{"title":"网络安全监控功能在nfv数据中心的优化配置","authors":"Po-Ching Lin, Chia-Feng Wu, Po-Hsien Shih","doi":"10.1109/SC2.2017.10","DOIUrl":null,"url":null,"abstract":"While infrastructure as a service (IaaS) provides benefits such as cost reduction, dynamic deployment and high availability for users, it also blurs the boundary between the internal and external networks, causing security threats such as insider attacks which cannot be observed by traditional security devices in the network boundary. Coordination of network function virtualization (NFV) and software-defined networking (SDN) is a promising approach to address this issue, and an optimal placement mechanism is necessary to minimize the computing resources for network security monitoring. In this work, we present a mechanism of placing virtualized network functions (VNFs) for network security monitoring in a data center to watch communications between pairs of virtual machines (VMs) or between VMs and external hosts. The placement issue is modeled as the minimum vertex cover problem and the bin packing problem to optimize the number and positions of VNFs subject to the availability of computing resources and link capacity. We design a greedy algorithm to reduce the time complexity of the problems. A Mininet simulation evaluates this solution for various topology sizes and communication pairs. The experiments demonstrate that the VNF placement planned by this algorithm is close to optimality, but the execution time can be reduced significantly.","PeriodicalId":188326,"journal":{"name":"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)","volume":"335 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Optimal Placement of Network Security Monitoring Functions in NFV-Enabled Data Centers\",\"authors\":\"Po-Ching Lin, Chia-Feng Wu, Po-Hsien Shih\",\"doi\":\"10.1109/SC2.2017.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"While infrastructure as a service (IaaS) provides benefits such as cost reduction, dynamic deployment and high availability for users, it also blurs the boundary between the internal and external networks, causing security threats such as insider attacks which cannot be observed by traditional security devices in the network boundary. Coordination of network function virtualization (NFV) and software-defined networking (SDN) is a promising approach to address this issue, and an optimal placement mechanism is necessary to minimize the computing resources for network security monitoring. In this work, we present a mechanism of placing virtualized network functions (VNFs) for network security monitoring in a data center to watch communications between pairs of virtual machines (VMs) or between VMs and external hosts. The placement issue is modeled as the minimum vertex cover problem and the bin packing problem to optimize the number and positions of VNFs subject to the availability of computing resources and link capacity. We design a greedy algorithm to reduce the time complexity of the problems. A Mininet simulation evaluates this solution for various topology sizes and communication pairs. The experiments demonstrate that the VNF placement planned by this algorithm is close to optimality, but the execution time can be reduced significantly.\",\"PeriodicalId\":188326,\"journal\":{\"name\":\"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)\",\"volume\":\"335 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SC2.2017.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SC2.2017.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Optimal Placement of Network Security Monitoring Functions in NFV-Enabled Data Centers
While infrastructure as a service (IaaS) provides benefits such as cost reduction, dynamic deployment and high availability for users, it also blurs the boundary between the internal and external networks, causing security threats such as insider attacks which cannot be observed by traditional security devices in the network boundary. Coordination of network function virtualization (NFV) and software-defined networking (SDN) is a promising approach to address this issue, and an optimal placement mechanism is necessary to minimize the computing resources for network security monitoring. In this work, we present a mechanism of placing virtualized network functions (VNFs) for network security monitoring in a data center to watch communications between pairs of virtual machines (VMs) or between VMs and external hosts. The placement issue is modeled as the minimum vertex cover problem and the bin packing problem to optimize the number and positions of VNFs subject to the availability of computing resources and link capacity. We design a greedy algorithm to reduce the time complexity of the problems. A Mininet simulation evaluates this solution for various topology sizes and communication pairs. The experiments demonstrate that the VNF placement planned by this algorithm is close to optimality, but the execution time can be reduced significantly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
