Virtual Network Embedding Based on Security Level with VNF Placement

. In this paper, in order to embed virtual networks by considering network security, we propose a virtual network embedding based onsecuritylevelwithVNFplacement.Inthismethod,virtualnetworksareembeddedinasubstratenetworkbyconsideringsecurity andsomesecurityVNFsareplacedinordertoincreasethesecuritylevelofsubstratenetworks.Byusingourproposedmethod, manyvirtualnetworkscanbeembeddedbyconsideringsecuritylevel.Asaresult,therewardcanbeincreasedandthecostof placingVNFsisnotincreasedsomuch.Weevaluatetheperformanceofourproposedmethodwithsimulation.Theperformance ofthismethodiscomparedwiththeperformanceofamethodthatplacesVNFsrandomlyandtheperformanceofamethod withoutplacingVNFs.Fromnumericalexamples,weinvestigatetheeffectivenessofthismethod.Innumericalexamples,weshow thattheproposedmethodiseffectiveinembeddingvirtualnetworksbyconsideringnetworksecurity.


Introduction
In order to provide many services on the Internet [1], the service providers use various devices like servers, router, and switches in a data center environment. In general, software for a specific function is implemented in each device. With such implemented software, each device provides the specific function [2,3]. Therefore, a larger number of devices are required when a larger number of services have to be provided on the Internet. As a result, the increase of physical devices will lead to an increase of the cost such as CAPEX (Capital Expenditure) and OPEX (Operating Expense) for operating the services. However, the usage of network resources is highly unpredictable. Therefore, most devices have not always been fully utilized [1].
Currently, service providers can use virtualization technology to reduce the hardware cost [4]. By using the virtualization technology, multiple virtualized servers can be implemented in a physical server [5,6]. The utilization of virtualized servers can decrease CAPEX and OPEX significantly. On the other hand, the utilization of virtualization technology increases security risk [4].
Increasing of Internet users not only brings innovation to human life but also has side effects such as the steal of confidential information or the disablement of infrastructure servers. For example, malware attacks like Stuxnet, Havex, and Dragonfly lead to huge financial loss and reputation damage [7].
Server virtualization also raised new security issues apart from traditional vulnerabilities. The first issue came from the fact that the virtual machine is controlled by the host machine. If the physical machine was under attack or controlled by adversaries, then the virtual machines inside the host could be attacked easily by the attacker [8][9][10][11]. The second issue came from the resource sharing for a physical machine. If a virtual machine is attacked, the attacker may attack another virtual machine on the same host and also attacks the physical machine [3,11]. Some virtual servers may have low-security protection. Therefore, this virtual server can be attacked easily. Users do not want to share resources with other users that have low-security protection [12]. The third security issue in virtualization is that some attacks such as DoS attack may disable a link between two physical 2 Security and Communication Networks machines [3,10,11]. Hence, the security management of the virtualized server is important.
In the virtual network environment, server and network function are also virtualized, and virtualized servers and network functions are encapsulated in a virtual machine. Multiple virtual servers and virtual network functions (VNFs) can be placed in one physical server. Moreover, a link between two virtual nodes can also be virtualized [2]. Virtual nodes and virtual links have to be placed in physical networks efficiently by considering storages availability, bandwidth availability, and security protection [9,11,[13][14][15].
In a physical network, security network functions such as firewall, deep packet inspection, and intrusion detection have to be utilized in order to improve the protection for the substrate networks [16][17][18][19]. In virtual networks, such security network functions are required to improve the protection. Security network functions especially are expected to be virtualized for virtual networks so as to utilize networks safely. The usage of security VNF can improve the protection of virtual networks [19,20]. Here, the security of virtual networks has been studied in [10,11,15,19] and some methods have been proposed. With these methods, the virtual network can be embedded in substrate networks by considering the security. However, [10,11,15,19] have not considered the utilization of security VNFs in order to improve the protection of virtual networks. As a result, some virtual networks may not be embedded due to a low security. This results in a smaller number of embedded virtual networks and a low reward by increasing the rejection rate of the virtual network.
In this paper, we propose a virtual network embedding based on security level with VNF placement. In this method, virtual networks are embedded in a substrate network by considering security and some security VNFs are placed in order to increase the security level of substrate networks. Here, virtual networks are embedded by placing security VNFs appropriately with an optimization problem. By using our proposed method, many virtual networks can be embedded by considering security level. As a result, the reward can be increased and the cost of placing VNFs is not increased so much. We evaluate the performance of our proposed method with simulation. The performance of this method is compared with the performance of a method that places VNFs randomly and the performance of a method without placing VNFs. From numerical examples, we investigate the effectiveness of this method. Note that we have considered the virtual network embedding by considering security in [21,22]. However, in [21,22], we have considered only the cost of virtual network embedding and do not consider the revenue. Therefore, our proposed method in this paper extends the method in [21,22]. Moreover, we have not investigated the performance of the previous method in more detail due to page limitation in [21,22].
The rest of this paper is organized as follows. Section 2 introduces related works about the virtual network embedding with security consideration. Section 3 explains our system model. Section 4 explains our proposed VNF placement with an optimization problem. Section 5 shows numerical examples, and, finally, Section 6 denotes the conclusion.

