Deployment of Intrusion Prevention System Based on Software Defined Networking

The development of the mobile Internet brought about by the thriving mobile intelligent terminals has made it possible to access to the Internet anytime and anywhere. While people enjoy the convenience, they also suffer from a series of security threats caused by cyber-attacks. IPS brings reliability and security in a network system and is regarded as one of the most popular security devices. However, the conventional IPS deployment often has some limitations, and the deployment and maintenance costs are expensive, the utilization rate is low. In order to solve these issues, an SDN-based IPS deployment is presented in this paper, which supports a unified scheduling of security applications in the whole network and load balancing among IPSs. In addition, this paper builds a test-bed and shows evaluation results. As the results, It is confirmed that the proposed scheme can achieve a shorter time for ping after the first ping and that with the load balancing, the network latency is significantly reduced.