LAUSR

Computer networks today heavily depend on expensive and proprietary hardware deployed at fixed locations. Network functions virtualization (NFV), one of the fastest emerging topics in networking, reduces the limitations of these vendor-specific hardware with respect to the flexibility of network architecture and elasticity in handling varying traffic patterns. Many defense mechanisms against cyberattacks, as well as quality enhancing techniques have been proposed by leveraging the capabilities of the NFV architecture. NFV allows a flexible and dynamic implementation of virtual network functions in virtual machines running on commercial-off-the-shelf (COTS) servers. These quality enhancing network functions often work as a filter to distinguish between a legitimate packet and an attack packet and can be deployed dynamically to balance the variable attack load. However, allocating resources to these virtual machines is an NP-hard problem. In this paper, we propose a solution to this problem and determine the number and placement of the virtual machines (VMs) hosted on COTS servers. We design and implement two separate automated frameworks for defense and quality maintenance that model the resource specifications, incoming packet processing requirements, and network bandwidth constraints. It uses satisfiability modulo theories (SMT) for modeling this synthesis problem and provides a satisfiable solution.