A security-aware service function chain deployment method for load balance and delay optimization

Network function virtualization (NFV) decouples network functions from hardware devices. However, it introduces security challenges due to its reliance on software, which facilitates attacks. This security problem has a significant negative impact on the interests of users. Existing deployment methods are not suitable for SFC requests with a security demand, causing the use of substrate resources unreasonable and lower acceptance ratio. Moreover, a strict delay requirement is another challenge for NFV. To make the use of the substrate resources more reasonable and reduce the transmission delay, this paper proposes a security-constraint and function-mutex-constraint consolidation (SFMC) method for virtual network function (VNF) to reduce resource consumption and transmission delay. In addition, a security-aware service function chain (SASFC) deployment method for load balance and delay optimization is presented, which deploys service function chains according to the consolidated results of the SFMC method. The SASFC method first obtains a candidate server node set using resource, hosting capacity, security and node load constraints. It then obtains candidate paths according to the metric of the minimum transmission delay and link load constraint using the Viterbi algorithm. Finally, the path with the highest VNF security level match degree among the candidate paths is adopted to deploy virtual links, and the corresponding server nodes are employed to deploy VNFs. As a result, the SASFC method makes the use of substrate resources more reasonable. It improves the acceptance ratio and long-term average revenue to cost ratio, reduces transmission delay, and achieves load balancing. Experiment results show that when the number of VNFs is five, the acceptance ratio and long-term average revenue to cost ratio of the SASFC method are close to 0.75 and 0.88, which are higher than those of the compared methods. Its transmission delay and proportion of bottleneck nodes are 7.71 and 0.024, which are lower than those of the compared methods. The simulations demonstrate the effectiveness of the SASFC method.

www.nature.com/scientificreports/ bank services cannot be satisfied, there are significant losses to individuals and society. Therefore, it is challenging to satisfy the security service level agreement (SSLA) of services. This study assumes that the server nodes, substrate links, and VNFs have a security level that can defend against potential attacks (e.g., VNF attacks on server nodes, server node attacks on VNFs, user attacks on VNFs, user attacks on server nodes and substrate links).
The security level of a server node quantifies how much protection mechanisms it can provide for VNFs. The security demand of a server node quantifies how much security assurances it needs to defend attacks. The security level of a VNF quantifies how much protection mechanisms it can provide for server nodes or other VNFs. The security demand of a VNF quantifies how much security assurances it needs to defend attacks [9][10][11] . The deployment of SFCs with security requirements should satisfy the security constraints, which are as follows. (1) The security level of a server node should be equal to or greater than the security demand levels of VNFs deployed on it; (2) the security level of a VNF should be equal to or greater than the security demand level of the server node hosting it; (3) the security level of a VNF should be equal to or greater than the security demand levels of VNFs co-deployed on the server node with the first VNF; and (4) the security level of a substrate link should be equal to or greater than the security demand levels of the virtual links deployed on it. The security constraints are different from resource constraints; thus, the problem associated with SFC deployment is more complex.
There are many works about optimal deployment of SFC [12][13][14] . To reduce the delay, the approach 12 adopts the genetic algorithm to reduce the scheduling time of VNFs. To reduce deployment costs, the approach 13 adopts Markov approximation and matching theoretic to save energy. The proposed heuristic method 14 uses the Monte Carlo Tree Search algorithm to improve energy efficiency. However, these methods are not suitable for SFC requests with a security demand, causing the use of substrate resources unreasonable and lower acceptance ratio. Several studies are conducted on the security deployment of virtual networks. It is assumed that substrate and virtual nodes have different security demand levels and security levels 10,15 . Substrate links have different security levels, and virtual links have different security demand levels. The approach 10 evaluates the importance of substrate nodes using the information entropy Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) algorithm, and selects appropriate substrate nodes to deploy virtual nodes according to the evaluation result. However, the metrics adopted by the information entropy TOPSIS method do not include the security demand and security levels of substrate nodes and virtual nodes. Liu et al. 16 propose a virtual node deployment function considering the security attributes of virtual and substrate nodes. However, they assume that all virtual nodes of a virtual network request have the same security attributes, and do not consider the security attributes of virtual links. The approach 17 considers the security attributes of virtual and substrate nodes, and applies reinforcement learning and shortest path algorithm to node and link embedding stage, respectively.
