Logical Network Separation and Update Inducing Techniques of Non-updated Vaccine Host by Creating Flow Rule in SDN

Vaccines are used to prevent known malware from infecting computer systems. However, owing to the low security awareness of users, the latest vaccine updates are not being applied appropriately. A host that has not yet been updated with a vaccine may present a risk of data manipulation or infection to the network from new malware. Therefore, this paper proposes a technique for creating a flow rule in software defined networking that controls the packet path of the network, logically separates the non-updated vaccine hosts, and induces a vaccine update. Network security was evaluated by distinguishing between an abnormal host packet blocking process and a normal host packet transmission process through a comparison with existing network security equipment. The proposed technique was implemented in a virtual environment, and the experiment results demonstrated that a 100% blocking rate can be achieved with a block latency of less than 0.2 ms.