Le 14/01/2019 par gicquel :
Virtual network function placement for protection against Distributed Denial of Service (DDoS) attacks
Content
In telecommunication networks, a distributed denial of service (DDoS) is a type of cybersecurity attacks in which multiple compromised computer systems attack a target, such as a server, a website or another network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users. DDoS attacks are one of the most common and damaging types of cyberattacks. In 2018, the number of DDoS attacks against companies like Instagram or Github has reached 600 attacks per day with peak speeds of 1.7 terabits. The costs of this attacks can be as high as thousand or million dollars.
Today, DDoS defense is mostly implemented using expensive hardware components that are fixed in terms of strength, functionality and capacity. Companies are thus forced to over provision by deploying appliances capable of handling a high but predefined volume of attack at several points in the network. The cost of deploying and maintaining a physical firewall is estimated at $ 116.000 for the first year and an annual cost of $ 108.200 for a medium-sized US company with 5Mbps of Internet connectivity.
The development of Software-Defined Networks (SND) and Network Function Virtualization (NFV) offers opportunities to reduce security costs and also to provide flexible and scalable solutions.
The objective of this internship will be to develop mathematical programming-based approaches to optimize the placement of virtual network functions (NFV) to secure networks against DDoS attacks.
We proposed two new models for this critical and complex problem. The first model is a mixed-integer linear program aiming at eliminating all DDos attacks before they reach their target. As its size increases exponentially with the size of the network, constraint generation, branch and cut algorithms will be developed to solve it. The second model is a bilevel programming problem that achieves a tradeoff between NFVs placement costs and security levels requirements, this mechanism overcomes DDos attacks by effectively filtering attacks while minimizing the total cost of deployed NFV. We aim at implementing efficient solving algorithms for the bilevel problem.
Context
This internship project arises in the context of a collaboration between Orange, the LRI (Laboratoire de Recherche en Informatique) at University Paris Sud and the SAMM (Equipe Statistique, Analyse et Modélisation Multidisciplinaire ) at University Paris 1 Pantheon Sorbonne.
The student will be based at the Orange Gardens research center (in the southern suburb of Paris) and will work under the joint supervision of Dr Kahina Lazri (Orange), Dr. Céline Gicquel (LRI) and Dr Sonia Vanier (SAMM).
Desired qualifications
Student at Master’s degree level (last year of engineering school or research master):
- Strong background in applied mathematics.
- Good knowledge in Operations Research: linear programming, mixed-integer linear programming, if possible robust optimization and bi-level programming.
- Interest in computer programming (C++ language) and algorithmic.
Practical information
Location: Orange Gardens - 44 Avenue de la République, 92320 Châtillon
Start date: Between February and May 2019
Duration: 4-6 months
Contact
Dr Kahina Lazri, Research engineer,
Orange Gardens
44 Avenue de la République
92320 Châtillon
kahina.lazri@orange.com
Dr. Céline Gicquel
Maitre de conférences, Laboratoire de Recherche en Informatique
Université Paris Sud
e-mail: gicquel@lri.fr
website : http://celine-gicquel.e-monsite.com/
tel: +33 (0)1 69 15 42 26
Dr Sonia Vanier
Maitre de conférences, Equipe Statistique, Analyse et Modélisation Multidisciplinaire
University Paris 1 Pantheon Sorbonne
e-mail : Sonia.Vanier@univ-paris1.fr
tel : +33(0)6 70 73 75 41