Distributed packet inspection for network security purposes in software-defined networking environments

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3409210

P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk

{"title":"Distributed packet inspection for network security purposes in software-defined networking environments","authors":"P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk","doi":"10.1145/3407023.3409210","DOIUrl":null,"url":null,"abstract":"5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"33 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3409210","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.

查看原文本刊更多论文

在软件定义的网络环境中，用于网络安全目的的分布式数据包检测

预计5G网络将提供丰富的无处不在的通信基础设施和广泛的高质量服务。然而，由于它们是使用混合现代网络技术形成的，因此确保它们的安全性至关重要。目前，软件定义网络被设想为在5G中提供安全性的关键技术。然而，由于其集中的特性，基于sdn的系统可能会受到性能问题的影响，并且难以扩展。这就是为什么在本文中，我们提出了一种新的分布式数据包检测方法，该方法易于扩展，迁移并且能够利用任何现有的SDN控制器软件。我们建议使用多个进程，而不是运行单个SDN控制器进程实例，并在运行的实例之间以公平的方式分配流量。因此，这种负载平衡解决方案能够在多台机器上独立运行，从而实现高度可伸缩的解决方案。通过实验评价，证明了该方案的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量