Abstract

Intrusion Detection and Prevention Systems (IDPSs) are standalone complex hardware, expensive to purchase, change and manage. The emergence of Network Function Virtualization (NFV) and Software Defined Networking (SDN) mitigates these challenges and delivers middlebox functions as virtual instances. Moreover, cloud computing has become a very cost-effective model for sharing large-scale services in recent years. Features such as portability, isolation, live migration, and customizabil-ity of virtual machines for high-performance computing have attracted enterprise customers to move their in-house IT data center to the cloud. In this paper, we formulate the placement of Intrusion Detection and Prevention Systems (IDPS) and introduce a model called Incremental Mobile Facility Location Problem (IMFLP) to study the IDPP problem. Moreover, we propose a novel and efficient solution called Adaptive Facility Location (AFL) to efficiently solve the optimization problem introduced in the IMFLP model. The effectiveness of our solution is evaluated through realistic simulation studies compared with other popular online facility location algorithms.

Highlights

  • Cloud computing has become a cost-effective model for sharing large-scale services in recent years

  • We introduce a model in which infrastructure providers support Vritual Intrusion Detection and Prevention Systems (IDPSs) as a Service (IDPSaaS) by leveraging Network Function Virtualization (NFV), Software Defined Networking (SDN), and cloud

  • In order to study the Intrusion Detection and Prevention Systems Placement problem (IDPSP) problem, we propose Incremental Mobile Facility Location Problem (IMFLP) based on the online facility location problem

Read more

Summary

INTRODUCTION

Cloud computing has become a cost-effective model for sharing large-scale services in recent years. Network Functions Virtualization (NFV) [1] [2] promises a reprive from the vertically integrated hardware middlebox model followed for decades, by advocating the use of software Network Functions (NFs) running on commodity hardware This means a reduced acquisition and operational costs, flexible programability, and easier management [31] [42]. We introduce a model in which infrastructure providers support Vritual Intrusion Detection and Prevention Systems (IDPSs) as a Service (IDPSaaS) by leveraging NFV, SDN, and cloud. We present an efficient solution for the optimization problem defined in this model called Adaptive Facility Location (AFL) This solution by employing online actions, such as migrations and switches, adjusts the placement of IDPS instances to efficiently adapt to changes in service demands.

PROBLEM FORMULATION
Increamental Mobile Facility Location Model
Demand Arrival
EXPERIMENTS
Impact of Number of Demands
Impact of Number of Hosts
Impact of Cost Parameters
Evaluation of Demand Departure
Existing Systems
Facility Location Problem
Findings
CONCLUSION AND FUTURE WORKS

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.