Nevertheless, few studies are conducted on the deployment problem of SFCs with security requirements. The work 18 categorises security threats faced by NFV as network function-specific threats and general virtualization threats, and discusses these threats in detail. Fysarakis et al. 19 propose a new framework that enhances the security of SFCs. The work 20 proposes a blockchain-based system called BSec-NFVO that offers secure services for all operations. In addition, Rashidi et al. 21 propose a distributed denial of service (DDoS) defense mechanism that shares resources among multiple users to alleviate DDoS attacks. The work 22 reduces the security attacks through optimizing the virtual machine placement. To reduce the deployment cost and satisfy the SSLA, Zhao et al. 23 propose a minimal-cost and SSLA-guaranteed SFC deployment method with feedback adjustment (MCSG-FA). The MCSG-FA method first obtains a deployment result using the maximal-security deployment method, to improve the probability of successful deployment. Thereafter, it searches other deployment results according to the metric of the minimal deployment cost. If a new deployment result satisfies the SSLA with a lower deployment cost than the first result, the new result is used. However, these methods do not fully consider the security demand levels and security levels of VNFs, virtual links, substrate nodes and substrate links. To a certain extent, these methods cause the use of substrate resources unreasonable, and reduce the acceptance ratio.
Special 5G vertical industries (e.g., Industry 4.0) have ultra-strict delay requirements (e.g., less than 1 ms in several cases) 24 . It should be noted that NFV is a key 5G technology, therefore, it has strict delay requirements. In most previous studies, VNFs and virtual links are deployed separately, which increase the length of the deployed paths, thus increasing the transmission delay 25,26 .
In several studies, it is assumed that a server can host more than one VNF from different SFCs, however, it can host only one VNF from the same SFC 27,28 . Adjacent VNFs of an SFC on a server are consolidated according to constraints [29][30][31] . The consolidation of VNFs can reduce the transmission delay and bandwidth consumption. In this study, to simplify the analysis, it is assumed that the transmission delay of each hop is the same. As shown in Fig. 2, it is assumed that VNF2 and VNF3 satisfy the function mutex constraint, the security demand  www.nature.com/scientificreports/ level of VNF2 is less than the security level of VNF3 and the security level of server node3, and the security demand level of VNF3 is less than the security level of VNF2 and the security level of server node3. Moreover, the security demand level of server node3 is less than the security level of VNF2 and the security level of VNF3. In addition, the available resources of server node3 are greater than the sum of resource demands of VNF2 and VNF3. Figure 2a presents the deployment result under the condition of non-consolidation. The hop of the entire deployment path is five, and its transmission delay is five time units. Figure 2b presents the deployment result under the condition of consolidation. The hop of the entire deployment path is four, and its transmission delay is four time units. That indicates that consolidation can effectively reduce the transmission delay.
As the problem of load imbalance is not considered [29][30][31] , the approach 5 designs the optimal selection factor to achieve load balance of substrate nodes. However, the approach 5 does not fully solve the load imbalance problem of substrate links. To make the use of the substrate resources more reasonable, reduce the transmission delay, and achieve load balance, this paper proposes the security-constraint and function-mutex-constraint consolidation (SFMC) method, and security-aware service function chain (SASFC) deployment method for load balance and delay optimization.
This paper mainly studies the deployment for SFC requests with security requirement, and does not consider cyber attacks.
The contributions of this study are as follows. (i) We model the SFC deployment problem with a security demand using integer linear programming (ILP). (ii) We present a security-constraint and function-mutexconstraint consolidation (SFMC) method that consolidates VNFs to reduce resource consumption and improve the acceptance ratio. (iii) We present a security-aware service function chain (SASFC) deployment method for load balance and delay optimization. The SASFC method uses Viterbi algorithm to jointly deploy VNFs and virtual links according to the consolidated result of the SFMC method. Therefore, it effectively reduces transmission delay and resource consumption.

