Automatic Blocking Mechanism for
Information Security with SDN


Yi-Chih Kao
1+, Jui-Chun Liu1, You-Hong Wang1, Yu-Huang Chu2, Shi-Chun Tsai3,
and Yi-Bing Lin
3
 

1Information Technology and Service Center, National Chiao Tung University, Hsinchu, Taiwan
{ykao, g0737, youhong}@mail.nctu.edu.tw
 

2Chunghwa Telecom Laboratories, Taiwan 

yhchu@cht.com.tw 

3Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan 

{sctsai, liny}@cs.nctu.edu.tw

 

Abstract

Information security attacks initiated within an organization are the worst nightmare to all information management personnel. Although many potential solutions had been proposed for various attack scenarios, a complete field verification for these solutions has not yet been implemented in a complex network environment. In this paper, we propose a reliable, low cost and programmable proximal defense architecture by orchestrating software-defined networks (SDN) controller, SDN switches, legacy switches and application level firewall. Our defensive system can instantly detect various external-to-internal and internal-to-external attacks and block them via the closest programmable device to the attack source. The greatest advantage of this scalable architecture is that we can incrementally construct our defensive system from the original network and security control. Thus, internal users will not notice the migration and all events can be fully recorded for analysis. In addition, stability tests are conducted on both the original network architecture and auto-blocking SDN architecture. The experiments showed that the average response time after 2000 tests and the average throughput of uploading a 100-MB file for both architectures are almost the same. Furthermore, we test our system in a complex campus network environment by simulating a malicious behavior to verify its functionality. All test results live up with good expectations.

Keywords: Network Security, Software Defined Networking, Auto Blocking

 

+: Corresponding author: Yi-Chih Kao
Information Technology and Service Center, National Chiao Tung University, 1001 University Road, 30010, Hsinchu, Taiwan, Tel: +886-922-186-666

 

Journal of Internet Services and Information Security (JISIS), 9(1): 60-73, February 2019

DOI: 10.22667/JISIS.2019.02.28.060 [pdf]