Towards Effective Virtualization of Intrusion Detection Systems

被引:5
作者
Zhang, Nuyun [1 ]
Li, Hongda [1 ]
Hu, Hongxin [1 ]
Park, Younghee [2 ]
机构
[1] Clemson Univ, Clemson, SC 29631 USA
[2] San Jose State Univ, San Jose, CA 95192 USA
来源
SDN-NFVSEC'17: PROCEEDINGS OF THE ACM INTERNATIONAL WORKSHOP ON SECURITY IN SOFTWARE DEFINED NETWORKS & NETWORK FUNCTION VIRTUALIZATION | 2017年
基金
美国国家科学基金会;
关键词
Network Function Virtualization; Intrusion Detection Systems; Microservices;
D O I
10.1145/3040992.3041004
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Traditional Intrusion Detection Systems (IDSes) are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. Emerging Network Function Virtualization (NFV) technology can virtualize IDSes and elastically scale them to deal with attack traffic variations. However, existing NFV solutions treat a virtualized IDS as a monolithic piece of software, which could lead to inflexibility and significant waste of resources. In this paper, we propose a novel approach to virtualize IDSes as microservices where the virtualized IDSes can be customized on demand, and the underlying microservices could be shared and scaled independently. We also conduct experiments, which demonstrate that virtualizing IDSes as microservices can gain greater flexibility and resource efficiency.
引用
收藏
页码:47 / 50
页数:4
相关论文
共 14 条
[1]  
Boudreau Tim, 2000, JOURNAL
[2]  
Clark K., 2016, MICROSERVICES SOA AP
[3]   Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection [J].
De Carli, Lorenzo ;
Sommer, Robin ;
Jha, Somesh .
CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, :1378-1390
[4]  
Dragoni N., 2016, Microservices: yesterday, today, and tomorrow
[5]  
Dreger H, 2008, LECT NOTES COMPUT SC, V5230, P135, DOI 10.1007/978-3-540-87403-4_8
[6]  
Fayaz SK, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P817
[7]  
Fowler M., 2014, Microservices-A definition of this new architectural term
[8]   OpenNF: Enabling Innovation in Network Function Control [J].
Gember-Jacobson, Aaron ;
Viswanathan, Raajay ;
Prakash, Chaithan ;
Grandl, Robert ;
Khalid, Junaid ;
Das, Sourav ;
Akella, Aditya .
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (04) :163-174
[9]  
Khalil G., 2015, OPEN SOURCE IDS HIGH
[10]   Network Function Virtualization: State-of-the-Art and Research Challenges [J].
Mijumbi, Rashid ;
Serrat, Joan ;
Gorricho, Juan-Luis ;
Bouten, Niels ;
De Turck, Filip ;
Boutaba, Raouf .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2016, 18 (01) :236-262
12