scholarly journals Design and Implementation of Virtual Security Function Based on Multiple Enclaves

2021 ◽  
Vol 13 (1) ◽  
pp. 12
Author(s):  
Juan Wang ◽  
Yang Yu ◽  
Yi Li ◽  
Chengyang Fan ◽  
Shirong Hao
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Network Function Virtualization ◽  
Sensitive Data ◽  
Network Function ◽  
State Security ◽  
Security Challenges ◽  
Iot Platforms ◽  
Scalable Network ◽  
Virtual Network Function

Network function virtualization (NFV) provides flexible and scalable network function for the emerging platform, such as the cloud computing, edge computing, and IoT platforms, while it faces more security challenges, such as tampering with network policies and leaking sensitive processing states, due to running in a shared open environment and lacking the protection of proprietary hardware. Currently, Intel® Software Guard Extensions (SGX) provides a promising way to build a secure and trusted VNF (virtual network function) by isolating VNF or sensitive data into an enclave. However, directly placing multiple VNFs in a single enclave will lose the scalability advantage of NFV. This paper combines SGX and click technology to design the virtual security function architecture based on multiple enclaves. In our design, the sensitive modules of a VNF are put into different enclaves and communicate by local attestation. The system can freely combine these modules according to user requirements, and increase the scalability of the system while protecting its running state security. In addition, we design a new hot-swapping scheme to enable the system to dynamically modify the configuration function at runtime, so that the original VNFs do not need to stop when the function of VNFs is modified. We implement an IDS (intrusion detection system) based on our architecture to verify the feasibility of our system and evaluate its performance. The results show that the overhead introduced by the system architecture is within an acceptable range.

Safe and Secure Home Automation Through IoT Applications

2021 ◽  
pp. 190-219
Author(s):  
Rohit Rastogi ◽  
Puru Jain ◽  
Rishabh Jain
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Piezoelectric Sensors ◽  
Home Automation ◽  
State Security ◽  
Iot Applications ◽  
High Security

In current conditions, robotization has changed into the fundamental piece of our lives. Everybody is completely subject to mechanization whether it is an extraordinary bundling or home robotization. So as to bring home automation into thought, everybody now needs a heterogeneous state security, and in our task on residential robotization, such high security highlights are completely on the best possible consumption for this reason. In light of the structure of the interruption zone, there are some fundamental interests in it. Piezoelectric sensors are compelling for sharpening appropriated wellbeing checking and structures. An intrusion detection system (IDS) is a structure that screen for suspicious movement and issues alarms when such advancement is found. While impossible to miss worthiness and presentation is, some obstruction divulgence structures are fit to take practice when poisonous improvement or peculiar action is perceived.

scholarly journals Securing Infrastructure-as-a-Service Public Clouds Using Security Onion

2019 ◽  
Vol 2 (1) ◽  
pp. 6
Author(s):  
Abdullahi Mikail ◽  
Bernardi Pranggono
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Cloud Model ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Proof Of Concept ◽  
Dos Attacks ◽  
Infrastructure As A Service ◽  
Effective Manner ◽  
Security Challenges

The shift to Cloud computing has brought with it its specific security challenges concerning the loss of control, trust and multi-tenancy especially in Infrastructure-as-a-Service (IaaS) Cloud model. This article focuses on the design and development of an intrusion detection system (IDS) that can handle security challenges in IaaS Cloud model using an open source IDS. We have implemented a proof-of-concept prototype on the most deployed hypervisor—VMware ESXi—and performed various real-world cyber-attacks, such as port scanning and denial of service (DoS) attacks to validate the practicality and effectiveness of our proposed IDS architecture. Based on our experimental results we found that our Security Onion-based IDS can provide the required protection in a reasonable and effective manner.

