The Study on the Blocking Time Reduction of the IDS/SON Cooperative Firewall System

The Study on the Blocking Time Reduction of the IDS/SON Cooperative Firewall System

This research introduces a method to reduce the mean time-to-respond of the Intrusion detection system (IDS) / software-defined network (SDN) cooperative firewall system to increase its efficiency. The previous IDS/SDN Cooperative firewall system relies on Syslog events to pass the message between t...

Full description

Saved in:
Bibliographic Details
Published in:2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security Companion (QRS-C) pp. 549 - 554
Main Authors: Nimitkul, Perakorn, Takai, Akihiro, Yamai, Nariyoshi, Nakagawa, Rei, Teerakanok, Songpon
Format: Conference Proceeding
Language:English
Published: IEEE 22-10-2023
Subjects:
Delays
Firewall
Firewalls (computing)
Intrusion Detection System
Security
Software Defined Network
Software defined networking
Software quality
Software reliability
Switches
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This research introduces a method to reduce the mean time-to-respond of the Intrusion detection system (IDS) / software-defined network (SDN) cooperative firewall system to increase its efficiency. The previous IDS/SDN Cooperative firewall system relies on Syslog events to pass the message between the SDN controller, IDS, and Open Virtual Switch (OvS) to alter the flow entries. This, however, was proven to be too slow in blocking some malicious packets. This new study aims to improve the blocking delay in two ways: by integrating the IDS with the Open Virtual Switch, and by adding multiple IDS cores to it. By integrating the IDS into the OvS, the study has found that the blocking speed has increased significantly, approximately 7 times faster since there is no communication overhead. This, however, might lower the flexibility of the SDN system since the IDS is now attached to OvS itself. The configuration is explored further by adding another IDS instance to the device running the OvS to create a dual-core IDS system. This configuration is proven to increase the efficiency of the IDS/SDN cooperative firewall when under high load. However, it is slower than the former single-core IDS when under normal load due to the communication overhead.
ISSN:2693-9371
DOI:10.1109/QRS-C60940.2023.00095