Methods and Techniques for Dynamic Deployability of Software-Defined
Security Services
- URL: http://arxiv.org/abs/2004.02876v1
- Date: Sat, 4 Apr 2020 16:04:18 GMT
- Title: Methods and Techniques for Dynamic Deployability of Software-Defined
Security Services
- Authors: Roberto Doriguzzi-Corin
- Abstract summary: This thesis investigates the challenges of provisioning network security services in "softwarised" networks.
The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats.
The overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: With the recent trend of "network softwarisation", enabled by emerging
technologies such as Software-Defined Networking (SDN) and Network Function
Virtualisation (NFV), system administrators of data centres and enterprise
networks have started replacing dedicated hardware-based middleboxes with
virtualised network functions running on servers and end hosts. This radical
change has facilitated the provisioning of advanced and flexible network
services, ultimately helping system administrators and network operators to
cope with the rapid changes in service requirements and networking workloads.
This thesis investigates the challenges of provisioning network security
services in "softwarised" networks, where the security of residential and
business users can be provided by means of sets of software-based network
functions running on high performance servers or on commodity compute devices.
The study is approached from the perspective of the telecom operator, whose
goal is to protect the customers from network threats and, at the same time,
maximize the number of provisioned services, and thereby revenue. Specifically,
the overall aim of the research presented in this thesis is proposing novel
techniques for optimising the resource usage of software-based security
services, hence for increasing the chances for the operator to accommodate more
service requests while respecting the desired level of network security of its
customers. In this direction, the contributions of this thesis are the
following: (i) a solution for the dynamic provisioning of security services
that minimises the utilisation of computing and network resources, and (ii)
novel methods based on Deep Learning and Linux kernel technologies for reducing
the CPU usage of software-based security network functions, with specific focus
on the defence against Distributed Denial of Service (DDoS) attacks.
Related papers
- Integrated LLM-Based Intrusion Detection with Secure Slicing xApp for Securing O-RAN-Enabled Wireless Network Deployments [2.943640991628177]
The Open Radio Access Network (O-RAN) architecture is reshaping telecommunications by promoting openness, flexibility, and intelligent closed-loop optimization.
This research explores using large language models (LLMs) to generate security recommendations based on the temporal traffic patterns of connected UEs.
arXiv Detail & Related papers (2025-04-01T01:45:07Z) - Secure Resource Allocation via Constrained Deep Reinforcement Learning [49.15061461220109]
We present SARMTO, a framework that balances resource allocation, task offloading, security, and performance.
SARMTO consistently outperforms five baseline approaches, achieving up to a 40% reduction in system costs.
These enhancements highlight SARMTO's potential to revolutionize resource management in intricate distributed computing environments.
arXiv Detail & Related papers (2025-01-20T15:52:43Z) - Optimal In-Network Distribution of Learning Functions for a Secure-by-Design Programmable Data Plane of Next-Generation Networks [2.563180814294141]
This paper focuses on the deployment of in-network learning models with the aim of implementing fully distributed intrusion detection systems (IDS) or intrusion prevention systems (IPS)
A model is proposed for the optimal distribution of the IDS/IPS workload among data plane devices with the aim of ensuring complete network security without excessively burdening the normal operations of the devices.
arXiv Detail & Related papers (2024-11-27T14:29:53Z) - Security Evaluation in Software-Defined Networks [1.9713190626298576]
Cloud computing has led to a significant increase in Data Centre (DC) network requirements.
Traditional DCs are struggling to meet the flexible, centrally managed requirements of cloud computing applications.
This article presents a framework for evaluating security of Software-Defined Networks (SDN)
arXiv Detail & Related papers (2024-08-21T09:56:14Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Performance Analysis of Decentralized Physical Infrastructure Networks and Centralized Clouds [42.37170902465878]
Decentralized Physical Infrastructure Networks (DePINs) aim to enhance data sovereignty and confidentiality and increase resilience against a single point of failure.
This work focuses on the potential of DePINs to disrupt traditional centralized architectures by taking advantage of the Internet of Things (IoT) devices and crypto-economic design in combination with blockchains.
arXiv Detail & Related papers (2024-04-12T08:00:38Z) - Software-based Security Framework for Edge and Mobile IoT [0.5735035463793009]
This work focuses on designing secure communication among remote servers and embedded IoT devices.
The proposed approach uses lightweight cryptography, optimizing device performance and security without overburdening their limited resources.
arXiv Detail & Related papers (2024-04-09T16:25:13Z) - A Learning-based Incentive Mechanism for Mobile AIGC Service in Decentralized Internet of Vehicles [49.86094523878003]
We propose a decentralized incentive mechanism for mobile AIGC service allocation.
We employ multi-agent deep reinforcement learning to find the balance between the supply of AIGC services on RSUs and user demand for services within the IoV context.
arXiv Detail & Related papers (2024-03-29T12:46:07Z) - Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks.
In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Towards Intelligent Network Management: Leveraging AI for Network
Service Detection [0.0]
This study focuses on leveraging Machine Learning methodologies to create an advanced network traffic classification system.
We introduce a novel data-driven approach that excels in identifying various network service types in real-time.
Our system demonstrates a remarkable accuracy in distinguishing the network services.
arXiv Detail & Related papers (2023-10-14T16:06:11Z) - Enhancing Network Resilience through Machine Learning-powered Graph
Combinatorial Optimization: Applications in Cyber Defense and Information
Diffusion [0.0]
This thesis focuses on developing effective approaches for enhancing network resilience.
Existing approaches for enhancing network resilience emphasize on determining bottleneck nodes and edges in the network.
This thesis aims to design effective, efficient and scalable techniques for discovering bottleneck nodes and edges in the network.
arXiv Detail & Related papers (2023-09-22T01:48:28Z) - Machine Learning-Based User Scheduling in Integrated
Satellite-HAPS-Ground Networks [82.58968700765783]
Integrated space-air-ground networks promise to offer a valuable solution space for empowering the sixth generation of communication networks (6G)
This paper showcases the prospects of machine learning in the context of user scheduling in integrated space-air-ground communications.
arXiv Detail & Related papers (2022-05-27T13:09:29Z) - AI-Empowered Data Offloading in MEC-Enabled IoV Networks [40.75165195026413]
This article surveys research studies that use AI as part of the data offloading process, categorized based on four main issues: reliability, security, energy management, and service seller profit.
Various challenges to the process of offloading data in a MEC-enabled IoV network have emerged, such as offloading reliability in highly mobile environments, security for users within the same network, and energy management to keep users from being disincentivized to participate in the network.
arXiv Detail & Related papers (2022-03-31T09:31:53Z) - Deep Reinforcement Learning for Collaborative Edge Computing in
Vehicular Networks [40.957135065965055]
A collaborative edge computing framework is developed to reduce the computing service latency and improve service reliability for vehicular networks.
An artificial intelligence (AI) based collaborative computing approach is developed to determine the task offloading, computing, and result delivery policy for vehicles.
By our approach, the service cost, which includes computing service latency and service failure penalty, can be minimized via the optimal workload assignment and server selection.
arXiv Detail & Related papers (2020-10-05T00:06:37Z) - Using Reinforcement Learning to Allocate and Manage Service Function
Chains in Cellular Networks [0.456877715768796]
We propose the use of reinforcement learning to deploy a service function chain (SFC) of cellular network service and manage the network virtual functions (VNFs)
The main purpose is to reduce the number of lost packets taking into account the energy consumption of the servers.
Preliminary results show that the agent is able to allocate the SFC and manage the VNFs, reducing the number of lost packets.
arXiv Detail & Related papers (2020-06-12T17:38:23Z) - A Privacy-Preserving Distributed Architecture for
Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service.
It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.