the Fifth-Generation mobile networks (5G) and Beyond 5G (B5G) have been proposed to support a variety of application scenarios, such as enhanced Mobile Broadband (eMBB), ultra-Reliable Low-Latency communications (uRLL...
详细信息
ISBN:
(数字)9798350365634
ISBN:
(纸本)9798350365641
the Fifth-Generation mobile networks (5G) and Beyond 5G (B5G) have been proposed to support a variety of application scenarios, such as enhanced Mobile Broadband (eMBB), ultra-Reliable Low-Latency communications (uRLLC), and massive Machine Type communications (mMTC). On the other hand, Mobile Edge Computing (MEC) and Network Functions Virtualization (NFV) technologies have been widely advocated by service providers to meet diverse service demands and reduce operational costs. To alleviate the pressure on the edge network, resource consumption can be minimized by considering the reuse of Virtual Network Function (VNF) instances. However, implementing VNF chain deployment with latency guarantees and resource efficiency in a distributed network architecture remains an urgent issue to be addressed. In this paper, we explore the Service Function Chains (SFCs) orchestration problem withdistributed edge network resources, aiming to design efficient service flow routing and resource allocation schemes to significantly respond to local user requests. We propose a low-complexity distributed SFCs Orchestration algorithm with VNF Reuse (DSOR), which initially uses local information at the edge to explore the VNFs orchestration scheme and executes the distributed service orchestration. Subsequently, service chains are deployed based on asynchronous consensus to enhance network utility and reduce resource costs. Finally, the performance of DSOR is evaluated through extensive simulation experiments. the experimental results indicate that DSOR can improve the utilization of network resources, as well as the response rate to edge service requests.
distributed Denial of Service (DDoS) attacks are widely used by malicious actors to disrupt network infrastructures/services. A common attack is TCP SYN Flood that attempts to exhaust memory and processing resources. ...
详细信息
ISBN:
(数字)9781728177052
ISBN:
(纸本)9781728177069
distributed Denial of Service (DDoS) attacks are widely used by malicious actors to disrupt network infrastructures/services. A common attack is TCP SYN Flood that attempts to exhaust memory and processing resources. Typical mitigation mechanisms, i.e. SYN cookies require significant processing resources and generate large rates of backscatter traffic to block them. In this paper, we propose a detection and mitigation schema that focuses on generating and optimizing signature-based rules. To that end, network traffic is monitored and appropriate packet-level data are processed to form signatures i.e. unique combinations of packet field values. these are fed to machine learning models that classify them to malicious/benign. Malicious signatures corresponding to specific destinations identify potential victims. TCP traffic to victims is redirected to high-performance programmable XDPenabled firewalls that filter off ending traffic according to signatures classified as malicious. To enhance mitigation performance malicious signatures are subjected to a reduction process, formulated as a multi-objective optimization problem. Minimization objectives are (i) the number of malicious signatures and (ii) collateral damage on benign traffic. We evaluate our approach in terms of detection accuracy and packet filtering performance employing traces from production environments and high rate generated attack traffic. We showcase that our approach achieves high detection accuracy, significantly reduces the number of filtering rules and outperforms the SYN cookies mechanism in high-speed traffic scenarios.
暂无评论