From left) Kim Bom's master's program, Park Hyun-joon's bachelor's program, and Lee Seung-soo

Lee Seung-soo, a professor of Computer Science & Engineering at Incheon National University, developed the first framework to automatically generate and verify network security policies in a cloud-native environment and was adopted as a presentation paper in IEEE International Conference on Computer Communications (INFOCOM), one of the world's most prestigious conferences in the field of networks.

IEEE INFOCOM is a flagship international conference of networking with a tradition of more than 40 years since its foundation in 1982, and world-class research results in the fields of computer networking, cloud computing, and communication are presented. In 2025, only 272 (about 18%) of a total of 1,458 papers were finally adopted.

The paper 'KubeTeus: An Intelligent Network Policy Generation Framework for Containers', which was confirmed this time, suggested a new direction for the automatic creation of network security policies in cloud-native environments. Recently, with the rapid growth of the cloud computing market, the complexity of the microservice architecture is increasing. In such an environment, efficient security policy management is essential, but existing manual management methods can cause frequent configuration errors and lead to serious security vulnerabilities. In addition, existing studies have shown limitations that do not properly reflect the characteristics of cloud environments that change in real-time.

To solve this problem, the system developed by the researchers presented two innovative approaches using natural language processing technology and large-scale language model (LLM). First, through a domain-specific natural language processing model, when a user expresses his or her intention in natural language without complicated settings, it automatically converts it into an appropriate network policy. Second, it automatically analyzes the relationship between services with only the configuration file of the cluster and recommends the necessary policies. In addition, the system has developed a method to ensure the accuracy and safety of the policies generated through the three-step verification process, thereby preventing the wrong policies from being applied to the real environment.

This study is considered significant in that it simultaneously secured the automation and safety of security policy management in a cloud-native environment. In particular, the developed system is highly versatile by supporting various container network interfaces and is expected to become a new standard for security policy automation in a cloud environment that will become more complex in the future.

The authors are Kim Bom (master's course, first author), Park Hyun-joon (student's course, second author), and Lee Seung-soo (associative professor, correspondence), and will be announced verbally in London, England in May 2025.