scholarly journals Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data

2019 ◽  
Vol 31 (20) ◽  
Author(s):  
Martin Andreoni Lopez ◽  
Diogo M. F. Mattos ◽  
Otto Carlos M. B. Duarte ◽  
Guy Pujolle
Keyword(s):  
Big Data ◽  
Detection System ◽  
Stream Processing ◽  
Virtual Network ◽  
Threat Detection ◽  
Network Function ◽  
Virtual Network Function

scholarly journals A Monitoring and Threat Detection System Using Stream Processing as a Virtual Function for Big Data

2019 ◽  
Author(s):  
Martin E. Andreoni Lopez ◽  
Otto Carlos Muniz Bandeira Duarte ◽  
Guy Pujolle
Keyword(s):  
Real Time ◽  
Detection System ◽  
Low Cost ◽  
Stream Processing ◽  
Machine Learning Algorithms ◽  
Optimal Placement ◽  
Network Function Virtualization ◽  
Threat Detection ◽  
Network Function ◽  
Minimum Number

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We propose a fast and efficient threat detection system based on stream processing and machine learning algorithms. The main contributions of this work are i) a novel monitoring threat detection system based on stream processing; ii) two datasets, first a dataset of synthetic security data containing both legitimate and malicious traffic, and the second, a week of real traffic of a telecommunications operator in Rio de Janeiro, Brazil; iii) a data pre-processing algorithm, a normalizing algorithm and an algorithm for fast feature selection based on the correlation between variables; iv) a virtualized network function in an open-source platform for providing a real-time threat detection service; v) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, with a minimum number of sensors; and, finally, vi) a greedy algorithm that allocates on demand a sequence of virtual network functions.

scholarly journals Design and Implementation of Virtual Security Function Based on Multiple Enclaves

2021 ◽  
Vol 13 (1) ◽  
pp. 12
Author(s):  
Juan Wang ◽  
Yang Yu ◽  
Yi Li ◽  
Chengyang Fan ◽  
Shirong Hao
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Network Function Virtualization ◽  
Sensitive Data ◽  
Network Function ◽  
State Security ◽  
Security Challenges ◽  
Iot Platforms ◽  
Scalable Network ◽  
Virtual Network Function

Network function virtualization (NFV) provides flexible and scalable network function for the emerging platform, such as the cloud computing, edge computing, and IoT platforms, while it faces more security challenges, such as tampering with network policies and leaking sensitive processing states, due to running in a shared open environment and lacking the protection of proprietary hardware. Currently, Intel® Software Guard Extensions (SGX) provides a promising way to build a secure and trusted VNF (virtual network function) by isolating VNF or sensitive data into an enclave. However, directly placing multiple VNFs in a single enclave will lose the scalability advantage of NFV. This paper combines SGX and click technology to design the virtual security function architecture based on multiple enclaves. In our design, the sensitive modules of a VNF are put into different enclaves and communicate by local attestation. The system can freely combine these modules according to user requirements, and increase the scalability of the system while protecting its running state security. In addition, we design a new hot-swapping scheme to enable the system to dynamically modify the configuration function at runtime, so that the original VNFs do not need to stop when the function of VNFs is modified. We implement an IDS (intrusion detection system) based on our architecture to verify the feasibility of our system and evaluate its performance. The results show that the overhead introduced by the system architecture is within an acceptable range.

A Translator as Virtual Network Function for Network Level Interoperability of Different IoT Technologies

2021 ◽  
Author(s):  
Sisay Tadesse Arzo ◽  
Francesco Zambotto ◽  
Fabrizio Granelli ◽  
Riccardo Bassoli ◽  
Michael Devetsikiotis ◽  
...  
Keyword(s):  
Virtual Network ◽  
Network Function ◽  
Virtual Network Function
Sign in / Sign up

Export Citation Format

Share Document