As computing and communication infrastructures have gained an ever-increasing role in everybody's life, guaranteeing their reliability has become a critical endeavor. In the face of threats that grow more and more sophisticated, we must turn our attention to the techniques that have the potential to match them and scale with the infrastructure complexity. The current trend in the telecommunication industry towards "softwarized infrastructures"by means of new technologies such as Software Defined Networking and Network Function Virtualization may provide a innovative and effective solutions from this point of view. In this work, we outline a network security monitoring architecture aimed at striking the best trade-off between effectiveness and efficiency. This result is achieved by exploiting the possibility, already enabled by state-of-the-art, yet well tested components for infrastructural orchestration, of dynamic instantiation and composition of functions. We conclude that efficient detection of some classes of network-based denial-of-service attacks is possible, and open the path to mitigation strategies that optimize the usage of resources by deploying and re-configuring them as needed in real-time.

Sustainable Infrastructure Monitoring for Security-Oriented Purposes

Berardi D.
Conceptualization
;
Callegati F.
Writing – Original Draft Preparation
;
Melis A.
Methodology
;
Prandini M.
Validation
2020

Abstract

As computing and communication infrastructures have gained an ever-increasing role in everybody's life, guaranteeing their reliability has become a critical endeavor. In the face of threats that grow more and more sophisticated, we must turn our attention to the techniques that have the potential to match them and scale with the infrastructure complexity. The current trend in the telecommunication industry towards "softwarized infrastructures"by means of new technologies such as Software Defined Networking and Network Function Virtualization may provide a innovative and effective solutions from this point of view. In this work, we outline a network security monitoring architecture aimed at striking the best trade-off between effectiveness and efficiency. This result is achieved by exploiting the possibility, already enabled by state-of-the-art, yet well tested components for infrastructural orchestration, of dynamic instantiation and composition of functions. We conclude that efficient detection of some classes of network-based denial-of-service attacks is possible, and open the path to mitigation strategies that optimize the usage of resources by deploying and re-configuring them as needed in real-time.
ACM International Conference Proceeding Series
48
53
Berardi D.; Callegati F.; Melis A.; Prandini M.
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11585/785638
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact