Stochastic Pre-Classification for Software Defined Firewalls

Firewalls are ubiquitous security functions and exist in almost all network connected devices whether protecting host stacks or providing transient packet filtering. Firewall performance, which is a key ingredient for network performance, can be greatly degraded by traffic crafted to exploit its filtering algorithms. These attacks can greatly reduce the Quality of Service (QoS) received by existing authorized flows in the firewall. This paper proposes a novel architecture that decouples this linkage between authorized flow QoS and adversarial traffic, marginalizing disruption caused by unauthorized flows, and ultimately improving overall performance of software defined firewalls. We show substantial improvements in throughput, packet loss, and latency over baseline software defined firewalls with varying ratios of attack traffic. All results are obtained using the cycle accurate architecture simulator gem5, and Internet packet traces obtained from 10 Gbps interfaces of core Internet routers.