Security inspection resource allocation in real time using SDN

Security inspection resource allocation in real time using SDN

Network traffic security inspection is vital in today's network. However, due to the increasing user demand, security inspection resources are becoming a bottleneck of the network, therefore bringing down network throughput. In this paper, we proposed an OpenFlow‐based flow management prototype...

Full description

Saved in:
Bibliographic Details
Published in:Security and privacy Vol. 4; no. 6
Main Authors: Wu, Haotian, Li, Xin, Scoglio, Caterina, Gruenbacher, Don
Format: Journal Article
Language:English
Published: Boston, USA Wiley Periodicals, Inc 01-11-2021
Subjects:
deep packet inspection
flow management
network performance
network security
real time optimization
SDN
traffic engineering
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network traffic security inspection is vital in today's network. However, due to the increasing user demand, security inspection resources are becoming a bottleneck of the network, therefore bringing down network throughput. In this paper, we proposed an OpenFlow‐based flow management prototype, which can properly allocate limited security resources in order to achieve the objective of making the best use of security resources without compromising network throughput. We introduced a capacity reservation scheme to enforce network security and avoid security devices becoming congested. In order to optimize utilization of security devices, we formulated the resource‐constrained problem as an integer linear programming problem and solved it. Extensive experiments were performed to attest to the effectiveness of our prototype. Finally, we analyzed results of the experiment, including the impact on network performance of two parameters in the optimization formulations. Compared to other works, we have the following strengths: our model was implemented on a general network topology with distributed security devices; we formulated the flow allocation problem into a linear programming problem and performed the optimization in the controller in real time; and no pre‐knowledge about the network, hosts, or traffic was needed.
ISSN:2475-6725
2475-6725
DOI:10.1002/spy2.174