Global Flow Table: A convincing mechanism for security operations in SDN

One of the key challenges of network security is that security middle boxes, such as firewalls and Intrusion Detection Systems (IDSs), only have local view of the network. This lowers the efficiency of security detection and makes it difficult to locate the sources of the threats. There have been growing demands for security operations and appliances that are aware of the distribution and behavior of flows in the whole network; logically centralized control ability of Software-Defined Network (SDN) makes it possible for the network controller to acquire the global view of the network. In this paper, we propose a mechanism named Global Flow Table (GFT) which can provide security appliances and operators with paths of all the flows in SDN network, in addition to their sources, destinations, setup and terminate time, traffic volume and directions. A weak vertex cover based GFT algorithm which sacrifices less than 5% accuracy is also provided to improve scalability. Tests with different network topologies of cloud computing center and enterprise networks show promising performance. Utilizing the Global Flow Table, we built several applications to illustrate how GFT could benefit the security operations.