Explore chapters and articles related to this topic
Service Function Chaining
Published in Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody, Software-Defined Networking and Security, 2018
Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody
MiddleboxesMiddleboxes are the devices used by network operators to perform network functions along the packet's datapath from source to destination, e.g., Web Proxy, Firewall, and Intrusion Detection System (IDS). Researchers have focused efforts on several issues associated with middleboxes such as being easier to use, easier to manage, design and deploy the general-purpose middleboxes for different network functions. A survey of various middlebox deployments conducted by Sherry et al. [249] reveals factors such as increased operating costs caused by misconfiguration and overloads that affect their normal functioning.
Software-Defined Network Security
Published in Mahmoud Elkhodr, Qusay F. Hassan, Seyed Shahrestani, Networks of the Future, 2017
Ahmed Dawoud, Seyed Shahristani, Chun Raun
Network policy is a set of configurations, rules, and constraints that govern network operations (e.g., network access, incident handling, and communications isolation). The architecture imposes the execution of policy enforcement through the network middleboxes. The middleboxes are devices deployed to manipulate the network traffic for specific purposes, for instance, inspection, threat detection, and access control.
A PBNM and economic incentive-based defensive mechanism against DDoS attacks
Published in Enterprise Information Systems, 2022
The objective of our paper is to develop a policy-based DDoS defensive mechanism that can facilitate users with the flexibility to frame their policies according to their QoS and budget constraints. However, there are many techniques like NFV and SDN exist that emerging as recent cutting-edge technologies for dynamic management and automation of the network. Network functions like load balancing and intrusion detection systems are earlier embedded in physical devices, generally called middleboxes. But, middleboxes are generally vendor specific and proprietary which are some of their limitations. Moreover, middleboxes are not flexible enough to handle many service demands. NFV addressed the flexibility issue through Commercial-OFF The Shelf (COTS) by virtualising network services. In NFV, multiple Virtualised Network functions(VNFs) can be chained that provide flexibility to admin to define a path consisting of various VNFs through which a data packet must go in order to reach service provider. The process of defining the proper sequence of VNFs is called network service chaining. But it is difficult on current Internet infrastructure because network service chaining can be defined only statically. This is a serious challenge to any network administrator to dynamically reconfigure network security devices. NFV can be used in collaboration with SDN to make the process of chaining dynamically. But, different network admins have different requirements according to the domain they owned which leads to a question that how can a network admin constitute a set of VNFs to handle the traffic. Here comes the role of PBNM. PBNM can provide a platform for network admins to define service chaining dynamically. Our proposed work does not focus on defining service chaining but exploring PBNM in the cybersecurity domain.