Related Works
Recently, network graph has been used to model network system. Reference [23] has used a network graph for modeling network slice in 5G network. Reference [24] has used a network graph for modeling virtual network over an optical network. Moreover, [25] has used a network graph for modeling a virtual network over flexible grid networks.
For virtual network with security consideration, network graph is also used. In [9], a network graph is used for modeling virtual network with trust value and security protection level. Here, trust value is a metric of physical node that indicates whether the physical node can be trusted. For example, when the trust value of a physical node where virtual nodes are embedded is small, the virtual nodes are attacked by the physical node with high probability. Moreover, the security protection level indicates its capability to defend itself against attacks from other physical nodes. For embedding virtual networks, the trust value and security protection level of the physical nodes have to be equal to or higher than those that are required by the virtual networks. On the other hand, [9] cannot consider the security of virtual nodes because the physical nodes have no requirement for the security of virtual nodes.
Reference [10] has modeled a virtual network as an undirected graph ( , ) in which and represent the set of virtual nodes and the set of virtual links, respectively. In this model, each virtual node and link requests a certain amount of computing capacity, bandwidth capacity, and a security requirement for the virtual node and virtual link. Here, the security requirement has three levels: high, medium, and none. In the high level, the virtual node cannot be embedded in a physical node that is used by other virtual networks. Moreover, in the medium level, two virtual nodes in the same virtual network cannot be embedded in a physical node. In the none level, the virtual node can be embedded in any physical nodes without security restriction. For the link, the security requirement denotes how encryption is used for embedding virtual links. As is the case with [9], this method also does not consider any requirement for virtual nodes.
Reference [15] has classified the security requirements for virtual network into three requirements. Those three requirements are node requirements, link requirements, and topology requirements. Moreover, they have proposed a method in order to embed virtual networks securely. Reference [19] has proposed a method to improve the security of networks by maximizing utilization of existing security devices. This method requires a monitoring technique for all network flows.
In [11], security-aware virtual network embedding has been formulated as an optimization problem to maximize the long-term profit of virtual network embedding operation. Moreover, the authors have introduced the numerical concept of security level to indicate the standard of protection provided by the network operators. When a security level for the substrate node is high, the high-level protection mechanism is available in the substrate node. The security level of a substrate network has to be equal to or higher than the security level that is required by virtual networks. In  addition, in [11], four security constraints have been provided in the following: (1) A substrate node should have a security level that is equal to or higher than the demand of every virtual node in that node.
(2) A virtual node should have a security level that is equal to or higher than the demand of its substrate node.
(3) Each virtual node should provide all other virtual nodes of the same host with an adequate security level.
(4) A virtual link with a certain security demand should be embedded in the substrate link with the equal or higher security level.
Those constraints assure that virtual networks are embedded in the substrate network when adequate security protection is available. Here, if the security level of node or link cannot satisfy the above conditions, a virtual network cannot be embedded and the request for virtual network embedding is rejected. Therefore, in order to embed many virtual networks, the security level is expected to be improved by placing security VNFs. However, in [9][10][11]15], such security VNFs are not utilized.

