Bridging the Gap Between Security Tools and SDN Controllers

Software-Defined Networking (SDN) is a promising paradigm to improve network security protections. However, current SDN-based security solutions can hardly provide suÿcient protections in a real SDN network, due to several reasons: 1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; 2) their designs are confined by the SDN network characteristics and can only provide limited security functions; and 3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.