An Efficient Dynamic Rule Placement for Distributed Firewall in SDN
Journal
2020 IEEE Global Communications Conference, GLOBECOM 2020 - Proceedings
Date Issued
2020
Author(s)
Chang Y.-W
Abstract
As network environment becomes more dynamic and complex, deploying distributed firewalls with access control lists in software-defined network can protect internal services and hosts from network attacks and insider attacks. With ever-changing types and sources of attacks, firewall policies need frequent updates. However, most existing integer linear programming-based solutions require recomputing the rule placement to optimize certain performance criterion. This leads to the cost of high computation overhead. To deal with the challenges of dynamic updates of firewall rules and rule placement, we propose a resource constraint splitting algorithm to compute only the rules related to the updated policies and preserve the others. The key idea is to separate the decision variables into disjoint subproblems and to only solve the associated part. Simulation results demonstrate that this approach shows significantly less computation time while maintain the optimized rule placement for network performance. ? 2020 IEEE.
Subjects
Firewall; Integer Linear Programming; OpenFlow; Rule Placement; Software-Defined Network
Other Subjects
Access control; Integer programming; Access control lists; Computation overheads; Distributed firewall; Integer Linear Programming; Network environments; Performance criterion; Resource Constraint; Splitting algorithms; Computer system firewalls
Type
conference paper