Abstract

Network Function Virtualization (NFV) is an enabling technology to handle today's wide variety of services and to match the traffic demands to the available network resources dynamically. However, like all software solutions, they are prone to 0-day vulnerabilities that can be shared among several implementations. Consequently, a large portion of the network may be compromised during a correlated attack. In this work, we propose a Virtual Network Function (VNF) replacement strategy to minimize the impact of successive attacks after a 0-day attack has been launched to an NFV-based network. Our method consists of two steps. First, given a specific set of NFV platforms impaired by the attack, we estimate, for each VNF, the conditional probability that the VNF was targeted. Second, we solve a bi-objective optimization problem which delivers a set of possible VNF replacements, that balance financial cost and connectivity metrics. The network administrator can use this information to select a tailored solution to face successive attacks that exploit the same vulnerability. Our results show that, although a solution that guarantees full network connectivity might not exist for all attack patterns, our method is always able to provide a set of optimal solutions that mitigate the effect of correlated attacks on the network.