System Model
In this section, we model a substrate network as an undirected weighted graph = ( , , , ), as shown in Figure 1. In this model, is the set of all substrate nodes and is the set of all substrate links. Each substrate node and substrate link has its own attributes, and we denote attributes of the substrate nodes and attributes of the substrate links in the following: Here, ( ) is the capacity of CPU of the substrate node and V( ) is the security level, which denotes the standard of protection, of substrate node . Moreover, ( ) is the demand of security level for virtual networks that utilize substrate node . On the other hand, ( ) is the available bandwidth of the substrate link . Moreover, V( ) denotes the security level of . In addition to the attributes, the set of all paths in the substrate network is denoted by .
Moreover, the jth security VNF is denoted with capacity and security level as follows:  , and , are the requirements for virtual nodes and virtual links of virtual networks, and those are given by Note that node V and link V denote virtual node and virtual link and do not denote the substrate node and substrate link, respectively. In fact, V and V denote only the name of the virtual node and the virtual link. Note that users do not specify the length of the virtual link. Moreover, ( ) denotes the maximum number of substrate links that can be included in .
Here, as explained in Section 2, the security level V( ) of the substrate node must be larger than or equal to the security demand ( V ) of the virtual node if V is mapped to . Moreover, the security level V( V ) of the virtual node must be larger than or equal to security demand ( ) for the virtual node. On the other hand, V( ) must be larger than or equal to the security level V ( V ) of the virtual link V if V is mapped to . In terms of bandwidth, ( ) has to be equal to or larger than ( V ) if V is mapped to . In this model, the cost for embedding virtual networks is defined as the amount of resources used by the virtual network in the substrate network. Here, = ( , ( V , ), , ( V , )) denotes the mapping between the ith virtual network embedding request and the substrate network. , ( V , ), especially, shows that V is mapped to and , ( V , ) shows that V is mapped to . Moreover, ( , ) denotes that VNF is placed in . In this case, the cost is given by In addition to the cost, the revenue for is calculated from the resources demanded by the VNE requests with the following equation.
As shown in (4) and (5), the cost and the revenue depend on the duration . In (4), the first term denotes the cost for embedding virtual nodes V in substrate nodes and the second term denotes the cost for embedding virtual links V in substrate links . Moreover, the last term denotes the cost of placing VNF in the substrate node . In (5), on the other hand, the first term denotes the revenue for embedding virtual nodes V to and the second term denotes the revenue for embedding virtual links V to . Here, is a ratio of price for a virtual network to cost for the virtual network, i.e., price/cost for a virtual network. The value of is decided by the provider so that he can obtain a benefit. In (4), the addition of VNFs increases the cost, and hence the provider determines carefully. If is equal to or less than 1, the revenue will be less than the cost. Figure 1 shows how virtual networks are embedded in a substrate network. In this figure, the requirements of virtual node a (cpu 20, lev 2, and dem 2) can be satisfied in substrate node A (cpu 80, lev 2, and dem 2). Moreover, requirements of virtual node b can be satisfied in substrate node F. Substrate link between node A and node F also satisfies the link requirement of virtual network a-b (bw 20, lev 2). Therefore, the virtual network a-b can be embedded in that substrate network as shown in Figure 1(b). On the other hand, the security demand of virtual node c (dem 3) in Figure 2(a) cannot be satisfied in the security level of node A (lev 2). Therefore, in order to satisfy the requirement of virtual node Security and Communication Networks 5 c, VNF F j ( 15, 1) is placed to the substrate node A to increase the security level of substrate node A. However, the placement of VNF F j decreases CPU resources in node A as shown in Figure 2(b).
For this system model, our proposed virtual network embedding based on security level with VNF placement can be utilized.

Virtual Network Embedding Based on Security Level with VNF Placement
In this section, we explain our proposed virtual network embedding based on security level with VNF placement. Our proposed method is used to embed virtual networks so as to decrease the cost (4) and increase revenue (5). In the method, security VNF can be used to embed a lot of virtual networks by increasing the security level of substrate networks. Here, security VNF is a virtual machine that can provide a network security function and the security VNF can be used in a node where it has been installed. By utilizing security VNF in the substrate node, security can be improved for the virtual node. For example, the security VNFs can inspect the network traffic before entering the virtual node so that any malicious traffic can be blocked. In our proposed method, a lot of virtual networks can be expected to be embedded by using security VNFs so that the difference in revenue (5) minus cost (4) is maximized. For achieving this end, we formulate an optimization problem for embedding virtual networks and placing VNFs as follows: subject to Constraint (7) assures the availability of the CPU resources in the substrate nodes. From (7), VNF and virtual nodes cannot be placed and embedded in the substrate nodes when CPU resource of the substrate nodes is less than CPU capacity that is demanded by VNF and virtual nodes. Constraint (8) is used to assure that the security level demanded by the virtual nodes have to be satisfied in substrate nodes. Moreover, constraint (9) assures that the virtual nodes have an adequate security level that is required by the substrate nodes. Constraint (10) is used to assure that the substrate links provide enough bandwidth for embedding virtual links. Moreover, constraint (11) assures that the substrate links have an adequate security level that is required by the virtual links. Thus, the constraint conditions assure that virtual networks can be embedded with sufficient security protection in the substrate networks.
In this paper, we solve this optimization problem with a genetic algorithm.

