IEEE Access (Jan 2020)

Secure Collecting, Optimizing, and Deploying of Firewall Rules in Software-Defined Networks

  • Sunghwan Kim,
  • Seunghyun Yoon,
  • Jargalsaikhan Narantuya,
  • Hyuk Lim

DOI
https://doi.org/10.1109/ACCESS.2020.2967503
Journal volume & issue
Vol. 8
pp. 15166 – 15177

Abstract

Read online

Firewalls are a fundamental element of network security systems with the ability to block network data traffic flows according to pre-defined rules. Software-defined networking (SDN) technology, which can provide flexibility, elasticity, and programmability for network management, has been applied to network security systems. We propose a software-defined firewall cyber-security system, which securely gathers the firewall rules of the host/network-based firewalls through the SDN control plane, converts the collected firewall rules in the form of SDN flow rules, and deploys them on OpenFlow (OF)-enabled switches. Furthermore, we formulate an optimization problem to find appropriate OF-enabled switches to which the SDN flow rules are to be sent. The proposed firewall system makes the traffic flows that are destined to be dropped by a firewall be dropped in advance at the OF-enabled switch with the corresponding SDN flow rules. The SDN-based testbed experiments demonstrate that the proposed firewall system reduces the aggregate network traffic volume and the resource utilization of end-hosts in the network.

Keywords