Problem statement, network model and method
Problem statement. For SFC requests with a security demand, the first objective of deployment is to improve the acceptance ratio. The second objective is to reduce transmission delay, and the third is to achieve load balancing. The deployment of SFCs should satisfy the SSLA due to the security requirements of network services. Servers with different security levels have different charges. Several companies (e.g., Huawei and Google) generally provide different security-level severs that users can select from. To better handle the security challenges of SFCs, it is assumed that each server node and substrate link has a security level that can defend against attacks 9,16 . Simultaneously, we abstract the security attributes of SFCs, and assign different security demand levels to different VNFs and virtual links.
Network model. A substrate network (SN), modeled as a weighted undirected graph G s = (V s , E s ) , is composed of substrate nodes and links. Substrate nodes are composed of server and switch nodes. The substrate node set, as denoted by V s , is defined as V s = {v i |i = 1, 2 , . . . , |V s |} . The server node set, as denoted by V s,s , is defined as V s,s = v s,i |i = 1, 2 , . . . , V s,s . A server node v s,i has the following attributes: available CPU resources C(v s,i ), security level Sl(v s,i ), security demand level Sdl(v s,i ), and the hosting capacity. The real-time load of the server node v s,i is denoted by the notation N load (v s,i ). The substrate link set, as denoted by E s , is defined as E s = {e i |i = 1, 2 , . . . , |E s |} . For a substrate link e i , it has the following attributes: available bandwidth resources B(e i ) and security level Sl(e i ). The real-time load of the substrate link e i is denoted by the notation N load (e i ). The notations |V s |, |V s,s |, and |E s | represent the number of substrate nodes, server nodes and substrate links, respectively. The substrate link between server nodes v s,i and v s,j is represented by the notation e i,j . The notation h(e i,j ) represents the hop of the substrate link e i,j .
Service function chain (SFC) requests consist of multiple VNFs and virtual links. The SFC(g) denotes the g-th SFC. It is modeled as a directed graph G g = N g , L g , S g , T g . The VNF set, as denoted by N g , is defined as N g = f j j = 1, 2 , . . . , N g . For a VNF f j , it has the following attributes: CPU resource demand C(f j ), security level Sl(f j ), and security demand level Sdl(f j ). The virtual link set, denoted by L g , is defined as L g = l j j = 1, 2 , . . . , L g . For a virtual link l j , it has the following attributes: bandwidth demand Bd(l j ) and security demand level Sdl(l j ). The notations |N g | and |L g | represent the number of VNFs and virtual links, respectively. The notations S g and T g represent the source and terminal nodes of SFC(g), respectively. The notations v S   www.nature.com/scientificreports/ and v T represent the substrate nodes that S g and T g are deployed on. The virtual link between VNFs f i and f j is represented by the notation l i,j . As shown in Fig. 2, consolidating VNFs can effectively reduce transmission delay and bandwidth consumption. However, owing to restrictions or conflicts between functions, some VNFs cannot be consolidated on the same server node 31 . This is called a function mutex constraint. If VNF f i of the SFC(g) can be consolidated with VNF f j of SFC(g), m g i,j =1 ; otherwise, m g i,j = 0 . When two VNFs are consolidated, the security demand level of the consolidation is equal to the larger of the security demand level of the two VNFs. The security level of the consolidation is equal to the smaller of the security level of the two VNFs. Different VNF instances have location constraints during deployment, and different operators own different licenses 32 . Therefore, a server can only host several types of VNFs. This is referred to as a hosting capacity constraint. If server node v s,i can host instances The deployment of VNFs should satisfy the resource, function mutex, hosting capacity, and security constraints. Moreover, the deployment of virtual links should satisfy the resource and security constraints. There are several security risks for SFCs 9,10 . First, servers attack the VNFs deployed on them. Servers provide resources for VNFs under certain service level agreements. A malicious attacker in control of a server can change all aspects of the VNFs deployed on the server, including the monitoring or snooping traffic associated to the VNFs. Servers supervise hosted VNFs, and the VNFs cannot defend against attacks from the servers. Second, VNFs attack the servers hosting them. A malicious VNF can access the vulnerabilities of the server hosting it via the allocated resources, and control the server. A malicious VNF can attack the network infrastructure to disrupt the services (e.g., DoS attack). Third, VNFs attack other VNFs co-deployed on the same server, which share the same resources of the server. A malicious VNF can take advantage of the shared resources to access the vulnerabilities of other VNFs deployed on the same server, and then attack. In addition, a malicious attacker can access virtual links through the substrate links hosting them.
