Analysis of Computational Resource Consumption of an Intrusion Detection System Based on Containerized Network Functions Virtualization

Authors

DOI:

https://doi.org/10.5753/jisa.2025.6112

Keywords:

Intrusion detection systems, network functions virtualization, resource consumption

Abstract

The rapid expansion of global telecommunications networks has driven a continuous increase in Internet adoption, requiring telecom companies to deploy scalable services efficiently to accommodate new users. At the same time, the constant pursuit of cost reduction and improved service delivery has highlighted the need to enhance network function performance. Network Function Virtualization (NFV) addresses these demands by replacing costly, dedicated hardware with virtualized network functions running on virtual machines or containers. This approach enables better resource allocation, scalability, and cost reduction. While traditional virtualization methods can be slow and resource-intensive, container-based solutions, such as those offered by Docker, provide a more lightweight and efficient alternative. By reducing virtualization overhead through kernel sharing, containers significantly streamline the deployment and scalability of NFV-based services. Alongside this evolution, the expansion of online services has brought a surge in cybersecurity threats, highlighting the urgent need for Intrusion Detection Systems (IDS) capable of monitoring traffic patterns and detecting malicious activity in real time. This paper presents a modular testbed framework for NFV-based IDS evaluation, deploying Snort in Docker containers and comparing computational resource consumption against a traditional virtual machine (VM) implementation. The framework enables dynamic instantiation, scalability, and efficient orchestration of IDS components, providing a practical environment to study how different virtualization strategies impact system performance. Specifically, our study i) evaluates the performance of the NFV-IDS running on both a VM and a Docker container, and ii) tests NFV-IDS alongside an Nginx web server under cyberattack. The results provide insights into the viability of containerized NFV for IDS deployment, particularly in environments that demand lightweight, dynamic, and resource-efficient security infrastructures. Furthermore, the framework provides a foundation for future experiments incorporating alternative detection engines, traffic profiles, or virtualization strategies.

Downloads

Download data is not yet available.

Author Biographies

Lucas Teles de Oliveira, Universidade Tecnológica Federal do Paraná

Master in Applied Computing from UTFPR, with a Bachelor's degree in Computer Science from the University of Western Santa Catarina (2014). Currently serves as IT Director at Lux Sistemas and as an Advanced Programming instructor at the Alto Vale do Rio do Peixe University. Has experience in the field of Computer Science, with an emphasis on Computer Science, working mainly on the following topics: IDS and NFV.

Ana Cristina Barreiras Kochem Vendramin, Universidade Tecnológica Federal do Paraná

Ana Cristina Barreiras Kochem Vendramin is a full professor in the Academic Department of Informatics (DAINF) and the Graduate Program in Applied Computing (PPGCA) at the Federal University of Technology – Paraná (UTFPR), Curitiba, Brazil. She received her Master of Science in Telematics (2003) and her Ph.D. in Computer Engineering (2012) from the Graduate Program in Electrical and Computer Engineering (CPGEI) at UTFPR. Her research interests include Computer Networks, Distributed Systems, and Computational Intelligence.

Juliana De Santi, Universidade Tecnológica Federal do Paraná

Juliana de Santi received her B.Sc. in Informatics from the University of Western Paraná in 2004 and her M.Sc. (2008) and Ph.D. (2015) in Computer Science from the University of Campinas. Since 2015, she has served as an Assistant Professor in the Department of Informatics at the Federal University of Technology - Paraná (UTFPR), Brazil. Her main research areas are optical networks and cybersecurity.

Daniel Fernando Pigatto, Universidade Tecnológica Federal do Paraná

Professor in the Academic Department of Informatics (DAINF) and the Graduate Program in Applied Computing (PPGCA) at the Federal University of Technology – Paraná (UTFPR), Curitiba campus, since 2017. Holds a Bachelor's degree in Computer Science from the Regional Integrated University (URI), Erechim campus, RS (2009), and a Master's (2012) and Ph.D. (2017) in Sciences from the Computer Science and Computational Mathematics Program (CCMC) at the Institute of Mathematics and Computer Sciences (ICMC) of the University of São Paulo (USP), São Carlos campus, SP. Completed a sandwich Ph.D. (2015) at the University of the West of England (UWE), Bristol, United Kingdom. Researcher in the field of Computer Networks, with emphasis on Fog Computing, Internet of Things, Security, Critical Embedded Systems, Unmanned Aerial Vehicles, and Performance Evaluation of Computing Systems.

References

Abdulganiyu, O., Tchakoucht, T., and Saheed, Y. (2024). Towards an efficient model for network intrusion detection system (IDS): systematic literature review. Wireless Networks, 30:453-482. DOI: 10.1007/s11276-023-03495-2.

