An experimental Software Defined Security controller for Software Defined Network

Abstract

Software Defined Networking is an emerging technology that permits computer network infrastructure to be scaled dynamically as needed while enhancing the manageability of the various network devices in heterogeneous environment as opposed to classical networking. These capabilities emerge from the separation of the data plane from the control plane; thus, allowing the network devices to be programmatically managed and controlled. Similarly, the concept of Software Defined Security allows security solutions such as Firewalls and Intrusion Detection Systems to be dynamically implemented, controlled and managed using programmable interfaces. In this research, the authors propose an experimental software defined security controller based on the Open vSwitch Controller to detect and prevent IP and MAC spoofing attacks on the network. The proposed controller is simulated using Mininet. The simulation results confirm that the proposed controller is capable to detect and prevent the aforementioned attacks with high precision.