Chang, Y.Y.ChangTSUNG-NAN LIN2020-06-112020-06-11201815253511https://scholars.lib.ntu.edu.tw/handle/123456789/499106https://www.scopus.com/inward/record.uri?eid=2-s2.0-85049202999&doi=10.1109%2fWCNC.2018.8377305&partnerID=40&md5=e760f51a6efb32dcf4f41ea24bb7e563In order to prevent network services and end hosts from Internet attacks, a firewall is an important protective component to enforce security policy on network packets. A typical firewall sits at the entry point of an Autonomous System (AS). However, it may become the congestion point because of the growing number of security policies and network traffic. Also, a SDN-based firewall can suffer from the TCAM memory limit of SDN devices and thus it can only install a limited number of security policies. This paper presents a robust algorithm to distribute security policies of a firewall into distributed SDN devices in cloud-clustered environment. While this algorithm can obtain a better performance and resolve the TCAM memory limit of SDN devices, it can also guarantee a more complete protection, by stopping insider attacks. © 2018 IEEE.[SDGs]SDG16Computer system firewalls; Network architecture; Security systems; Ternary content adressable memory; Wireless telecommunication systems; Autonomous systems; Congestion points; Internet attacks; Network packets; Network services; Network traffic; Robust algorithm; Security policy; Network securityconference paper10.1109/WCNC.2018.83773052-s2.0-85049202999