Design and analysis of intelligent service chain system for network security resource pool
The traditional network security architecture ensures network security by directing traffic through hardware based network security function devices.Since the architecture consists of fixed hardware devices, it leads to a single form of network security area deployment and poor scalability.Besides,...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-08-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022051 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529727526895616 |
|---|---|
| author | Zenan WANG Jiahao LI Chaohong TAN Dechang PI |
| author_facet | Zenan WANG Jiahao LI Chaohong TAN Dechang PI |
| author_sort | Zenan WANG |
| collection | DOAJ |
| description | The traditional network security architecture ensures network security by directing traffic through hardware based network security function devices.Since the architecture consists of fixed hardware devices, it leads to a single form of network security area deployment and poor scalability.Besides, the architecture cannot be flexibly adjusted when facing network security events, making it difficult to meet the security needs of future networks.The intelligent service chain system for network security resource pool was based on software-defined network and network function virtualization technologies, which can effectively solve the above problems.Network security functions of virtual form were added based on network function virtualization technology, combined with the existing hardware network elements to build a network security resource pool.In addition, the switching equipment connected to the network security elements can be flexibly controlled based on software-defined network technology.Then a dynamically adjustable network security service chain was built.Network security events were detected based on security log detection and a expert library consisting of security rules.This enabled dynamic and intelligent regulation of the service chain by means of centralized control in the face of network security events.The deployment process of the service chain was mathematically modeled and a heuristic algorithm was designed to realize the optimal deployment of the service chain.By building a prototype system and conducting experiments, the results show that the designed system can detect security events in seconds and automatically adjust the security service chain in minutes when facing security events, and the designed heuristic algorithm can reduce the occupation of virtual resources by 65%.The proposed system is expected to be applied to the network security area at the exit of the campus and data center network, simplifying the operation and maintenance of this area and improving the deployment flexibility of this area. |
| format | Article |
| id | doaj-art-a8a412cbc9cc45efb35a77664b567237 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-08-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-a8a412cbc9cc45efb35a77664b5672372025-01-15T03:15:58ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-08-01817518159573772Design and analysis of intelligent service chain system for network security resource poolZenan WANGJiahao LIChaohong TANDechang PIThe traditional network security architecture ensures network security by directing traffic through hardware based network security function devices.Since the architecture consists of fixed hardware devices, it leads to a single form of network security area deployment and poor scalability.Besides, the architecture cannot be flexibly adjusted when facing network security events, making it difficult to meet the security needs of future networks.The intelligent service chain system for network security resource pool was based on software-defined network and network function virtualization technologies, which can effectively solve the above problems.Network security functions of virtual form were added based on network function virtualization technology, combined with the existing hardware network elements to build a network security resource pool.In addition, the switching equipment connected to the network security elements can be flexibly controlled based on software-defined network technology.Then a dynamically adjustable network security service chain was built.Network security events were detected based on security log detection and a expert library consisting of security rules.This enabled dynamic and intelligent regulation of the service chain by means of centralized control in the face of network security events.The deployment process of the service chain was mathematically modeled and a heuristic algorithm was designed to realize the optimal deployment of the service chain.By building a prototype system and conducting experiments, the results show that the designed system can detect security events in seconds and automatically adjust the security service chain in minutes when facing security events, and the designed heuristic algorithm can reduce the occupation of virtual resources by 65%.The proposed system is expected to be applied to the network security area at the exit of the campus and data center network, simplifying the operation and maintenance of this area and improving the deployment flexibility of this area.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022051software define networknetwork security resource poolservice chainnetwork function virtualization |
| spellingShingle | Zenan WANG Jiahao LI Chaohong TAN Dechang PI Design and analysis of intelligent service chain system for network security resource pool 网络与信息安全学报 software define network network security resource pool service chain network function virtualization |
| title | Design and analysis of intelligent service chain system for network security resource pool |
| title_full | Design and analysis of intelligent service chain system for network security resource pool |
| title_fullStr | Design and analysis of intelligent service chain system for network security resource pool |
| title_full_unstemmed | Design and analysis of intelligent service chain system for network security resource pool |
| title_short | Design and analysis of intelligent service chain system for network security resource pool |
| title_sort | design and analysis of intelligent service chain system for network security resource pool |
| topic | software define network network security resource pool service chain network function virtualization |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022051 |
| work_keys_str_mv | AT zenanwang designandanalysisofintelligentservicechainsystemfornetworksecurityresourcepool AT jiahaoli designandanalysisofintelligentservicechainsystemfornetworksecurityresourcepool AT chaohongtan designandanalysisofintelligentservicechainsystemfornetworksecurityresourcepool AT dechangpi designandanalysisofintelligentservicechainsystemfornetworksecurityresourcepool |