Quick Blocking Operation of IDS/SDN Cooperative Firewall Systems by Reducing Communication Overhead

Takai A.; Katsura Y.; Yamai N.; Nakagawa R.; Visoottiviseth V.

Quick Blocking Operation of IDS/SDN Cooperative Firewall Systems by Reducing Communication Overhead

Issued Date

2024-01-01

Resource Type

Conference Paper

ISSN

17389445

DOI

10.23919/ICACT60172.2024.10471925

Scopus ID

2-s2.0-85189516646

Journal Title

International Conference on Advanced Communication Technology, ICACT

Start Page

1514

End Page

1520

Rights Holder(s)

SCOPUS

Bibliographic Citation

International Conference on Advanced Communication Technology, ICACT (2024) , 1514-1520

Suggested Citation

Takai A., Katsura Y., Yamai N., Nakagawa R., Visoottiviseth V. Quick Blocking Operation of IDS/SDN Cooperative Firewall Systems by Reducing Communication Overhead. International Conference on Advanced Communication Technology, ICACT (2024) , 1514-1520. 1520. doi:10.23919/ICACT60172.2024.10471925 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/97941

Title

Quick Blocking Operation of IDS/SDN Cooperative Firewall Systems by Reducing Communication Overhead

Author(s)

Takai A.
Katsura Y.
Yamai N.
Nakagawa R.
Visoottiviseth V.

Author's Affiliation

Nara Institute of Science and Technology
Mahidol University
Tokyo University of Agriculture and Technology

Corresponding Author(s)

Takai A.

Other Contributor(s)

Mahidol University

Abstract

An Intrusion Detection System (IDS) / Software Defined Networking (SDN) cooperative firewall system has attracted much attention recently because it has many advantages of dynamic network configuration with SDN and scalable IDS hosts. In the IDS/SDN cooperative firewall system, an SDN switch relays traffic between a client and a server and mirrors traffic from a client to an IDS host. The IDS host monitors the mirrored traffic and notifies the SDN switch to block malicious traffic according to the detection of the attack. At this point, malicious packets reach the server until the IDS detects the attack and notifies it. In this paper, we propose a method to speed up mirroring and notification by integrating IDS and SDN switch hosts as a method to shorten the blocking time and compare it with existing methods. The experimental system was constructed using Raspberry Pi3 B+ and 4B boards. As a result, it was confirmed that the proposed method completes the blocking operation faster than the existing method. We also investigated the breakdown of the blocking time to confirm the effect of the proposed method.

Keyword(s)

Engineering

URI

https://repository.li.mahidol.ac.th/handle/20.500.14594/97941

Collections

Scopus 2024

Full item page

Send Feedback

	Office Hour: Monday-Friday 08.30-12.00 and 13.00-16.30 hrs.
	Phutthamonthon Sai 4 Rd. Salaya, Nakhon Pathom 73170, Thailand
	The office: +66 (2) 800 2680 ext.4306
	thipsuda.van@mahidol.ac.th
	https://repository.li.mahidol.ac.th