Fusion of Feature Selection and Random Forest for an Anomaly-Based Intrusion Detection System

2019 ◽  
Vol 16 (8) ◽  
pp. 3603-3607 ◽  
Author(s):  
Shraddha Khonde ◽  
V. Ulagamuthalvi
Keyword(s):  
Feature Selection ◽  
Random Forest ◽  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
New Technologies ◽  
Detection System ◽  
Sensitive Data ◽  
Detection Systems ◽  
New Type

Considering current network scenario hackers and intruders has become a big threat today. As new technologies are emerging fast, extensive use of these technologies and computers, what plays an important role is security. Most of the computers in network can be easily compromised with attacks. Big issue of concern is increase in new type of attack these days. Security to the sensitive data is very big threat to deal with, it need to consider as high priority issue which should be addressed immediately. Highly efficient Intrusion Detection Systems (IDS) are available now a days which detects various types of attacks on network. But we require the IDS which is intelligent enough to detect and analyze all type of new threats on the network. Maximum accuracy is expected by any of this intelligent intrusion detection system. An Intrusion Detection System can be hardware or software that analyze and monitors all activities of network to detect malicious activities happened inside the network. It also informs and helps administrator to deal with malicious packets, which if enters in network can harm more number of computers connected together. In our work we have implemented an intellectual IDS which helps administrator to analyze real time network traffic. IDS does it by classifying packets entering into the system as normal or malicious. This paper mainly focus on techniques used for feature selection to reduce number of features from KDD-99 dataset. This paper also explains algorithm used for classification i.e., Random Forest which works with forest of trees to classify real time packet as normal or malicious. Random forest makes use of ensembling techniques to give final output which is derived by combining output from number of trees used to create forest. Dataset which is used while performing experiments is KDD-99. This dataset is used to train all trees to get more accuracy with help of random forest. From results achieved we can observe that random forest algorithm gives more accuracy in distributed network with reduced false alarm rate.

scholarly journals Securing Virtual Network Function (VNF) in Telco Cloud

2020 ◽  
Author(s):  
Bharathkumar Ravichandran
Keyword(s):  
General Purpose ◽  
Virtual Network ◽  
Network Function Virtualization ◽  
Communication Architecture ◽  
Network Function ◽  
Fifth Generation ◽  
Security Challenges ◽  
5G Network ◽  
Network Functions ◽  
Computing Platforms

In the fifth generation mobile communication architecture (5G), network functions which traditionally existed as discrete hardware entities based on custom architectures, are replaced with dynamic, scalable Virtual Network Functions (VNF) that run on general purpose (x86) cloud computing platforms, under the paradigm Network Function Virtualization (NFV). The shift towards a virtualized infrastructure poses its own set of security challenges that need to be addressed. One such challenge that we seek to address in this paper is providing integrity, authenticity and confidentiality protection for VNFs.

scholarly journals Deep Reinforcement Learning-Based Algorithm for VNF-SC Deployment

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Junlei Xuan ◽  
Huifang Yang ◽  
Xuelin Zhao ◽  
Xingpo Ma ◽  
Xiaokai Yang
Keyword(s):  
Real Time ◽  
Optimization Model ◽  
Virtual Network ◽  
Network Function Virtualization ◽  
Prediction Algorithm ◽  
Network Service ◽  
The Real ◽  
Service Chain ◽  
Network Function ◽  
Virtual Network Function

Network function virtualization (NFV) has the potential to lead to significant reductions in capital expenditure and can improve the flexibility of the network. Virtual network function (VNF) deployment problem will be one of key problems that need to be addressed in NFV. To solve the problem of routing and VNF deployment, an optimization model, which minimizes the maximum index of used frequency slots, the number of used frequency slots, and the number of initialized VNF, is established. In this optimization model, the dependency among the different VNFs is considered. In order to solve the service chain mapping problem of high dynamic virtual network, a new virtual network function service chain mapping algorithm PDQN-VNFSC was proposed by combining prediction algorithm and DQN (Deep Q-Network). Firstly, the real-time mapping of virtual network service chains is modeled into a partial observable Markov decision process. Then, the real-time mapping process of virtual network service chain is optimized by using global and long-term benefits. Finally, the service chain of virtual network function is mapped through the learning decision framework of offline learning and online deployment. The simulation results show that, compared with the existing algorithms, the proposed algorithm has a lower the maximum index of used frequency slots, the number of used frequency slots, and the number of initialized VNF.

