Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computer Networks

CN 2017: Computer Networks pp 271–286Cite as

Multi-level Stateful Firewall Mechanism for Software Defined Networks

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 718))

Abstract

Traditional networks are often quite static, slow to modify, dedicated for a single service and very difficult to scale, what is typical for a large number of different network devices (such as switches, routers, firewalls, and so on), with many complex protocols implemented or embedded on them. Software Defined Network (SDN) is a new technology in communication industry that promises to provide new approach attempting to overcome this weakness of the current network paradigm. The SDN provides a highly scalable and centralized control architecture in which the data plane is decoupled from the control plane; this abstraction gives more flexible, programmable and innovative network architecture. However, centralization of the control plane and ability of programming the network are very critical and challenging tasks causing security problems. In this paper we propose a framework for securing the SDN by introducing an application as an extension to the controller to make it able to check every specific flow in the network and to push the security instructions in real-time down to the network. We also compare our proposal with other existing SDN-based security solutions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Adrian, L., Kolasani, A., Ramamurthy, B.: Network innovation using openflow: a survey. IEEE Commun. Surv. Tutorials 16, 493–512 (2013)

    Google Scholar 

  2. Azodolmolky, S.: Software Defined Networking with OpenFlow Get Hands-on with the Platforms and Development Tools Used to Build OpenFlow Network Applications. Packt Publishing Ltd., Birmingham (2013)

    Google Scholar 

  3. Pujolle, G.: Software Networks Virtualization, SDN, 5G and Security. ISTE Ltd. and Wiley, Great Britain, United States (2015)

    Google Scholar 

  4. Kreutz, D., Ramos, F.M.V., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103, 14–76 (2015)

    Article  Google Scholar 

  5. Underdahl, B., Kinghorn, G.: Software Defined Networking for Dummies. Wiley, Hoboken (2015)

    Google Scholar 

  6. Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. 51, 24–31 (2013)

    Article  Google Scholar 

  7. The Open Networking Foundation, OpenFlow Switch Specification (2014)

    Google Scholar 

  8. Astuto, B.N., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutorials 16, 1617–1634 (2014)

    Article  Google Scholar 

  9. Sharma, R.K., Kalita, H.K., Issac, B.: Different firewall techniques: a survey. In: 5th IEEE International Conference on Computing. Communications and Networking Technologies (ICCCNT), Hefei, Anhui, China, pp. 1–6 (2014)

    Google Scholar 

  10. Scarfone, K., Hoffman, P.: Guidelines on Firewalls and Firewall Policy, Gaithersburg (2009)

    Google Scholar 

  11. Duan, Q., Al-Shaer, E.: Traffic-aware dynamic firewall policy management: techniques and applications. IEEE Commun. Mag. 51, 73–79 (2013)

    Article  Google Scholar 

  12. Trabelsi, Z.: Teaching stateless and stateful firewall packet filtering: a hands-on approach. In: 16th Colloquium for Information Systems Security Education, Lake Buena Vista, Florida, pp. 95–102 (2012)

    Google Scholar 

  13. Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23644-0_9

    Chapter  Google Scholar 

  14. Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: 35th Annual IEEE Conference on Local Computer Networks, LCN, Denver, Colorado, pp. 408–415 (2010)

    Google Scholar 

  15. Jeong, C., Ha, T., Narantuya, J., Lim, H., Kim, J.: Scalable network intrusion detection on virtual SDN environment. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet), Luxembourg, pp. 264–265 (2014)

    Google Scholar 

  16. Francois, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Networking (TON) 20, 1828–1841 (2012)

    Article  Google Scholar 

  17. Porras, Ph., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for openflow networks. In: HotSDN 2012 ACM Special Interest Group on Data Communication SIGCOMM, pp. 121–126. ACM, Helsinki (2012)

    Google Scholar 

  18. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: FRESCO: Modular composable security services for software-defined networks. In: NDSS 2013 Network and Distributed System Security Symposium, San Diego, CA, pp. 1–16 (2013)

    Google Scholar 

  19. Hu, H., Han, W., Ahn, G.J., Zhao, Z.: FLOWGUARD: building robust firewalls for software-defined networks. In: HotSDN 2014, pp. 97–102. ACM, Chicago (2014)

    Google Scholar 

  20. Shirali-Shahreza, S., Ganjali, Y.: Flexam: flexible sampling extension for monitoring and security applications in OpenFlow. In: HotSDN 2013, Hong Kong, China, pp. 167–168. ACM, New York (2013)

    Google Scholar 

  21. Shirali-Shahreza, S., Ganjali, Y.: Efficient implementation of security applications in openflow controller with flexam. In: IEEE 21st Annual Symposium on High-Performance Interconnects, San Jose, CA, USA, pp. 49–54 (2013)

    Google Scholar 

  22. Collings, J., Liu, J.: An openflow-based prototype of SDN-oriented stateful hardware firewalls. In: IEEE 22nd International Conference on Network Protocols, Raleigh, NC, USA, pp. 525–528 (2014)

    Google Scholar 

  23. Zerkane, S., Espes, D., Le Parc, P., Cuppens, F.: Software defined networking reactive stateful firewall. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IFIP AICT, vol. 471, pp. 119–132. Springer, Cham (2016). doi:10.1007/978-3-319-33630-5_9

    Chapter  Google Scholar 

  24. Lar, S., Liao, X., ur Rehman, A., Ma, Q.: Proactive security mechanism and design. J. Inf. Secur. 2, 122–130 (2011)

    Google Scholar 

  25. Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw. Mag. Global Internetworking 30, 14–20 (2016)

    Article  Google Scholar 

  26. Suh, M., Park, S.H., Lee, B., Yang, S.: Building firewall over the software-defined network controller. In: The 16th IEEE International Conference on Advanced Communications Technology, Daejeon, South Korea, pp. 744–748 (2014)

    Google Scholar 

  27. Pena, J.G., Yu, W.E.: Development of a distributed firewall using software defined networking technology. In: 4th IEEE International Conference on Information Science and Technology, Shenzhen, China, pp. 449–452 (2014)

    Google Scholar 

  28. Vasudevan, S.: Firewall a new approach to solve issues in software define networking. In: 6th International Conference on Emerging Trends in Engineering and Technology, pp. 14–19 (2016)

    Google Scholar 

  29. Konorski, J., Pacyna, P., Kolaczek, G., Kotulski, Z., Cabaj, K., Szalachowski, P.: A virtualization-level future internet defense-in-depth architecture. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 283–292. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34135-9_29

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Electronics and Information Technology, Warsaw University of Technology, Warsaw, Poland

    Fahad Nife & Zbigniew Kotulski

  2. Faculty of Science, Al-Muthanna University, Muthanna, Iraq

    Fahad Nife

Authors
  1. Fahad Nife
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zbigniew Kotulski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fahad Nife .

Editor information

Editors and Affiliations

  1. Silesian University of Technology, Gliwice, Poland

    Piotr Gaj

  2. Silesian University of Technology, Gliwice, Poland

    Andrzej Kwiecień

  3. Silesian University of Technology, Gliwice, Poland

    Michał Sawicki

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Nife, F., Kotulski, Z. (2017). Multi-level Stateful Firewall Mechanism for Software Defined Networks. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science, vol 718. Springer, Cham. https://doi.org/10.1007/978-3-319-59767-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59767-6_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59766-9

  • Online ISBN: 978-3-319-59767-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation