Using Cyber Threat Intelligence to Prevent Malicious Known Traffic in a SDN Physical Testbed

TL;DR

This paper explores how integrating Cyber Threat Intelligence (CTI) into Software Defined Networks (SDN) can enhance security by effectively blocking malicious traffic in a physical testbed environment.

Contribution

It introduces a method for using CTI to improve SDN security and demonstrates its effectiveness in a physical testbed setting.

Findings

CTI integration improves malicious traffic detection.

Enhanced SDN security with CTI reduces false positives.

Physical testbed validates practical applicability.

Abstract

Since the use of applications and communication tools has increased, one of the concerns of the responsible for network security has been to protect information and information systems, as well as to provide trust to end users for the use of information and communication technologies. Nowadays, attacks on the network have increased and undergone modifications, which make the task for traditional security devices difficult, being necessary to add the intelligence to face the new attacks generated in the network. Hence the need to incorporate Cyber Threat Intelligence (CTI) as a new component in the network. This work focuses on the use of information provided by a CTI to improve the security of Software Defined Networks (SDN), and at the same time, analyze how malicious traffic could be blocked in a physical testbed.