在软件定义的网络环境中，用于网络安全目的的分布式数据包检测

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3409210

P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk

{"title":"在软件定义的网络环境中，用于网络安全目的的分布式数据包检测","authors":"P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk","doi":"10.1145/3407023.3409210","DOIUrl":null,"url":null,"abstract":"5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"33 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Distributed packet inspection for network security purposes in software-defined networking environments\",\"authors\":\"P. Nowakowski, Piotr Żórawski, Krzysztof Cabaj, Marcin Gregorczyk, Maciej Purski, W. Mazurczyk\",\"doi\":\"10.1145/3407023.3409210\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.\",\"PeriodicalId\":121225,\"journal\":{\"name\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"volume\":\"33 1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3407023.3409210\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3409210","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

预计5G网络将提供丰富的无处不在的通信基础设施和广泛的高质量服务。然而，由于它们是使用混合现代网络技术形成的，因此确保它们的安全性至关重要。目前，软件定义网络被设想为在5G中提供安全性的关键技术。然而，由于其集中的特性，基于sdn的系统可能会受到性能问题的影响，并且难以扩展。这就是为什么在本文中，我们提出了一种新的分布式数据包检测方法，该方法易于扩展，迁移并且能够利用任何现有的SDN控制器软件。我们建议使用多个进程，而不是运行单个SDN控制器进程实例，并在运行的实例之间以公平的方式分配流量。因此，这种负载平衡解决方案能够在多台机器上独立运行，从而实现高度可伸缩的解决方案。通过实验评价，证明了该方案的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Distributed packet inspection for network security purposes in software-defined networking environments

5G networks are foreseen to offer rich ubiquitous communication infrastructure with wide range of high-quality services. However, as they are formed using a mix of modern network technologies ensuring their security is crucial. Currently, Software Defined Networking is envisioned as a key technology to provide security in 5G. However, due to its centralized nature SDN-based systems may suffer from performance issues and are difficult to scale. That is why in this paper, we propose a novel distributed packet inspection method which is easy to scale, migrate and is able to utilize any existing SDN controller software. Instead of running a single instance of SDN controller process we propose to utilize multiple processes and to distribute the traffic in a fair manner across running instances. In result, such a load-balancing solution is able to run independently on multiple machines allowing for highly scalable solution. Performed experimental evaluation proves that such solution is efficient and effective.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量