All the security constraints considered in this study are as follows. (1) The security level of a server node should be equal to or greater than the security demand levels of the VNFs deployed on the server node. (2) The security level of a VNF should be equal to or greater than the security demand level of the server node hosting the VNF. (3) The security level of a VNF should be equal to or greater than the security demand levels of the VNFs co-deployed on the same server node with the first VNF. (4) The security level of a substrate link should be equal to or greater than the security demand levels of the virtual links deployed on the substrate link. Figure 3 presents the deployment result of the SFC(g). For each server node, the three figures aside it represent its serial number, security demand level Sdl(v s ) and security level Sl(v s ), respectively. For each substrate link, the figure beside it represents its security level Sl(e). For each VNF, the two figures beside it represent its security demand level Sdl(f) and security level Sl(f), respectively. For each virtual link, the figure beside it represents its security demand level Sdl(l). Moreover, VNFs 3 and 4 satisfy the third security and function mutex constraints, and can therefore be deployed on the same server node.
The evaluation indicators adopted in this study are as follows. The acceptance ratio is expressed as Eq. (1) where |SFC deploy (t)| and |SFC(t)| denote the number of successfully deployed SFC requests and total SFC requests at time t, respectively, and the notation δ is infinitely close to 0. The revenue, cost, and long-term average revenue to cost ratio of the SFC(g) are defined as Eqs. (2), (3), and (4), respectively. The VNF security level match degree and average VNF security level match degree are expressed as Eqs. (5) and (6), respectively.
The link expansion coefficient is determined by the hop of the entire deployment path and the hop of the SFC(g), as expressed by Eq. (7). The average link expansion coefficient is expressed by Eq. (8).
where the notation D g represents the substrate link set that hosts the virtual links of the SFC(g). The notation h g represents the hop of the SFC(g), and the notation NUM suc represents the number of SFCs successfully deployed.
The average transmission delay is defined as Eq. (9).
where the notation de g represents the transmission delay of the SFC(g). If the load on server nodes (or substrate links) exceeds 95%, the server nodes (or substrate links) are defined as bottleneck nodes (or links). The proportion of bottleneck nodes and links can be expressed as Eqs. (10) and (11).
where the notations V nodeload−0.95 and E nodeload−0.95 represent the numbers of bottleneck nodes and links, respectively. The notations |V s,s | and |E s | represent the numbers of all server nodes and substrate links, respectively. Integer linear programming model. This study models the SFC deployment problem with a security demand as integer linear programming (ILP). The objective function is to obtain the maximum long-term average revenue to cost ratio, as follows: The constraints are as follows:  (13), if VNF f j of the SFC(g) is deployed on server node v s,i , y g i,j =1 ; otherwise, y g i,j = 0 . Constraint (14) ensures that VNF f j is deployed on one server node. Constraint (15) ensures that the server nodes hosting the VNFs satisfy the CPU resource constraint. The notation N load (v s,i ) denotes the real-time load of server node v s,i . Constraint (16) ensures that the real-time load of the server nodes hosting VNFs satisfies the node load constraint. To simplify the analysis, in this paper, it is assumed that each server node can host a maximum of two VNFs of an SFC, as expressed by constraint (17). In addition, constraint (18) ensures that the two VNFs deployed on the same server node satisfy the function mutex constraint.
In constraint (19) (20) ensures that the substrate links hosting virtual links satisfy the bandwidth resource constraint. The notation N load (e i ) denotes the real-time load of substrate link e i . Constraint (21) ensures that the real-time load of the substrate links hosting virtual links satisfies the link load constraint.
Constraints (22) and (23) ensure that server nodes and VNFs satisfy the first and second security constraints, respectively. The notation �(v s,i ) represents the set of VNFs deployed on server node v s,i . Constraint (24) ensures that VNFs satisfy the third security constraint. In addition, constraint (25) ensures that deployed links satisfy the fourth security constraint.
Constraint (26) ensures that the server node hosting VNF f j satisfies the hosting capacity constraint.