Adamuz-Hinojosa, O., Ordonez-Lucena, J., Ameigeiras, P., Ramos-Munoz, J. J., Lopez, D., and Folgueira, J. (2018). Automated Network Service Scaling in NFV: Concepts, Mechanisms and Scaling Workflow. IEEE Communications Magazine, 56(7):162-169. DOI: 10.1109/MCOM.2018.1701336.

Albin, E. and Rowe, N. C. (2012). A Realistic Experimental Comparison of the Suricata and Snort Intrusion-Detection Systems. In International Conference on Advanced Information Networking and Applications Workshops, pages 122-127. DOI: 10.1109/waina.2012.29.

Ashoor, A. S. and Gore, S. (2012). Intrusion detection system (IDS) & intrusion prevention system (IPS): Case study. Internatioanl Journal of Scientific & Engineering Research, 2. Available at: [link].

AT&T (2019). Beginner’s guide: Open source intrusion detection tools. Available at: [link] Accessed: May 2025.

BOJOVIC, Z. (2024). Application of Network Function Virtualization in Modern Computer Environments. now Publishers Inc, United States. DOI: 10.1561/9781638283591.

Brumen, B. and Legvart, J. (2016). Performance analysis of two open source intrusion detection systems. In International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pages 1387-1392. IEEE. DOI: 10.1109/mipro.2016.7522356.

Colella, A. and Colombini, C. M. (2014). Amplification DDoS attacks: Emerging threats and defense strategies. In International Conference on Availability, Reliability, and Security, pages 298-310. Springer. Available at: [link].

Cresswell, N. and Lapenna, A. (2017). Portainer. Available at: [link] Accessed: May 2025.

DataReportal, Meltwater, and Social, W. A. (2025). Digital 2025 april global statshot report. Available at: [link] Accessed: May 2025.

ETSI (2019). Network functions virtualisation (NFV). Available at: [link] Accessed: May 2025.

ETSI, G. N. . (2014). Network Functions Virtualisation (NFV); Architectural Framework. Available at: [link] Accessed: May 2025.

ETSI, N. W. p. . (2016). Network operator perspectives on industry progress. Available at: [link] Acessed: May 2025.

Fadhlillah, A., Karna, N., and Irawan, A. (2021). IDS Performance Analysis using Anomaly-based Detection Method for DOS Attack. In IEEE International Conference on Internet of Things and Intelligence System (IoTaIS), pages 18-22. DOI: 10.1109/IoTaIS50849.2021.9359719.

Fei, X., Liu, F., Zhang, Q., Jin, H., and Hu, H. (2020). Paving the way for nfv acceleration: A taxonomy, survey and future directions. ACM Computing Surveys (CSUR), 53(4):1-42. DOI: 10.1145/3397022.

Forum, W. E. (2025). Global cybersecurity outlook 2025. Available at: [link] Accessed: May 2025.

Gebert, S., Müssig, A., Lange, S., Zinner, T., Gray, N., and Tran-Gia, P. (2017). Processing time comparison of a hardware-based firewall and its virtualized counterpart. In Mobile Networks and Management, pages 220-228, Cham. Springer International Publishing. DOI: 10.1007/978-3-319-52712-3_16.

Han, B., Gopalakrishnan, V., Ji, L., and Lee, S. (2015). Network function virtualization: Challenges and opportunities for innovations. IEEE Communications Magazine, 53(2):90-97. DOI: 10.1109/mcom.2015.7045396.

Imperva (2014). What is LOIC - Low Orbit Ion Cannon. Available at: [link] Accessed: May 2025.

Inc., D. (2013). Get docker. Available at: [link] Accessed: May 2025.

Julienne, T. (2016). SYN Flood Mitigation with SYNsanity. Available at: [link] Accessed: May 2025.

Kuhrer, M., Hupperich, T., Rossow, C., and Holz, T. (2014). Exit from hell? reducing the impact of amplification DDoS attacks. In USENIX Security Symposium 14, pages 111-125. Available at: [link] Accessed: May 2025.

Kurek, T., Niemiec, M., and Lason, A. (2024). Performance evaluation of a firewall service based on virtualized includeos unikernels. Scientific Reports, 14(1). DOI: 10.1038/s41598-024-51167-8.

Mauricio, L. and Rubinstein, M. (2023). A network function virtualization architecture for automatic and efficient detection and mitigation against web application malware. Journal of Internet Services and Applications, 14(1):10–20. DOI: 10.5753/jisa.2023.2847.

Merkel, D. (2014). Docker: Lightweight linux containers for consistent development and deployment. Linux Journal, 2014(239):2. Available at: [link].

Mijumbi, R., Serrat, J., Gorricho, J., Bouten, N., De Turck, F., and Boutaba, R. (2016). Network function virtualization: State-of-the-art and research challenges. IEEE Communications Surveys Tutorials, 18(1):236-262. DOI: 10.1109/comst.2015.2477041.

