2 research outputs found
Network Configuration and Flow Scheduling for Big Data Applications
International audienceThis chapter focuses on network configuration and flow scheduling for Big Data applications. It highlights how the performance of Big Data applications is tightly coupled with the performance of the network in supporting large data transfers. Deploying high-performance networks in data centers is thus vital but configuration and performance management as well as the usage of the network are of paramount importance. This chapter starts by discussing the problem of virtual machine placement and its solutions considering the underlying network topology. It then provides an analysis of alternative topologies highlighting their advantages from the perspective of Big Data applications needs. In this context, different routing and flow scheduling algorithms are discussed in terms of their potential for using the network most efficiently. In particular, Software-Defined Networking relying on centralized control and the ability to leverage global knowledge about the network state is propounded as a promising approach for efficient support of Big Data applications
Security Configuration Management in Intrusion Detection and Prevention Systems
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense
against a variety of attacks that can compromise the security and proper functioning
of an enterprise information system. IDPSs can be network or host-based and can collaborate
in order to provide better detection of malicious traffic. Although several IDPS
systems have been proposed, their appropriate con figuration and control for e effective detection/
prevention of attacks and efficient resource consumption is still far from trivial.
Another concern is related to the slowing down of system performance when maximum
security is applied, hence the need to trade o between security enforcement levels and the
performance and usability of an enterprise information system.
In this dissertation, we present a security management framework for the configuration
and control of the security enforcement mechanisms of an enterprise information system.
The approach leverages the dynamic adaptation of security measures based on the assessment
of system vulnerability and threat prediction, and provides several levels of attack
containment. Furthermore, we study the impact of security enforcement levels on the
performance and usability of an enterprise information system. In particular, we analyze
the impact of an IDPS con figuration on the resulting security of the network, and on the
network performance. We also analyze the performance of the IDPS for different con figurations
and under different traffic characteristics. The analysis can then be used to predict
the impact of a given security con figuration on the prediction of the impact on network
performance