UNSM 53 may manage network wide distributed denial-of-service (DDoS) detection and protection. In some systems, security is considered only at the vBNG instance level. Network-level management of DDoS detection may help to truly mitigating the DDoS attack. In the example of FIG. 2, the security of the entire network may be considered at one centralized place, for instance, UNSM 53. With the data available for the entire network, UNSM 53 may correlate data for mitigating the DDoS attack. UNSM 53 may perform one or more functions of an Intrusion Detection System (IDS) by correlating the security data across the vBNG instances. UNSM 53 may identify suspicious flow at the entire network level and may apply security threat and mitigation techniques across the vBNG instances. UNSM 53 may identify a security threat from one vBNG instance and apply mitigation automatically across all vBNG instances. For example, UNSM 53 may exchange (e.g., receive and/or output) security related information with each vBNG instance of vBNG instances 57 and 58.
