System, method, and computer program for managing security in a network function virtualization (NFV) based communication network
First Claim
Patent Images
1. A method, comprising:
- identifying, by a first hardware unit in a Network Function Virtualization based (NFV-based) network, that a security attack has occurred within the first hardware unit;
responsive to identifying the security attack, identifying by the first hardware unit a second hardware unit in the NFV-based network that is operative to replace the first hardware unit;
initiating, by the first hardware unit, a migration of functionality of the first hardware unit to the identified second hardware unit; and
after the functionality of the first hardware unit is migrated to the second hardware unit, executing a security defense software program in the first hardware unit to cleanse the first hardware unit; and
after the first hardware unit is cleansed, reinitiating the migrated functionality at the first hardware unit.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for providing security in a Network Function Virtualization based (NFV-based) communication network. In operation, a security attack is identified. Additionally, a first hardware unit attacked by the security attack is identified. Further, a hardware unit in which to initiate a security defense software program is identified. Moreover, the security defense software program is initiated in the identified hardware unit.
97 Citations
4 Claims
-
1. A method, comprising:
-
identifying, by a first hardware unit in a Network Function Virtualization based (NFV-based) network, that a security attack has occurred within the first hardware unit; responsive to identifying the security attack, identifying by the first hardware unit a second hardware unit in the NFV-based network that is operative to replace the first hardware unit; initiating, by the first hardware unit, a migration of functionality of the first hardware unit to the identified second hardware unit; and after the functionality of the first hardware unit is migrated to the second hardware unit, executing a security defense software program in the first hardware unit to cleanse the first hardware unit; and after the first hardware unit is cleansed, reinitiating the migrated functionality at the first hardware unit. - View Dependent Claims (2)
-
-
3. A computer program product embodied in a computer storage device having computer code, when executed by a computer hardware processor, to perform functions of:
-
identifying, by a first hardware unit in a Network Function Virtualization based (NFV-based) network, that a security attack has occurred within the first hardware unit; responsive to identifying the security attack, identifying by the first hardware unit a second hardware unit in the NFV-based network that is operative to replace the first hardware unit; initiating, by the first hardware unit, a migration of functionality of the first hardware unit to the identified second hardware unit; and after the functionality of the first hardware unit is migrated to the second hardware unit, executing a security defense software program in the identified first hardware unit to cleanse the first hardware unit; and after the first hardware unit is cleansed, reinitiating the migrated functionality at the first hardware unit.
-
-
4. A system comprising:
-
a memory system of a first hardware unit in a Network Function Virtualization based (NFV-based) network; and one or more hardware processing cores of the first hardware unit that are coupled to the memory system and that are each configured to; identify, by the first hardware unit, that a security attack has occurred within the first hardware unit; responsive to identifying the security attack, identify by the first hardware unit a second hardware unit in the NFV-based network that is operative to replace the first hardware unit; initiate, by the first hardware unit, a migration of functionality of the first hardware unit to the identified second hardware unit; and after the functionality of the first hardware unit is migrated to the second hardware unit, execute a security defense software program in the first hardware unit to cleanse the first hardware unit; and after the first hardware unit is cleansed, reinitiate the migrated functionality at the first hardware unit.
-
Specification