{"title":"软件定义网络中的分布式威胁移除","authors":"Dominik Samociuk, A. Chydzinski","doi":"10.23919/MIPRO.2017.7973469","DOIUrl":null,"url":null,"abstract":"We propose an architecture for distributed threat removal in software-defined networks. This is a novel design of a large network, in which security analysis must be performed. In the classic paradigm, the security analyzer is an entry device, connected serially with the rest of the topology. Obviously, this device may suffer from a high processing load. Therefore, it may create a bottleneck, when the arriving traffic is waiting for the security verification, before being forwarded to next devices in the network. In the proposed architecture, traffic is immediately forwarded towards all destinations, while the security analysis is carried out in parallel, resulting in offloading the entry security device. We show that the proposed solution reduces the bottleneck in the topology and increases the rate of the carried traffic, while ensuring the same, as in the classic approach, security level.","PeriodicalId":203046,"journal":{"name":"2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)","volume":"11 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Distributed threat removal in software-defined networks\",\"authors\":\"Dominik Samociuk, A. Chydzinski\",\"doi\":\"10.23919/MIPRO.2017.7973469\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose an architecture for distributed threat removal in software-defined networks. This is a novel design of a large network, in which security analysis must be performed. In the classic paradigm, the security analyzer is an entry device, connected serially with the rest of the topology. Obviously, this device may suffer from a high processing load. Therefore, it may create a bottleneck, when the arriving traffic is waiting for the security verification, before being forwarded to next devices in the network. In the proposed architecture, traffic is immediately forwarded towards all destinations, while the security analysis is carried out in parallel, resulting in offloading the entry security device. We show that the proposed solution reduces the bottleneck in the topology and increases the rate of the carried traffic, while ensuring the same, as in the classic approach, security level.\",\"PeriodicalId\":203046,\"journal\":{\"name\":\"2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)\",\"volume\":\"11 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/MIPRO.2017.7973469\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/MIPRO.2017.7973469","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Distributed threat removal in software-defined networks
We propose an architecture for distributed threat removal in software-defined networks. This is a novel design of a large network, in which security analysis must be performed. In the classic paradigm, the security analyzer is an entry device, connected serially with the rest of the topology. Obviously, this device may suffer from a high processing load. Therefore, it may create a bottleneck, when the arriving traffic is waiting for the security verification, before being forwarded to next devices in the network. In the proposed architecture, traffic is immediately forwarded towards all destinations, while the security analysis is carried out in parallel, resulting in offloading the entry security device. We show that the proposed solution reduces the bottleneck in the topology and increases the rate of the carried traffic, while ensuring the same, as in the classic approach, security level.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
