دانلود رایگان مقاله انگلیسی امنیت مجازی به عنوان یک سرویس برای صنایع عمودی نسل پنجم - IEEE 2018

Abstract

The future 5G systems ought to meet diverse requirements of new industry verticals, such as Massive Internet of Things (IoT), broadband access in dense networks and ultrareliable communications. Network slicing is an important concept that is expected to support these 5G verticals and cope with the conflicting requirements of their respective services. Network slicing allows the deployment of multiple virtual networks, or slices, over the same physical infrastructure as well as supporting on-demand resource allocation to those slices. In this paper, we propose an architecture that will explore how both Network Function Virtualization (NFV) and Software Defined Networking (SDN) may be leveraged to secure a network slice on-demand, addressing the new security concerns imposed to the network management by the flexibility and elasticity support. Our proposed framework aims to ensure an optimal resource allocation that manages the slice security strategy in an efficient way. Moreover, experimental performance evaluations are presented to evaluate the security overhead in virtualized environments.

II. RELATED WORK AND BACKGROUND

A. Performance analysis of security VNFs

Brumen and Legvart [9], White et al. [10], and Cao et al. [12] have evaluated the performance and security level of open-source Intrusion Detection/Prevention System (IDS/IPS) softwares – mostly Snort and Suricata – under different parameters including: operating systems, hardware configuration, workload, types of attacks, and signature database. In [9], the authors perform a comparative analysis of Snort and Suricata on Windows and Linux, varying the attack types and using the number of dropped packets as the key performance metric. Their performance results have shown that the Windows deployment consumed fewer resources but had a higher drop rate than the Linux deployment. Moreover, they showed that Snort’s resource consumption was less significant than Suricata’s, albeit with a higher drop rate. They concluded that Windows-based solutions were not suitable for both open sources and that Suricata performed better than Snort. White et al. [10] compared the performance of Snort and Suricata under default and optimized configurations, e.g., multi-instance Snort. Their results lead to performance improvements in Suricata of up to 20x for computer nodes with more than 4 cores, while also showing that a single instance of Suricata outperforms Snort under all the evaluated configurations.