Secure Collecting, Optimizing, and Deploying of Firewall Rules in Software-Defined Networks

Sunghwan Kim, Seunghyun Yoon, Jargalsaikhan Narantuya, Hyuk Lim
2020 IEEE Access  
Firewalls are a fundamental element of network security systems with the ability to block network data traffic flows according to pre-defined rules. Software-defined networking (SDN) technology, which can provide flexibility, elasticity, and programmability for network management, has been applied to network security systems. We propose a software-defined firewall cyber-security system, which securely gathers the firewall rules of the host/network-based firewalls through the SDN control plane,
more » ... onverts the collected firewall rules in the form of SDN flow rules, and deploys them on OpenFlow (OF)-enabled switches. Furthermore, we formulate an optimization problem to find appropriate OF-enabled switches to which the SDN flow rules are to be sent. The proposed firewall system makes the traffic flows that are destined to be dropped by a firewall be dropped in advance at the OF-enabled switch with the corresponding SDN flow rules. The SDN-based testbed experiments demonstrate that the proposed firewall system reduces the aggregate network traffic volume and the resource utilization of end-hosts in the network. INDEX TERMS Cyber-security, firewall, software-defined networking, optimization, greedy algorithm. 15166 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ VOLUME 8, 2020 HYUK LIM (Member, IEEE) received the B.S., M.S., and Ph.D. degrees from the School of
doi:10.1109/access.2020.2967503 fatcat:d6vk5vfbcfd5hecspuerd2scku