As computing and communication infrastructures have gained an ever-increasing role in everybody's life, guaranteeing their reliability has become a critical endeavor. In the face of threats that grow more and more sophisticated, we must turn our attention to the techniques that have the potential to match them and scale with the infrastructure complexity. The current trend in the telecommunication industry towards "softwarized infrastructures"by means of new technologies such as Software Defined Networking and Network Function Virtualization may provide a innovative and effective solutions from this point of view. In this work, we outline a network security monitoring architecture aimed at striking the best trade-off between effectiveness and efficiency. This result is achieved by exploiting the possibility, already enabled by state-of-the-art, yet well tested components for infrastructural orchestration, of dynamic instantiation and composition of functions. We conclude that efficient detection of some classes of network-based denial-of-service attacks is possible, and open the path to mitigation strategies that optimize the usage of resources by deploying and re-configuring them as needed in real-time.
Sustainable Infrastructure Monitoring for Security-Oriented Purposes
Berardi D.
Conceptualization
;Callegati F.Writing – Original Draft Preparation
;Melis A.
Methodology
;Prandini M.Validation
2020
Abstract
As computing and communication infrastructures have gained an ever-increasing role in everybody's life, guaranteeing their reliability has become a critical endeavor. In the face of threats that grow more and more sophisticated, we must turn our attention to the techniques that have the potential to match them and scale with the infrastructure complexity. The current trend in the telecommunication industry towards "softwarized infrastructures"by means of new technologies such as Software Defined Networking and Network Function Virtualization may provide a innovative and effective solutions from this point of view. In this work, we outline a network security monitoring architecture aimed at striking the best trade-off between effectiveness and efficiency. This result is achieved by exploiting the possibility, already enabled by state-of-the-art, yet well tested components for infrastructural orchestration, of dynamic instantiation and composition of functions. We conclude that efficient detection of some classes of network-based denial-of-service attacks is possible, and open the path to mitigation strategies that optimize the usage of resources by deploying and re-configuring them as needed in real-time.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