Heuristic method. Since the problem of finding the optimal deployment for SFCs is NP-Hard 23,33 , the complexity of the ILP solution is significantly high. Therefore, this paper proposes the SFMC and SASFC methods to obtain a solution. The consolidation of VNFs can effectively reduce the transmission delay. Hence, this paper proposes a security-constraint and function-mutex-constraint consolidation (SFMC) method for VNFs. Deploying VNFs and virtual links separately generally results in sub-optimal deployment results. However, deploying VNFs and virtual links simultaneously would make the problem particularly complex. The Viterbi algorithm demonstrates a superior performance in dynamic programming, which can effectively reduce the problem complexity arising from the simultaneous deployment of VNFs and virtual links. With an increase in the match degree of the VNF security level, the more reasonable the deployment result is. Therefore, the SASFC method considers the VNF security level match degree, and adopts the Viterbi algorithm to simultaneously deploy VNFs (14) v s,i ∈V s,s y g i,j = 1 ∀f j ∈ N g The pseudocode of the SFMC method is shown in Algorithm 1. If VNFs f i and f i+1 of the SFC(g) satisfy the function mutex and security constraints, they are consolidated, and (Lines 2-18). The security demand level difference constraint Sdl(f i+b ) − Sdl(f i+b+1 ) ≤ α is considered to improve the VNF security level match degree and acceptance ratio, where α is the security demand level difference constant.
The flow chart of the SASFC method is shown in Fig. 4. Firstly, the SFMC method consolidates VNFs according to constraints. The SASFC method obtains candidate server node sets according to the consolidation result of the SFMC method. Thereafter it jointly deploys VNFs and virtual links using the Viterbi algorithm. The three paths with the minimal transmission delay are selected as the candidate paths, and they must satisfy the link load constraint. The SASFC method adopts the path with the highest VNF security level match degree from the candidate paths to deploy virtual links, and the corresponding server nodes are employed to deploy VNFs. If deployment fails, the SASFC method will jointly deploy VNFs and virtual links using the Viterbi algorithm according to the non-consolidation result. www.nature.com/scientificreports/ We assume that the SFC(g) is composed of four VNFs, and VNFs 2 and 3 satisfy the third security constraint and function mutex constraint; thus, they can be consolidated. Figure 5 presents the multi-stage graph for the substrate network. First, Sever nodes 0 and 9 are set as the "start" and "end" stages, respectively. All server nodes and substrate links are assumed to satisfy load constraints. Moreover, it is assumed that only Server nodes 2, 4 and 5 have more CPU resources than the CPU resource demand of VNF 1, and satisfy the security and hosting capacity constraints. Thus, Server nodes 2, 4 and 5 are selected as the candidate server nodes of VNF 1, and placed in "Stage 1". It is assumed that only Server nodes 6 and 7 have more CPU resources than the total CPU resource demand of VNFs 2 and 3, and satisfy the security and hosting capacity constraints. Thus, Server nodes 6 and 7 are selected as the candidate server nodes simultaneously hosting VNFs 2 and 3, and placed in "Stage 2". Furthermore, it is assumed that only Server nodes 1, 3 and 8 have more CPU resources than the CPU resource demand of VNF 4, and meet the security and hosting capacity constraints. Thus, server nodes 1, 3 and 8 are selected as the candidate server nodes of VNF 4, and placed in "Stage 3". Each server node in one stage is connected with all server nodes of the previous and subsequent stages.
Each edge of the multi-stage graph may be composed of one or multiple substrate links. The transmission delay of the shortest path of each edge is used as its transmission delay. The two figures beside each edge denote the minimal security level and transmission delay, respectively. The two figures beside each server node denote its security attributes Sdl(v s ) and Sl(v s ), respectively. The two figures beside each VNF denote its security attributes Sdl(f) and Sl(f), respectively. The figure beside each virtual link denotes its security attribute Sdl(l).
The Viterbi path is computed as follows. First, for each edge between the Server node 0 and the server nodes of Stage 1, if its security level is equal to or greater than the security demand level of the corresponding virtual link, the transmission delay of this edge is recorded. If not, this edge fails. Thereafter, this process is repeated to select edges between server nodes of Stage 1 and server nodes of Stage 2. Considering Server node 7 of Stage 2 as an example, the security level of the edge between Server nodes 2 and 7 is lower than the security demand level of the corresponding virtual link; thus, this edge fails. The security levels of the edge between Server node 7 and Server node 4, and the edge between Server node 7 and Server node 5 satisfy the security constraint. Therefore, we add the transmission delay of each edge and recorded the results from the previous stage. The results are 4 and 5, respectively. We select the minimal transmission delay of 4 as the transmission delay of Server node 7, and record this result and the corresponding edges. For Server node 6, the same process is repeated.
