This paper describes a demo that showcases some of the capabilities foreseen for the security infrastructure designed by the H2020 SHIELD project. SHIELD exploits NFV for adaptive monitoring of an IT infrastructure and for feeding the data to an analytics engine to detect attacks in real time. An intelligent reaction system is then activated to reconfigure the SDN/NFV infrastructure so that the attacks are thwarted. The SDN/NFV infrastructure itself is protected from attacks thanks to trusted computing techniques, that permit to quickly identify misbehaving nodes. The proposed demo will present detection and reaction to a DDoS attack (by on-the-fly deployment of new virtual network security functions and/or change of network paths), as well as detection of software attacks against virtual network functions (executed in Docker containers) and unauthorized modification of the SDN switching tables and NFV configurations.
NFV-based network protection: the SHIELD approach / Lioy, Antonio; Gardikis, George; Gaston, Bernat; Jacquin, Ludovic; De Benedictis, Marco; Angelopoulos, Yiannis; Xylouris, Christos. - STAMPA. - (2017), pp. 1-2. (Intervento presentato al convegno NFV-SDN 2017: IEEE Conference on Network Function Virtualization and Software Defined Networks tenutosi a Berlin (Germany) nel November 6-8, 2017) [10.1109/NFV-SDN.2017.8169869].
NFV-based network protection: the SHIELD approach
Lioy, Antonio;De Benedictis, Marco;
2017
Abstract
This paper describes a demo that showcases some of the capabilities foreseen for the security infrastructure designed by the H2020 SHIELD project. SHIELD exploits NFV for adaptive monitoring of an IT infrastructure and for feeding the data to an analytics engine to detect attacks in real time. An intelligent reaction system is then activated to reconfigure the SDN/NFV infrastructure so that the attacks are thwarted. The SDN/NFV infrastructure itself is protected from attacks thanks to trusted computing techniques, that permit to quickly identify misbehaving nodes. The proposed demo will present detection and reaction to a DDoS attack (by on-the-fly deployment of new virtual network security functions and/or change of network paths), as well as detection of software attacks against virtual network functions (executed in Docker containers) and unauthorized modification of the SDN switching tables and NFV configurations.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2695847
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo