Methods and Techniques for Dynamic Deployability of Software-Defined Security Services

Doriguzzi Corin, Roberto (2020) Methods and Techniques for Dynamic Deployability of Software-Defined Security Services, [Dissertation thesis], Alma Mater Studiorum Università di Bologna. Dottorato di ricerca in Ingegneria elettronica, telecomunicazioni e tecnologie dell'informazione, 32 Ciclo. DOI 10.6092/unibo/amsdottorato/9208.
Documenti full-text disponibili:
[img] Documento PDF (English) - Richiede un lettore di PDF come Xpdf o Adobe Acrobat Reader
Disponibile con Licenza: Salvo eventuali più ampie autorizzazioni dell'autore, la tesi può essere liberamente consultata e può essere effettuato il salvataggio e la stampa di una copia per fini strettamente personali di studio, di ricerca e di insegnamento, con espresso divieto di qualunque utilizzo direttamente o indirettamente commerciale. Ogni altro diritto sul materiale è riservato.
Download (2MB)

Abstract

With the recent trend of “network softwarisation”, enabled by emerging technologies such as Software-Defined Networking and Network Function Virtualisation, system administrators of data centres and enterprise networks have started replacing dedicated hardware-based middleboxes with virtualised network functions running on servers and end hosts. This radical change has facilitated the provisioning of advanced and flexible network services, ultimately helping system administrators and network operators to cope with the rapid changes in service requirements and networking workloads. This thesis investigates the challenges of provisioning network security services in “softwarised” networks, where the security of residential and business users can be provided by means of sets of software-based network functions running on high performance servers or on commodity devices. The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats and, at the same time, maximize the number of provisioned services, and thereby revenue. Specifically, the overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services, hence for increasing the chances for the operator to accommodate more service requests while respecting the desired level of network security of its customers. In this direction, the contributions of this thesis are the following: (i) a solution for the dynamic provisioning of security services that minimises the utilisation of computing and network resources, and (ii) novel methods based on Deep Learning and Linux kernel technologies for reducing the CPU usage of software-based security network functions, with specific focus on the defence against Distributed Denial of Service (DDoS) attacks. The experimental results reported in this thesis demonstrate that the proposed solutions for service provisioning and DDoS defence require fewer computing resources, compared to similar approaches available in the scientific literature or adopted in production networks.

Abstract
Tipologia del documento
Tesi di dottorato
Autore
Doriguzzi Corin, Roberto
Supervisore
Dottorato di ricerca
Ciclo
32
Coordinatore
Settore disciplinare
Settore concorsuale
Parole chiave
Network Function Virtualisation, Network Service Chaining, Progressive Embedding, Application-Aware Network Security, DDoS, Deep Learning, Convolutional Neural Networks, XDP, eBPF
URN:NBN
DOI
10.6092/unibo/amsdottorato/9208
Data di discussione
1 Aprile 2020
URI

Altri metadati

Statistica sui download

Gestione del documento: Visualizza la tesi

^