Virtual Network Functions Placement for Defense Against Distributed Denial of Service Attacks

Sonia Haddad-Vanier, Celine Gicquel, Lila Boukhatem, Kahina Lazri, Paul Chaignon

Abstract

In this paper, we are interested in the problem of Virtual Network Function (NFV) placement to counter Distributed Denial of Service (DDoS) attacks. A DDoS attack is one of the most common and damaging types of cyberattacks. In Network Function Virtualization (NFV) technology network functions, more specifically security mechanisms, are implemented as software. Such approach significantly reduces the cost of the infrastructure and simplifies the deployment of new services. We propose two new models for this critical and complex problem. The first model is a mixed-integer linear program aiming at eliminating all DDos attacks before they reach their target. As its size grows exponentially with the network size, we propose a constraint generation algorithm to solve it. The numerical results obtained for different realistic network instances show the effectiveness of our approach. The second model is a bilevel programming problem that achieves a tradeoff between NFVs placement costs and security levels requirements. Our results show that this mechanisms overcomes DDos attacks by effectively filtering attacks while minimizing the total cost of deployed NFV.

Download


Paper Citation


in Harvard Style

Haddad-Vanier S., Gicquel C., Boukhatem L., Lazri K. and Chaignon P. (2019). Virtual Network Functions Placement for Defense Against Distributed Denial of Service Attacks.In Proceedings of the 8th International Conference on Operations Research and Enterprise Systems - Volume 1: ICORES, ISBN 978-989-758-352-0, pages 142-150. DOI: 10.5220/0007397601420150


in Bibtex Style

@conference{icores19,
author={Sonia Haddad-Vanier and Celine Gicquel and Lila Boukhatem and Kahina Lazri and Paul Chaignon},
title={Virtual Network Functions Placement for Defense Against Distributed Denial of Service Attacks},
booktitle={Proceedings of the 8th International Conference on Operations Research and Enterprise Systems - Volume 1: ICORES,},
year={2019},
pages={142-150},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007397601420150},
isbn={978-989-758-352-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Operations Research and Enterprise Systems - Volume 1: ICORES,
TI - Virtual Network Functions Placement for Defense Against Distributed Denial of Service Attacks
SN - 978-989-758-352-0
AU - Haddad-Vanier S.
AU - Gicquel C.
AU - Boukhatem L.
AU - Lazri K.
AU - Chaignon P.
PY - 2019
SP - 142
EP - 150
DO - 10.5220/0007397601420150