Performance Evaluation
In this section, we evaluate the performance of the proposed method in substrate networks shown in Figures 3 and 4. For both topologies, the security level V( ) and demand ( ) for each substrate node are selected at random among [1,3], respectively. Moreover, CPU of is set at random among [80, 95]. On the other hand, the security level V( ) for each substrate link is also selected at random among [1,3]. Here, we assume that the addition of a security VNF increases the security level of the substrate node by 1. In our simulation, we denote the security level as integer value due to simplicity although our proposed method is available when the security level is denoted as real number. Note that the effectiveness of our proposed method is affected so much by the difference between the integer value and real number. The bandwidth ( ) is 1000. In terms of VNFs, the maximum number of VNFs that can be placed is not limited. Moreover, = 5.0 and = 1.0.
For the user's request for virtual network embedding, we assume that the request of virtual network arrives at the substrate network according to Poisson process with rate . Moreover, in each request, the number of virtual nodes is selected at random among [2,7]. The security levels are selected at random among [1,3], respectively. In each request, ( V ) is decided randomly from 5 to 100 and bandwidth ( V ) is selected randomly among [5,30]. The utilization time of virtual network follows an exponential distribution with rate 10. After the utilization of a virtual network finishes, the virtual networks are removed soon and the used resources are returned to the substrate network.
At each request, the genetic algorithm is used to solve the optimization in (6). By genetic algorithm, we find the position for placing the requested virtual nodes, virtual links, and VNFs so that the value of Rev-Cost is maximized. For Subs8 topology, the genetic algorithm uses chromosome with 32-digit binary strings. The 32-digit binary strings are divided into 8 parts that represent substrate nodes. Each part consists of 5-digit binary strings that represent virtual node and VNF to be embedded in that substrate node. For the FullMesh5, the genetic algorithm uses chromosome with 20digit binary strings. The 20-digit binary strings are divided into 5 parts that represent substrate nodes. Each part consists of 4-digit binary strings that represent virtual node and VNF to be embedded in that substrate node. We run the genetic  algorithm with 100 population size and 5000 generations. We believe that the optimal position was already obtained before 5000th generations by checking the convergence. For the performance comparison, we evaluate the performance of Random VNF method where VNFs are placed at random in the substrate network. Here, in the Random VNF method, the number of placed VNFs is the same as the number of requested virtual nodes. We also evaluate the performance of No VNF method where VNFs cannot be placed.
We compare the performance of each method in terms of the average value of Rev-Cost, the rejection rate, and the average number of used VNFs. Here, the average value of Rev-Cost is given by the sum of Rev-Cost for the accepted request divided by the number of accepted requests as shown in (12). In (12), ( ) is one (zero) if request is accepted (not accepted). Therefore, ∑ | | =1 ( ) is the number of accepted requests. The rejection rate is given by the number of rejected requests divided by the number of arrived requests as shown in (13). In this equation, | | means the total number of requests. The average number of used VNFs is equal to the number of VNFs that had been used in all accepted requests divided by the number of accepted requests as shown in (14).
5.1. Impact of Arrival Rate. In this section, we investigate the impact of the arrival rate of user's requests on the performance of each method in Subs8 topology. Figure 5 shows the value of the objective function (6) against the arrival rate . In the following, we denote the value of the objective function as Rev-Cost. In this figure, Rev-Cost of the proposed method is higher than those of other Security and Communication Networks methods regardless of . Highest Rev-Cost can be achieved with efficient placement of virtual network in the substrate network. Therefore, by comparing with the other methods, the embedding for virtual networks using the proposed method is the most efficient. Moreover, Figure 6 shows that the rejection rate of the proposed method is lower than those of other methods regardless of . From this figure, we can find that the rejection rate for the proposed method is smaller than those methods. Therefore, with our proposed method, more virtual networks can be embedded in the substrate network. Figure 7 shows the average number of VNFs used in the substrate nodes. From this figure, we find that the average number of VNFs that was placed in the substrate network with the proposed method is smaller than those of another method regardless of . Note that there is no result for No VNF method because VNFs are never placed in the method. Here, with the proposed method, VNFs are placed in the virtual network so as to satisfy the request. Therefore, the proposed method can embed a lot of virtual networks by using VNFs in the substrate network.

