Traffic Analysis in Support of Hybrid SDN Campus Architectures for Enhanced Cybersecurity

Abstract

The scale and complexity of campus networks continues to accelerate due to recent paradigms such as the Internet of Things (IoT) resulting in a heightened awareness of the need for enhanced cybersecurity. Traditional cybersecurity approaches such as the placement of firewalls and other policy enforcement mechanisms at strategic choke points effectively divide the network into zones and are unable to regulate intrazone host-to-host communication. This traditional approach introduces significant risk as there is little in place to prevent the horizontal propagation of malware or other unwanted traffic within a given zone. In this paper we explore approaches for improving cybersecurity in campus networks by analyzing contemporary campus traffic patterns and propose several architectural enhancements in light of these patterns which introduce strategically placed hardware or hardware-accelerated software data planes which are evaluated from performance and effectiveness perspectives.