Intrusion Detection and Prevention Systems as a Service in Could-based Environment

Intrusion Detection and Prevention Systems (IDPSs) are standalone complex hardware, expensive to purchase, change and manage. The emergence of Network Function Virtualization (NFV) and Software Defined Networking (SDN) mitigates these challenges and delivers middlebox functions as virtual instances. Moreover, cloud computing has become a very cost-effective model for sharing large-scale services in recent years. Features such as portability, isolation, live migration, and customizabil-ity of virtual machines for high-performance computing have attracted enterprise customers to move their in-house IT data center to the cloud. In this paper, we formulate the placement of Intrusion Detection and Prevention Systems (IDPS) and introduce a model called Incremental Mobile Facility Location Problem (IMFLP) to study the IDPP problem. Moreover, we propose a novel and efficient solution called Adaptive Facility Location (AFL) to efficiently solve the optimization problem introduced in the IMFLP model. The effectiveness of our solution is evaluated through realistic simulation studies compared with other popular online facility location algorithms.

[1]  Lotfi Mhamdi,et al.  A survey on architectures and energy efficiency in Data Center Networks , 2014, Comput. Commun..

[2]  Rajeev Motwani,et al.  Incremental Clustering and Dynamic Information Retrieval , 2004, SIAM J. Comput..

[3]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[4]  Dimitris Fotakis,et al.  Memoryless facility location in one pass , 2006, TALG.

[5]  Fang Zheng,et al.  An Improved Adaptive Scheduling Strategy Utilizing Simulated Annealing Genetic Algorithm for Data Center Networks , 2017, KSII Trans. Internet Inf. Syst..

[6]  Gergely Pongrácz,et al.  Unifying Cloud and Carrier Network: EU FP7 Project UNIFY , 2013, 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing.

[7]  Amin Saberi,et al.  A new greedy approach for facility location problems , 2002, STOC '02.

[8]  Ying Wang,et al.  Traffic steering of middlebox policy chain based on SDN , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[9]  Dimitris Fotakis Incremental algorithms for Facility Location and k-Median , 2006, Theor. Comput. Sci..

[10]  Aditya Akella,et al.  Stratos: Virtual Middleboxes as First-Class Entities , 2012 .

[11]  Rob Sherwood,et al.  The controller placement problem , 2012, HotSDN@SIGCOMM.

[12]  Ying Zhang,et al.  Improve Service Chaining Performance with Optimized Middlebox Placement , 2017, IEEE Transactions on Services Computing.

[13]  Dimitris Fotakis A primal-dual algorithm for online non-uniform facility location , 2007, J. Discrete Algorithms.

[14]  Reza Zanjirani Farahani,et al.  Facility location: concepts, models, algorithms and case studies , 2009 .

[15]  Shaolei Ren,et al.  Traffic-Aware and Energy-Efficient vNF Placement for Service Chaining: Joint Sampling and Matching Approach , 2020, IEEE Transactions on Services Computing.

[16]  Lei Shi,et al.  Dcell: a scalable and fault-tolerant network structure for data centers , 2008, SIGCOMM '08.

[17]  Friedhelm Meyer auf der Heide,et al.  The Mobile Server Problem , 2019, ACM Trans. Parallel Comput..

[18]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[19]  Jie Zhang,et al.  Joint Optimization of Virtual Function Migration and Rule Update in Software Defined NFV Networks , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[20]  Shi Li A 1.488 approximation algorithm for the uncapacitated facility location problem , 2013, Inf. Comput..

[21]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[22]  K. K. Ramakrishnan,et al.  NetVM: High Performance and Flexible Networking Using Virtualization on Commodity Platforms , 2014, IEEE Transactions on Network and Service Management.

[23]  Jinsong Wu,et al.  Service Chaining for Hybrid Network Function , 2019, IEEE Transactions on Cloud Computing.

[24]  Jie Xu,et al.  An automatic intrusion diagnosis approach for clouds , 2011, Int. J. Autom. Comput..

[25]  Amin Vahdat,et al.  xOMB: Extensible Open MiddleBoxes with commodity servers , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[26]  Éva Tardos,et al.  Approximation algorithms for facility location problems (extended abstract) , 1997, STOC '97.

[27]  Adam Meyerson,et al.  Online facility location , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[28]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[29]  Dimitris Fotakis,et al.  On the Competitive Ratio for Online Facility Location , 2003, Algorithmica.

[30]  Reza Zanjirani Farahani,et al.  Facility location dynamics: An overview of classifications and applications , 2012, Comput. Ind. Eng..

[31]  David Eisenstat,et al.  Facility Location in Evolving Metrics , 2014, ICALP.

[32]  Dimitris Fotakis,et al.  Online and incremental algorithms for facility location , 2011, SIGA.

[33]  Amin Vahdat,et al.  PortLand: a scalable fault-tolerant layer 2 data center network fabric , 2009, SIGCOMM '09.

[34]  Vangelis Th. Paschos,et al.  Paradigms of combinatorial optimization : problems and new approaches , 2013 .

[35]  Ion Stoica,et al.  A policy-aware switching layer for data centers , 2008, SIGCOMM '08.

[36]  Aditya Akella,et al.  OpenNF: enabling innovation in network function control , 2015, SIGCOMM 2015.

[37]  Mohamed Faten Zhani,et al.  Dynamic Controller Provisioning in Software Defined Networks , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[38]  Rina Panigrahy,et al.  Clustering to minimize the sum of cluster diameters , 2001, STOC '01.

[39]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[40]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[41]  Haitao Wu,et al.  BCube: a high performance, server-centric network architecture for modular data centers , 2009, SIGCOMM '09.

[42]  Ola Svensson,et al.  Dynamic Facility Location via Exponential Clocks , 2017, ACM Trans. Algorithms.

[43]  Lisandro Zambenedetti Granville,et al.  Data Center Network Virtualization: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[44]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.