We move from one stage to next stage until reaching "end" stage. The blue and green dotted lines represent the selected links for Stages 2 and 3, respectively. The three paths with the minimal transmission delay are selected as the candidate paths. We adopt the path with the highest VNF security level match degree (V S ) from the candidate paths to deploy virtual links, and adopt the corresponding server nodes to deploy VNFs.
The notation Sl denotes the security threshold value. The notations V(F i ) and V(f i ) denote the candidate deployment node sets of F i and f i , respectively. The pseudo code of the SASFC method is shown in Algorithm 2. www.nature.com/scientificreports/ We deploy an SFC according to the consolidation result of the SFMC method. For each F i , we obtain a candidate server node set V(F i ) according to the resource, hosting capacity, security and node load constraints (Lines 1-7). The security threshold constraint Sl(v s,j ) − Sdl(F i ) ≤ Sl improves the VNF security level match degree V S . The security constraint Sdl(F i ) ≤ min F m ∈�(v s,j ) Sl(F m ) ensures that other VNFs deployed on the same server node have a higher security level than the security demand level of F i . For substrate links, they should satisfy the bandwidth demand and security demand level of the corresponding virtual link. In addition, substrate links should satisfy the link load constraint N load (e i ) ≤ 95%. As shown in Fig. 5, for a server node of V(F i ), we compute the transmission delays from each server node of F i−1 by summing up the recorded results, select the minimal transmission delay, and record this result. For other server nodes of V(F i ), this process is repeated. All substrate links selected by the Viterbi algorithm should satisfy the link load constraint. We select three paths as candidate paths according to the metric of the minimal transmission delay through the Viterbi algorithm (Lines 8-39). The path with the highest V S from the candidate paths is adopted to deploy virtual links, and the corresponding server nodes are adopted to deploy VNFs (Line 40).
If deployment fails, an SFC is deployed according to the non-consolidation result (Lines 41-62). For each VNF f i , we obtain a candidate server node set according to the resource, hosting capacity, security and node load constraints (Lines 42-48). The security threshold constraint Sl(v s,j ) − Sdl(f i ) ≤ Sl improves V s . The process expressed by Lines 8-40 is then repeated, and the deployed path and server nodes are obtained.

Complexity analysis.
For the SFMC method, the complexity of consolidating VNFs is O( N g ) . For the SASFC method, the complexities of selecting candidate nodes and deploying SFC are O( N g V s,s ) and O( N g V s,s 2 L g ) , respectively. Hence the total computational complexity for the SASFC method is

Results
Simulation environment. The improved Salam network topology random generation algorithm is adopted to generate the substrate network topology and SFC topology. The substrate network contains 100 server nodes and switch nodes. Server and switch nodes are deployed at the same location, and different switch nodes have the 50% probability of connectivity via substrate links 30 . According to the work 34,35 , the CPU resources of server nodes and bandwidth of substrate links obey the uniform distribution of [60, 100]. There are five types of VNFs {f 1 , f 2 , f 3 , f 4 , f 5 }, where f 2 and f 3 cannot satisfy the function mutex constraint, and each server node can host any two types of the five types considered in this study. According to the work 9,10 , the security levels and security demand levels of server nodes and VNFs, security levels of substrate links, and security demand levels of virtual links obey the integer uniform distribution of [1,4]. To simplify the analysis, it is assumed that the transmission delay of each hop for the substrate link is the same, and its value is 1 ms. The server nodes hosting source and terminal nodes of an SFC are randomly determined according to the SFC request. The CPU resource demands of VNFs and the bandwidth demands of virtual links obey the uniform distribution of [8,12] and [21,24], respectively. The arrival ratio of SFC requests obeys the Poisson distribution, with a parameter of 0.05. Their duration time obeys the exponential distribution, with parameter of 1000. The security demand level difference constant α is set as 2, and the security threshold Sl is set as 2.
