Software-defined firewall: Enabling malware traffic detection and programmable security control

Shang Gao, Bin Xiao, Zecheng Li, Songtao Guo, Yuan Yao, Yuanyuan Yang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

3 Citations (Scopus)

Abstract

Network-based malware has posed serious threats to the security of host machines. When malware adopts a private TCP/IP stack for communications, personal and network firewalls may fail to identify the malicious traffic. Current firewall policies do not have a convenient update mechanism, which makes the malicious traffic detection difficult. In this paper, we propose Software-Defined Firewall (SDF), a new security design to protect host machines and enable programmable security policy control by abstracting the firewall architecture into control and data planes. The control plane strengthens the easy security control policy update, as in the SDN (Software-Defined Networking) architecture. The difference is that it further collects host information to provide application-level traffic control and improve the malicious traffic detection accuracy. The data plane accommodates all incoming/outgoing network traffic in a network hardware to avoid malware bypassing it. The design of SDF is easy to be implemented and deployed in today's network. We implement a prototype of SDF and evaluate its performance in real-world experiments. Experimental results show that SDF can successfully monitor all network traffic (i.e., no traffic bypassing) and improves the accuracy of malicious traffic identification. Two examples of use cases indicate that SDF provides easier and more flexible solutions to today's host security problems than current firewalls.

Original languageEnglish
Title of host publicationASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages413-424
Number of pages12
ISBN (Electronic)9781450355766
DOIs
Publication statusPublished - 29 May 2018
Event13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018 - Incheon, Korea, Republic of
Duration: 4 Jun 20188 Jun 2018

Publication series

NameASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

Conference

Conference13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
CountryKorea, Republic of
CityIncheon
Period4/06/188/06/18

Keywords

  • Malicious traffic detection
  • Network programmability
  • Software-defined firewall
  • Software-defined networks

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Information Systems
  • Computer Networks and Communications

Cite this