scholarly journals An Intelligent Feature Selection with Optimal Neural Network Based Network Intrusion Detection System for Cloud Environment

2020 ◽  
Vol 9 (3) ◽  
pp. 3560-3569
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cloud Environment ◽  
Sensitive Data ◽  
High Detection Rate ◽  
Security Issues ◽  
Network Intrusion ◽  
Grasshopper Optimization Algorithm ◽  
Grasshopper Optimization

At present times, Cloud Computing (CC) becomes more familiar in several domains such as education, media, industries, government, and so on. On the other hand, uploading sensitive data to public cloud storage services involves diverse security issues, specifically integrity, availability and confidentiality to organizations/companies. Besides, the open and distributed (decentralized) structure of the cloud is highly prone to cyber attackers and intruders. Therefore, it is needed to design an intrusion detection system (IDS) for cloud environment to achieve high detection rate with low false alarm rate. The proposed model involves a binary grasshopper optimization algorithm with mutation (BGOA-M) as a feature selector to choose the optimal features. For classification, improved particle swarm optimization (IPSO) based NN model, called IPSO-NN has been derived. The significance of the IPSO-NN model is assessed using a set of two benchmark IDS dataset. The experimental results stated that the IPSO-NN model has achieved maximum accuracy values of 99.36% and 97.80% on the applied NSL-KDD 2015 and CICIDS 2017 dataset. The obtained experimental outcome clearly pointed out the extraordinary detection performance of the IPSO-NN model over the compared methods.

scholarly journals A Monitoring and Threat Detection System Using Stream Processing as a Virtual Function for Big Data

2019 ◽  
Author(s):  
Martin E. Andreoni Lopez ◽  
Otto Carlos Muniz Bandeira Duarte ◽  
Guy Pujolle
Keyword(s):  
Real Time ◽  
Detection System ◽  
Low Cost ◽  
Stream Processing ◽  
Machine Learning Algorithms ◽  
Optimal Placement ◽  
Network Function Virtualization ◽  
Threat Detection ◽  
Network Function ◽  
Minimum Number

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We propose a fast and efficient threat detection system based on stream processing and machine learning algorithms. The main contributions of this work are i) a novel monitoring threat detection system based on stream processing; ii) two datasets, first a dataset of synthetic security data containing both legitimate and malicious traffic, and the second, a week of real traffic of a telecommunications operator in Rio de Janeiro, Brazil; iii) a data pre-processing algorithm, a normalizing algorithm and an algorithm for fast feature selection based on the correlation between variables; iv) a virtualized network function in an open-source platform for providing a real-time threat detection service; v) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, with a minimum number of sensors; and, finally, vi) a greedy algorithm that allocates on demand a sequence of virtual network functions.

IoT Applications in Smart Home Security

2021 ◽  
pp. 251-277
Author(s):  
Rohit Rastogi ◽  
Rishabh Jain ◽  
Puru Jain
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Smart Home ◽  
Detection System ◽  
Piezoelectric Sensors ◽  
Home Automation ◽  
State Security ◽  
Iot Applications ◽  
Home Security ◽  
High Security

Robotization has changed into a fundamental piece of our lives. Everybody is completely subject to mechanization whether it is an extraordinary bundling or home robotization. So as to bring home automation into thought, everybody now needs a heterogeneous state security, and in our task on residential robotization, such high security highlights are completely on the best possible consumption. Piezoelectric sensors are compelling for sharpening appropriated wellbeing checking and structures. An intrusion detection system (IDS) is a structure that screens for suspicious movement and issues alarms when such advancement is found. Some obstruction divulgence structures are fit to take practice when poisonous improvement or peculiar action is perceived.

Sign in / Sign up

Export Citation Format

Share Document