Title :
Security function virtualization in software defined infrastructure
Author :
Yasrebi, Pouya ; Monfared, Sina ; Bannazadeh, Hadi ; Leon-Garcia, Alberto
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Toronto, Toronto, ON, Canada
Abstract :
In this paper we present an approach to implement security as a Virtualized Network Function (VNF) that is implemented within a Software-Defined Infrastructure (SDI). We present a scalable, flexible, and seamless design for a Deep Packet Inspection (DPI) system for network intrusion detection and prevention. We discuss how our design introduces significant reductions in both capital and operational expenses (CAPEX and OPEX). As proof of concept, we describe an implementation for a modular security solution that uses the SAVI SDI testbed to first detect and then block an attack or to re-direct it to a honey-pot for further analysis. We discuss our testing methodology and provide measurement results for the test cases where an application faces various security attacks.
Keywords :
computer network security; software defined networking; virtualisation; CAPEX; DPI system; OPEX; SAVI SDI testbed; VNF; capital and operational expense; deep packet inspection system; honey-pot; network intrusion detection and prevention; security attack; security function virtualization; security solution; software defined infrastructure; virtualized network function; Bandwidth; IP networks; Inspection; Security; Servers; Software; Whales;
Conference_Titel :
Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on
Conference_Location :
Ottawa, ON
DOI :
10.1109/INM.2015.7140374