Oliveira, S., Linhares, C., Travençolo, B., and Miani, R. (2020). Investigation of amplification-based DDoS attacks on IoT devices. INFOCOMP Journal of Computer Science, 19(1). Available at: [link].

Rangisetti, A. K. (2024a). Experiment with VNFs over Docker Containers, pages 233-295. Apress, Berkeley, CA. DOI: 10.1007/979-8-8688-0497-7_5.

Rangisetti, A. K. (2024b). Virtualizing Network Functions in Cloud and Telecom Core Networks, pages 191-231. Apress, Berkeley, CA. DOI: 10.1007/979-8-8688-0497-7_4.

Roesch, M. (1998). Snort. Available at: [link] Accessed: May 2025.

Shayegan, M. J. and Damghanian, A. (2024). A Method for DDoS Attacks Prevention Using SDN and NFV. IEEE Access, 12:108176-108184. DOI: 10.1109/ACCESS.2024.3438538.

Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., and Sekar, V. (2012). Making middleboxes someone else's problem: network processing as a cloud service. In Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM '12, page 13–24, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/2342356.2342359.

Sieklik, B., Macfarlane, R., and Buchanan, W. J. (2016). Evaluation of tftp DDoS amplification attack. Computers & Security, 57:67-92. DOI: 10.1016/j.cose.2015.09.006.

Snort Project (2020). Snort users manual. Available at: [link] Accessed: May, 2025.

Susnjara, S. and Smalley, I. (2024). What is docker? Available at: [link].

Tikhe, G. and Patheja, P. (2023). Mitigation of Distributed Denial of Service (DDoS) Attack Using Network Function Virtualization (NFV)—A Survey, pages 311-317. DOI: 10.1007/978-981-99-3569-7_22.

Tiwari, M., Kumar, R., Bharti, A., and Kishan, J. (2017). Intrusion detection system. International Journal of Technical Research and Applications, 5:2320-8163. Available at: [link] Accessed: May, 2025.

Tripathi, N., Hubballi, N., and Singh, Y. (2016). How Secure are Web Servers? An Empirical Study of Slow HTTP DoS Attacks and Detection. In International Conference on Availability, Reliability and Security (ARES), pages 454-463. DOI: 10.1109/ARES.2016.20.

Upadhyay, D., Gupta, M., Sharma, K. B., and Upadhyay, A. (2024). Enhancing Network Function Virtualization and Service Function Chaining: Innovative Optimization Strategies and Their Impact. In International Conference on Pioneering Developments in Computer Science & Digital Technologies (IC2SDT), pages 153-157. DOI: 10.1109/IC2SDT62152.2024.10696153.

van Cleeff, A., Pieters, W., and Wieringa, R. J. (2009). Security implications of virtualization: A literature study. In International Conference on Computational Science and Engineering, volume 3, pages 353-358. DOI: 10.1109/cse.2009.267.

VMware (2005). What is a virtual machine. Available at: [link] Accessed: May 2025.

Wang, J. (2023). Performant, scalable, and efficient deployment of network function virtualization.

Wang, J., Lévai, T., Li, Z., Vieira, M. A. M., Govindan, R., and Raghavan, B. (2022). Quadrant: a cloud-deployable NF virtualization platform. In Symposium on Cloud Computing, SoCC '22, page 493–509, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3542929.3563471.

Yoachimik, O. and Pacheco, J. (2025). Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report. Available at: [link] Accessed: May 2025.

Yusof, M. A. M., Ali, F. H. M., and Darus, M. Y. (2017). Detection and defense algorithms of different types of DDoS attacks. International Journal of Engineering and Technology, 9(5):410. Available at: [link].

Zahoor, S., Ahmad, I., Rehman, A. U., Eldin, E. T., Ghamry, N. A., and Shafiq, M. (2023). Performance Evaluation of Virtualization Methodologies to Facilitate NFV Deployment. Computers, Materials and Continua, 75(1):311-329. DOI: 10.32604/cmc.2023.035960.

Çetin, A., Gültekin, D., and and, N. Y. (2025). Implications of NFV-SDN technology: An exploratory study of Turkish telecom industry. Journal of Global Information Technology Management, 28(2):111-135. DOI: 10.1080/1097198X.2025.2480971.

Downloads

Published

2025-12-12

How to Cite

de Oliveira, L. T., Vendramin, A. C. B. K., De Santi, J., & Pigatto, D. F. (2025). Analysis of Computational Resource Consumption of an Intrusion Detection System Based on Containerized Network Functions Virtualization. Journal of Internet Services and Applications, 16(1), 683–695. https://doi.org/10.5753/jisa.2025.6112

Issue

Vol. 16 No. 1 (2025)

Section

Research article

License

Copyright (c) 2025 Journal of Internet Services and Applications

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.