A Framework for Threats Analysis Using Software-Defined Networking

TL;DR

This paper introduces a flexible threat analysis framework leveraging software-defined networking to simulate arbitrary networks, enabling detailed threat detection and recovery, thus enhancing cybersecurity research capabilities.

Contribution

The paper presents a novel SDN-based framework that allows customizable network simulations for threat analysis, overcoming limitations of traditional sandboxing methods.

Findings

Framework enables simulation of complex network threats

Supports network state restoration after analysis

Facilitates easier threat detection in cybersecurity research

Abstract

The ability to analyze network threats is very important in security research. Traditional approaches, involving sandboxing technology are limited to simulating a single host, missing local network attacks. This issue is addressed by designing a threat analysis framework that uses software-defined networking for simulating arbitrary networks. The presented system offers flexibility, allowing a security researcher to define a virtual network that is able to capture malicious actions and to be restored to the initial state afterwards. Both the framework design and common usage scenarios are described. By providing this framework, we aim to ease the analysis effort in combating cyberthreats.