Zero-touch security automation mechanisms for edge NFV: the π-Edge approach

Abstract

The shift towards distributed computing architectures that push data storage and processing to the edge of the network, is resulting into a convergence of cloud-computing services and next generation mobile network technologies. In order to uniformly manage resources and services in the formed cloud/core to edge/devices continuum and to handle the diversity of multi-party underlying infrastructure technologies in a latency-aware, reliable and trustworthy fashion, management automation has become more crucial than ever. In this work, we present the security analytics mechanisms of the π-Edge platform–our edge management platform that embodies zero-touch automation features for interoperability, Quality of Service (QoS) assurance, resilience and trust. To this end, we introduce a declarative NFV MANO Information Model (IM) and methods for automatically enhancing Network Slices at the edge, with security services that i) continuously monitor user-plane traffic on the links between Virtual Network Functions (VNFs), ii) detect possible network vulnerabilities or malicious behaviour and iii) apply relevant actions to effectively observe and mitigate identified threats. The implementation of such mechanisms is evaluated through experimentation on a use case of DDoS attacking scenarios, showcasing the usability and the benefits of our proposed solution.