Method comparison. The proposed SASFC method is compared with the MCSG-FA method 23 and the SA-VNE method 10 in the same experimental environment. Table 1 shows the detailed description of the three methods.
Due to the limited research conducted on the security deployment of SFCs, we adopt the SA-VNE method as a method for comparison, which is a security deployment method for virtual networks. To conduct a more accurate comparison with the proposed algorithm, the SA-VNE method is adjusted in this study. The SA-VNE method introduces security levels of server nodes and security demand levels of VNFs into the information entropy TOPSIS algorithm. Thereafter, it evaluates the importance of server nodes using the information entropy TOPSIS algorithm and selects appropriate server nodes to host VNFs according to the evaluation results.
Experimental results. Figure 6 presents the experimental results of the acceptance ratio with different number of VNFs. The experimental results for five VNFs are shown in Fig. 6a. The SASFC method deploys SFCs according to the result of the SFMC method, which reduces bandwidth consumption. Moreover, the SASFC method considers the security threshold constraint and uses the Viterbi algorithm to simultaneously deploy VNFs and virtual links. Its acceptance ratio is close to 0.87. The MCSG-FA method selects the server nodes with a higher security level to obtain an initial deployment solution. Thereafter, it adjusts deployment results according to resource consumption. Therefore, its deployment results are local optimum. Its acceptance ratio is close to 0.8. The SA-VNE method evaluates the importance of server nodes using the information entropy TOPSIS algorithm. Moreover, it deploys VNFs according to the evaluation result of the information entropy TOPSIS algorithm. It adopts the shortest path algorithm to deploy virtual links. Its acceptance ratio is close to 0.75. www.nature.com/scientificreports/ The experimental results for six and seven VNFs are shown in Fig. 6b, c, respectively. When the number of VNF is six, the acceptance ratios of the SASFC, MCSG-FA and SA-VNE methods are close to 0.86, 0.79 and 0.73, respectively. When the number of VNF is seven, the acceptance ratios of the SASFC, MCSG-FA and SA-VNE methods are close to 0.85, 0.76 and 0.71, respectively. The experimental results in Fig. 6 indicate that the SASFC method exhibits a higher acceptance ratio than other two methods. Figure 7 presents the experimental results of the long-term average revenue to cost ratio with respect to the number of VNFs. The experimental results for five VNFs are shown in Fig. 7a. The SASFC method deploys SFCs according to the consolidated results of the SFMC method. Moreover, the SASFC method considers the security threshold constraint when selecting the candidate server node set, which can improve the revenue to cost ratio. In addition, the SASFC method further reduces the bandwidth consumption by jointly deploying VNFs and virtual links. Its long-term average revenue to cost ratio is close to 0.88. The deployment results of the MCSG-FA method are local optimum. Its long-term average revenue to cost ratio is close to 0.77. The SA-VNE method deploys VNFs and virtual links separately, which would consume more bandwidth resources. Its long-term average revenue to cost ratio is close to 0.70.
The experimental results for six and seven VNFs are shown in Fig. 7b, c, respectively. When the number of VNF is six, the long-term average revenue to cost ratios of the SASFC, MCSG-FA and SA-VNE methods are close to 0.87, 0.75 and 0.67, respectively. When the number of VNF is seven, the long-term average revenue to cost ratios of the SASFC, MCSG-FA and SA-VNE methods are close to 0.86, 0.73 and 0.64, respectively. The experimental results in Fig. 7 indicate that the SASFC method exhibits a higher long-term average revenue to cost ratio than other two methods. Figure 8 presents the experimental results of the average VNF security level match degree (AVs) with respect to the number of VNFs. The SFMC method considers the security demand level difference constraint when consolidating VNFs. The SASFC method considers the security threshold constraint when selecting a candidate server node set. The abovementioned works effectively improve the VNF security level match degree (Vs). In addition, the SASFC method selects the path with the highest Vs among the candidate paths as the deployed path. Therefore, the SASFC method exhibits the highest AVs among the three methods. The MCSG-FA method does not consider Vs when deploying SFCs. Therefore, its AVs is lower than that of the SASFC method. The security levels of server nodes and security demand levels of VNFs influence resource consumption. The MCSG-FA method adjusts the deployment results according to the resource consumption. Therefore, its average VNF security level match degree AVs is higher than that of the SA-VNE method.

