当前位置:网站首页> 学术交流 > 文章详情


来源: 计算机学院 | 发表时间: 2017-08-03 | 浏览次数: 2264

报告题目:Defending Against Cyber Attacks through SDN and NFV Enabled Approaches




告人简介Zonghua Zhang is an associate professor (with HDR, an accreditation to supervise research) of IMT Lille Douai, Institut Mines-Telecom, France. He used to work as an expert researcher at NICT, Tokyo, and postdoc researcher at the University of Waterloo, Canada and INRIA, France. He holds a Ph.D. degree (JAIST, Japan) in information science, and a HDR diploma (UPMC, France) in computer science. Zonghua's research covers a broad spectrum of security topics such as anomaly detection, network forensics, security management, reputation systems, and security protocols. He has contributed to dozens of national and international research projects on Cyber security. He is now serving on the editorial board of Computer & Security (COSE), Security and Communication Networks (SCN), International Journal of Network Security (IJNS), and IEEE Communications Magazine.


报告内容:The emergence of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) significantly expedites the evolution towards next generation networks. Specifically, SDN decouples the traditional network architecture into control plane and date plane, significantly simplifying the complexity of network management.  NFV serves as an efficient approach to reducing CAPEX and OPEX by pooling and consolidating various network equipment types, e.g., NAT, firewall, IDS, DNS, onto industry standard high volume servers, switches and storage using virtualization technologies. Despite their advantages, it remains unclear how the landscape of Cyberdefense can be reshaped and whether or not the asymmetric advantages between attacker and defender could be changed. In this talk, we showcase our two contributions, (1) ArOMA: an SDN based autonomic DDoS mitigation framework, which leverages the programmability, global visibility, and centralized manageability of SDN to bring ISPs and their customers together to collaboratively defend against DDoS attacks; (2) SecMANO: a NFV-based security management and orchestration framework, which has potential to dynamically manage and orchestrate security functions, ultimately enabling security as on demand services. A proof-of-concept security orchestrator will be specifically exemplified.  Some lessons learned and our ongoing work will be finally discussed.