A Security-oriented Dynamic and Heterogeneous Scheduling Method for Virtual Network Function

Xinsheng JI; Shuiling XU; Wenyan LIU; Qing TONG; Lingshu LI

doi:10.11999/JEIT181130

Volume 41 Issue 10

Oct. 2019

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2019 > 41(10): 2435-2441

Xinsheng JI, Shuiling XU, Wenyan LIU, Qing TONG, Lingshu LI. A Security-oriented Dynamic and Heterogeneous Scheduling Method for Virtual Network Function[J]. Journal of Electronics & Information Technology, 2019, 41(10): 2435-2441. doi: 10.11999/JEIT181130

Citation:

Xinsheng JI, Shuiling XU, Wenyan LIU, Qing TONG, Lingshu LI. A Security-oriented Dynamic and Heterogeneous Scheduling Method for Virtual Network Function[J]. Journal of Electronics & Information Technology, 2019, 41(10): 2435-2441. doi: 10.11999/JEIT181130

Citation:

PDF( 1961 KB)

A Security-oriented Dynamic and Heterogeneous Scheduling Method for Virtual Network Function

doi: 10.11999/JEIT181130

National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China

Funds: The National Natural Science Foundation of China (61521003, 61602509), The National Key R&D Program of China (2016YFB0800100, 2016YFB0800101)

Received Date: 2018-12-06
Rev Recd Date: 2019-04-03

Available Online: 2019-04-23

Publish Date: 2019-10-01

Abstract

Abstract

Network Function Virtualization (NFV) brings flexibility and dynamics to the construction of service chain. However, the software and virtualization may cause security risks such as vulnerabilities and backdoors, which may have impact on Service Chain (SC) security. Thus, a Virtual Network Function (VNF) scheduling method is proposed. Firstly, heterogeneous images are built for every virtual network function in service chain, avoiding widespread attacks using common vulnerabilities. Then, one network function is selected dynamically and periodically. The executor of this network function is replaced by loading heterogeneous images. Finally, considering the impact of scheduling on the performance of network functions, Stackelberg game is used to model the attack and defense process, and the scheduling probability of each network function in the service chain is solved with the goal of optimizing the defender’s benefit. Experiments show that this method can reduce the rate of attacker’s success while controlling the overhead generated by the scheduling within an acceptable range.
- Network Function Virtualization(NFV),
- Service Chain (SC),
- Cyber security,
- Dynamic,
- Heterogeneous,
- Game theory

FullText(HTML)

References(15)

References

Network Functions Virtualization (NFV) ETSI Industry Specification Group (ISG). ETSI GS NFV 001: Network Functions Virtualisation (NFV); Use cases[EB/OL]. https://www.etsi.org/deliver/etsi_gs/NFV/001_099/001/01.01.01_60/gs_NFV001v010101p.pdf, 2013.

MEDHAT A M, TALEB T, ELMANGOUSH A, et al. Service function chaining in next generation networks: state of the art and research challenges[J]. IEEE Communications Magazine, 2017, 55(2): 216–223. doi: 10.1109/MCOM.2016.1600219RP

SAHHAF S, TAVERNIER W, COLLE D, et al. Network service chaining with efficient network function mapping based on service decompositions[C]. The 1st IEEE Conference on Network Softwarization, London, UK, 2015: 1–5.

Network Functions Virtualisation (NFV) ETSI Industry Specification Group (ISG). ETSI GS NFV-SEC 001: Network Functions Virtualisation (NFV); NFV security; Problem statement[EB/OL]. https://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/001/01.01.01_60/gs_NFV-SEC001v010101p.pdf, 2014.

LAL S, TALEB T, and DUTTA A. NFV: Security threats and best practices[J]. IEEE Communications Magazine, 2017, 55(8): 211–217. doi: 10.1109/MCOM.2017.1600899

FIROOZJAEI M D, JEONG J, KO H, et al. Security challenges with network functions virtualization[J]. Future Generation Computer Systems, 2017, 67: 315–324. doi: 10.1016/j.future.2016.07.002

DING Weiran, YU Hongfang, and LUO Shouxi. Enhancing the reliability of services in NFV with the cost-efficient redundancy scheme[C]. IEEE International Conference on Communications, Paris, France, 2017: 1–6.

CARPIO F, JUKAN A, and PRIES R. Balancing the migration of virtual network functions with replications in data centers[C]. The 16th IEEE/IFIP Network Operations and Management Symposium, Taipei, China, 2018: 1–8.

PATTARANANTAKUL M, HE R, MEDDAHI A, et al. SecMANO: Towards Network Functions Virtualization (NFV) based security management and orchestration[C]. 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 2016: 598–605.

ZHENG Yan, ZHANG Peng, and VASILAKOS A V. A security and trust framework for virtualized networks and software‐defined networking[J]. Security and Communication Networks, 2016, 9(16): 3059–3069. doi: 10.1002/sec.1243

GUO Minzhe and BHATTACHARYA P. Diverse virtual replicas for improving intrusion tolerance in cloud[C]. The 9th Annual Cyber and Information Security Research Conference, Oak Ridge, USA, 2014: 41–44.

LI F, LAI A, and DDL D. Evidence of advanced persistent threat: a case study of malware for political espionage[C]. The 6th International Conference on Malicious and Unwanted Software, Fajardo, USA, 2011: 102–109.

MA Duohe, WANG Liming, LEI Cheng, et al. Quantitative security assessment method based on entropy for moving target defense[C]. The 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2017: 9204–922.

GARCIA M, BESSANI A, GASHI I, et al. Analysis of operating system diversity for intrusion tolerance[J]. Journal of Research and Practice in Information Technology, 2014, 44(6): 735–770. doi: 10.1002/spe.2180

PARUCHURI P, PEARCE J P, MARECKI J, et al. Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games[C]. The 7th International Joint Conference on Autonomous Agents and Multiagent Systems-Volume 2, Estoril, Portugal, 2008: 895–902.

Relative Articles

Supplements(0)

Cited By

Proportional views