Discussion
The SFMC method considers the security demand level difference constraint, which improves the revenue to cost ratio. The SASFC method deploys SFCs according to the results of the SFMC method, so that bandwidth consumption and transmission delay are reduced. Moreover, the SASFC method considers the security threshold constraint and the node load constraint when selecting the candidate server node set, so that it can improve the VNF security level match degree and reduce proportion of bottleneck nodes. In addition, the SASFC method uses the Viterbi algorithm to simultaneously deploy VNFs and virtual links, and considers the link load constraint when selecting candidate paths. The paths with the minimum transmission delay are selected as candidate paths through the Viterbi algorithm. Therefore, it can reduce transmission delay and proportion of bottleneck links. The SASFC method selects the path with the highest VNF security level match degree among the candidate paths as the deployed path, so that the average VNF security level match degree is improved.  www.nature.com/scientificreports/ The SASFC method adopts Viterbi algorithm to simultaneously deploy VNFs and virtual links, and considers security constraints, which make the use of the substrate resources more reasonable. Meanwhile, it considers the node and link load constraints, and transmission delay. Therefore, it improves the acceptance ratio, long-term average revenue to cost ratio and average VNF security level match degree, reduces the average transmission delay, proportion of bottleneck nodes, and proportion of bottleneck links.
The MCSG-FA method selects the server nodes with a higher security level to obtain an initial deployment solution. Thereafter, it adjusts deployment results according to resource consumption. Therefore, its deployment results are local optimum. The SA-VNE method evaluates the importance of server nodes using the information entropy TOPSIS algorithm. Moreover, it deploys VNFs according to the evaluation result of the information entropy TOPSIS algorithm, which may not satisfy the third security constraint. It adopts the shortest path algorithm to deploy virtual links, which may not satisfy the fourth security constraint. It deploys VNFs and virtual links separately, so that more bandwidth resources are consumed. The MCSG-FA and SA-VNE methods do not fully consider the real-time load of server nodes and substrate links. Simulation results show that the performance of the SASFC method is better than that of the MCSG-FA and SA-VNE methods.

Conclusion
In this study, the deployment problem of SFC requests with a security demand is investigated. First, this paper proposes a security-constraint and function-mutex-constraint consolidation (SFMC) method that consolidates VNFs to reduce resource consumption and transmission delay. In addition, a security-aware service function chain (SASFC) deployment method is proposed for load balance and delay optimization.  www.nature.com/scientificreports/ The SASFC method deploys SFCs according to the consolidated results of the SFMC method, so that bandwidth consumption and transmission delay are reduced. Moreover it obtains a candidate server node set for VNFs through resource, hosting capacity, security and node load constraints, so that proportion of bottleneck nodes is reduced. In addition, it jointly deploys VNFs and virtual links, and obtains candidate paths using the Viterbi algorithm according to the metric of minimum transmission delay. Therefore, the transmission delay is further reduced. All substrate links selected by the Viterbi algorithm should satisfy the link load constraint. Therefore, the transmission delay and proportion of bottleneck links are reduced. The path with the highest VNF security level match degree among the candidate paths is adopted to deploy virtual links, and the corresponding server nodes are employed to deploy VNFs. As a result, the SASFC method demonstrates a higher acceptance ratio and average VNF security level match degree, and lower average transmission delay and proportion of bottleneck nodes/links than the MCSG-FA and SA-VNE methods.
Experiment results reveal that when the number of VNFs is five, the acceptance ratio and long-term average revenue to cost ratio of the SASFC method is close to 0.75 and 0.88, which are higher than that of the compared methods. Its transmission delay and proportion of bottleneck nodes are 7.71 and 0.024, which are lower than that of the compared methods. The experiment results demonstrate the effectiveness of the SASFC method.
This study mainly considers the deployment for SFC requests with security requirement. We will investigate the protective methods for special attack methods (e.g., DDoS) in the future. The proposed heuristic method can be applied to parameter estimation of COVID-19 dynamical model [36][37][38] .
The main notations used in this paper are listed in Table 2.

Data availability
The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.