Elaheh
Jalalpour,
Master’s
candidate
David
R.
Cheriton
School
of
Computer
Science
A Content Delivery Network (CDN) employs edge-servers caching content close to end-users to provide high Quality of Service (QoS) in serving digital content. Attacks against edge-servers are known to cause QoS degradation and disruption in serving end-users. Protecting edge-servers is vital but represents a complex task. Not only must the attack mitigation be immediately effective, but the corresponding overhead should also not negatively affect the QoS of legitimate users.
We propose a software-based security system for CDN edge-servers to mitigate various attacks. The approach is to automatically react to threats by deploying and managing security services. These security services are realized using virtualized security function chains created, configured, and removed dynamically. The desired system behavior is governed by high-level security policies dictated by a network operator.
Our system monitors the CDN edge-server resources and incoming traffic, analyzes them and generates alerts that might trigger policies. We demonstrate how our system can be programmed using these policies to automatically handle real-world attacks. Our performance evaluation shows that our system is accurate in detecting known and zero-day attacks and anomalies. Evaluation results also show the system is low-overhead, immediately responds to threats, and quickly recovers legitimate traffic throughput.