| Title |
Guarding The Perimeter Of Cloud-Based Enterprise Networks: An Intelligent Sdn Firewall |
| ID_Doc |
28564 |
| Authors |
Cheng Q.; Wu C.; Zhou H.; Zhang Y.; Wang R.; Ruan W. |
| Year |
2019 |
| Published |
Proceedings - 20th International Conference on High Performance Computing and Communications, 16th International Conference on Smart City and 4th International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2018 |
| DOI |
http://dx.doi.org/10.1109/HPCC/SmartCity/DSS.2018.00149 |
| Abstract |
Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency. © 2018 IEEE. |
| Author Keywords |
Firewall; Machine Learning; Perimeter Security; SDN |
