SDN Architecture to prevent attacks with OpenFlow

Abstract

The impact of the Internet of Things (IoT) evolves rapidly, increasing the volume of traffic, and complicating the management of large scalable networks. Despite the security tools offered today, IoT devices are susceptible to many potential attacks. The introduction of software-defined networks (SDN) presents the opportunity for efficient management of threat detection and secure the protection of a network infrastructure. In this paper, we present the design and implementation of a network dynamic architecture including security policies and traffic monitoring decisions. In our approach, the intrusion and detection are performed by Suricata and the controller, automatically blocking attempted attacks using Openflow rules. We demonstrate the effectiveness of the proposed framework through the use of five attack scenarios. The performance results improve the rapid response time under possible attacks and flexible management of secure flow rules with Openflow.