Impact of Security Level.
In this section, we investigate the performance of each method against increment of security level in the substrate node in Subs8 topology. In this evaluation, the security level of each substrate node is multiplied by x. For example, when x is equal to two, V( ) becomes 2 V( ). This represents that the security is improved as x becomes large. Figure 8 shows the Rev-Cost of the proposed method is higher than those of other methods even if the security level of the substrate node and link increases. On the other hand, the results of the Random VNF method can be improved when x is large. Moreover, Figure 9 shows that the rejection rate of the proposed method is lower than those of other methods regardless of the security level of the substrate node and link. This is because our proposed method can place VNFs effectively. Therefore, with our proposed method, more virtual networks can be embedded in the substrate network regardless of the security level of substrate networks. Figure 10 shows the average VNFs that were placed in the substrate nodes with proposed method are lower than the random method. From this figure, we find that the average number of VNFs used in the network with the proposed method is smaller than those of other methods in a low-or high-security level of the substrate network. Here, with the proposed method, VNFs are placed in the virtual network so as to satisfy the user's request. Therefore, the proposed method can embed a lot of virtual networks by using resources in the substrate network. From these figures, we find that the proposed method has better performance than other methods even if substrate networks have not been designed without the consideration of security.

Impact of Network Topology.
In this section, we use FullMesh5 topology (a) and FullMesh5 topology (b) as shown   in Figure 4(a) and Figure 4(b) to evaluate the performance of each method. For FullMesh5 topology (b) in Figure 4(b), security level is determined at random in [1,5], a higher range than security level of FullMesh5 topology (a) in Figure 4(a). Figure 11 shows the Rev-Cost of the proposed method in FullMesh5 topology (a) is higher than those of other methods regardless of . This result is similar to the result for Subs8 topology as shown in Section 5.1. Compared with the other methods, the embedding of virtual networks using the proposed method is the most efficient. Figure 12 also shows that the rejection rate of the proposed method in FullMesh5 topology (a) is lower than those of other methods regardless of . Here, the rejection rate is decreased by placing VNFs effective. Therefore, with our proposed method, more virtual networks can be embedded even in the FullMesh5 substrate network.  Figure 13 shows the average number of VNFs that were placed in the substrate nodes in FullMesh5 topology (a). From this figure, we find that the average number of VNFs for the proposed method is smaller than those for other methods regardless of . Here, by using the proposed method, VNFs can be placed in the substrate network to satisfy the request. The proposed method can embed a lot of virtual networks by using resources even in the FullMesh5 substrate network. Figure 14 shows Rev-Cost of the proposed method in FullMesh5 topology (b) is higher than those of other methods regardless of . This result is similar to the result for FullMesh5 topology (a) as shown in Figure 11. Compared with the other methods, the embedding of virtual networks using the proposed method is the most efficient. Figure 15 shows that the rejection rate of the proposed method in FullMesh5 topology (b) is lower than those of other methods regardless of . Here, the rejection rate is  decreased by placing VNFs effectively. Therefore, with our proposed method, a larger number of virtual networks can be embedded even in the FullMesh5 substrate network with higher range of security level. Figure 16 shows the average number of VNFs that have been placed in the substrate nodes in FullMesh5 topology (b). From the comparison with the result in FullMesh5 topology (a), the average number of VNFs shown in Figure 16 is higher than the average number of VNFs in FullMesh5 topology (a) shown in Figure 13. This is because a larger number VNFs are needed to satisfy higher security.
From these results, we find that, with our proposed method, virtual networks can be embedded efficiently even in the different range of security level.

Calculation Time.
Finally, for both topologies, we evaluate the calculation time for solving the optimization problem for one user's request. For Subs8 topology, we change the number of virtual nodes in the user's request to 2, 4, 5, and 8. For FullMesh5 topology, on the other hand, the number of virtual nodes is 2, 4, and 5. Note that we cannot select 8 virtual nodes in the FullMesh5 topology. We calculate the time that is needed from the arrival of request to get the solution of the optimization problem. Table 1 shows that the calculation time increases as the number of virtual nodes increases. This is because the optimization problem becomes complex. Moreover, the calculation time for Subs8 topology is larger than that for FullMesh5 topology. This means the calculation time becomes large when the number of nodes and the number of links in substrate network are large. However, even if the number of virtual nodes and the size of the topology increase, our proposed method can calculate a request within 1 min in these cases.

Conclusions
In this paper, we proposed virtual network embedding based on security level with VNF placement. In this method, some VNFs are placed in order to increase the security level of virtual networks and a lot of virtual networks can be embedded. We evaluated the performance of our proposed method with numerical examples. We found that a larger number of virtual networks can be embedded based on security level by using the proposed method. Moreover, by using proposed method VNE can be embedded with high revenue and less cost.

Data Availability
The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
The authors declare that there are no conflicts of interest regarding the publication of the paper.