Efficient middlebox scaling for virtualized intrusion prevention systems in software-defined networks

Xing, Junchi; Wu, Chunming; Zhou, Haifeng; Cheng, Qiumei; Yu, Danrui; Macas, Mayra

doi:10.1007/s11432-019-2731-7

Efficient middlebox scaling for virtualized intrusion prevention systems in software-defined networks

Letter
Published: 24 May 2021

Volume 65, article number 189102, (2022)
Cite this article

Science China Information Sciences Aims and scope Submit manuscript

Junchi Xing¹,
Chunming Wu^2,1,
Haifeng Zhou^2,1,
Qiumei Cheng¹,
Danrui Yu¹ &
…
Mayra Macas¹

114 Accesses
2 Citations
Explore all metrics

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

Scarfone K, Mell P. Guide to intrusion detection and prevention systems (IDPS). NIST Spec Publ, 2007, 800: 94
Google Scholar
Malathi V, Takehiro S, Molly B, et al. Network function virtualization: a survey. IEICE Trans, 2017, 100: 1978–1991
Google Scholar
Mishra P, Pilli E S, Varadharajan V, et al. Intrusion detection techniques in cloud environment: a survey. J Netw Comput Appl, 2017, 77: 18–47
Article Google Scholar
Xiong W, Hu H P, Xiong N X, et al. Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications. Inf Sci, 2014, 258: 403–415
Article MathSciNet Google Scholar
Srikanth K, Sudipta S, Albert G, et al. The nature of data center traffic: measurements analysis. In: Proceedings of the 9th ACM SIGCOMM Internet Measurement Conference, Chicago, 2009. 202–208
Kreutz D, Ramos F M V, Esteves Verissimo P, et al. Software-defined networking: a comprehensive survey. Proc IEEE, 2015, 103: 14–76
Article Google Scholar
Shin S, Wang H P, Gu G F. A first step toward network security virtualization: from concept to prototype. IEEE Trans Inform Forensic Secur, 2015, 10: 2236–2249
Article Google Scholar
Holger D, Anja F, Vern P, et al. Predicting the resource consumption of network intrusion detection systems. In: Proceedings of ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, 2008. 135–154
Lorenzo D C, Robin S, Somesh J. Beyond pattern matching: a concurrency model for stateful deep packet inspection. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, 2014. 1378–1390

Download references

Acknowledgements

This work was supported by National Key R&D Program of China (Grant No. 2020YFB1804705), Industrial Internet Innovation and Development Project (2019) — Project of Time Sensitive Network (TSN) Technology based Programmable Logical Controller (PLC) (Grant No. TC190A449), the Key R&D Program of Zhejiang Province (Grant Nos. 2020C01077, 2021C01036), and Major Scientific Project of Zhejiang Lab (Grant No. 2018FD0ZX01).

Author information

Authors and Affiliations

College of Computer Science, Zhejiang University, Hangzhou, 310027, China
Junchi Xing, Chunming Wu, Haifeng Zhou, Qiumei Cheng, Danrui Yu & Mayra Macas
Zhejiang Lab, Hangzhou, 311100, China
Chunming Wu & Haifeng Zhou

Authors

Junchi Xing
View author publications
You can also search for this author in PubMed Google Scholar
Chunming Wu
View author publications
You can also search for this author in PubMed Google Scholar
Haifeng Zhou
View author publications
You can also search for this author in PubMed Google Scholar
Qiumei Cheng
View author publications
You can also search for this author in PubMed Google Scholar
Danrui Yu
View author publications
You can also search for this author in PubMed Google Scholar
Mayra Macas
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunming Wu.

Supplementary File