Network Intrusion Detection and Prevention Middlebox Management in SDN

In traditional networks, it is difficult to manage the distributed detection and prevention nodes of IDS and IPS due to the laborious manual deployment and independent configuration. Software defined networking (SDN) provides a flexible approach to control the underlying network infrastructures efficiently. However, the OpenFlow flow table is too simple to provide complex functions with the match-action style processing. To support more functionalities, in this paper, we propose a middlebox management architecture with SDN - OpenMiddlebox, by extending OpenFlow to support middleboxes with ClickOS virtual machines (VM), so that programmable middleboxes could be deployed and managed in switches with fast booted ClickOS VMs flexibly. We then design automatic deployment and update schemes of network intrusion detection and prevention middleboxes with the centralized controller. The evaluation results show that OpenMiddlebox could manage the distributed middleboxes efficiently and is scalable to large networks, and the centralized control also improves the network intrusion detection and prevention accuracy.