Loading [a11y]/accessibility-menu.js
Quick Blocking Operation of Firewall System Cooperating with IDS and SDN | IEEE Conference Publication | IEEE Xplore

Quick Blocking Operation of Firewall System Cooperating with IDS and SDN


Abstract:

Firewalls, intrusion detection systems (IDSs), and intrusion prevention systems (IPSs) are normally used to filter anomaly traffic and prevent attacks from the Internet. ...Show More

Abstract:

Firewalls, intrusion detection systems (IDSs), and intrusion prevention systems (IPSs) are normally used to filter anomaly traffic and prevent attacks from the Internet. However, preconfiguring firewalls and IDS on multiple devices is an exhausting work for the network administrators. Software Defined Network (SDN) is the concept proposed to make the network management easier by using an SDN controller and SDN switches. In this research, we propose a system that integrates IDS together with SDN in order to block anomaly traffic in a fast manner. Once the IDS detects anomaly traffic, it will send an alert message back to the SDN switch. Then, this alert message will be sent as a PacketIn message to the SDN controller in order to set up rules to block the attack. To evaluate our system, we conduct experiments to compare the performance of our proposed system using syslog and Socket API with the existing method that uses REST API, and another comparison method, in term of processing time. Our experiment results confirm that our proposed method can result in the smaller latency and can quickly block malicious traffic.
Date of Conference: 13-16 February 2022
Date Added to IEEE Xplore: 11 March 2022
ISBN Information:

ISSN Information:

Conference Location: PyeongChang Kwangwoon_Do, Korea, Republic of

I. Introduction

In order to prevent computing devices in the organization from being compromised, firewall, intrusion detection system (IDS), and intrusion detection system (IPS) that can detect and block malicious files are essential. For the quick and flexible network management and maintenance in large organization networks, Software Defined Network (SDN) [1] should be utilized. While integrating SDN with IDS, the network administrators can deploy a flexible firewall system [2] [3]. In this integration, IDS will detect anomaly packets that may be attacks from the outsider and inform the SDN controller. Moreover, multiple IDS servers can be used for providing the load balance between IDS servers as well.

References

References is not available for this document.