401.2020.00064
Ifflander LBeierlieb LFella NKounev SRawtani NLange K(2020)Implementing Attack-aware Security Function Chain Reordering2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C51401.2020.00055(194-199)Online publication date: Aug-2020
https://doi.org/10.1109/ACSOS-C51401.2020.00055
Iffländer LFella NApte VDi Marco ALitoiu MMerseguer J(2019)Performance Influence of Security Function Chain OrderingCompanion of the 2019 ACM/SPEC International Conference on Performance Engineering10.1145/3302541.3311965(45-46)Online publication date: 27-Mar-2019
https://dl.acm.org/doi/10.1145/3302541.3311965

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Scalable and coordinated allocation of service function chains

Service Chaining Implementation in Network Function Virtualization with Software Defined Networking

Enabling network function combination via service chain instantiation