Automating Mitigation of Amplification Attacks in NFV Services

Repetto, Matteo; Bruno, Gianmarco; Yusupov, Jalolliddin; Lamanna, Guerino; Ertl, Benjamin; Carrega, Alessandro

doi:10.1109/tnsm.2022.3172880

Cited by 4 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed solution duplicates the traffic to send them to several Snort sensors and does not automatically drop packets that raise an alert. Repetto et al (2022) designed the ASTRID framework to detect and mitigate amplification attacks into a 5G Core (5GC) architecture implemented as an NFV service aiming to block them at their origin, at the boundary of a 5G network, before they get amplified by vulnerable servers in the Internet. ASTRID is a Java Spring Framework, created inside a 5GC network by using the Open5GS project, running inside a Kubernetes cluster.…”

Section: Related Workmentioning

confidence: 99%

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

Mauricio

Rubinstein

2023

JISA

View full text Add to dashboard Cite

This paper proposes and implements a Network Function Virtualization (NFV) security architecture to provide automatic and efficient detection and mitigation against Web application malware. The mitigation is given by dynamically chaining a Virtual Security Function (VSF) to the data stream to block malicious exploitation traffic without affecting the benign traffic. We implement an NFV Security Controller (NFV-SC) that interacts with an Intrusion Detection System and a Web Application Firewall (WAF), both implemented as VSFs. We also implement a vulnerability scanner and a mechanism to automatically create rules in advance in the WAF-VSF when a security vulnerability is found in an application, even if no malicious traffic has attempted to exploit the flaw. In addition, it dynamically identifies and removes no longer used security rules to improve performance. We implement and evaluate our security proposal in the Open Platform for NFV (OPNFV). The evaluation results in our experimental scenarios show that the NFV security architecture automatically blocks 99.12% of the HTTP malicious traffic without affecting 93.6% of the benign HTTP requests. Finally, we show that the number of rules in the WAF-VSF severely affects the latency to load HTTP response headers and that the number of redirection OpenFlow rules within Open vSwitches is not enough to significantly impact the end-user experience in modern web browser applications.

show abstract

Section: Related Workmentioning

confidence: 99%