Abstract

Information security attacks initiated within an organization are the worst nightmare to all information management personnel. Although many potential solutions had been proposed for various attack scenarios, a complete field verification for these solutions has not yet been implemented in a complex network environment. In this paper, we propose a reliable, low cost and programmable proximal defense architecture by orchestrating software-defined networks (SDN) controller, SDN switches, legacy switches and application level firewall. Our defensive system can instantly detect various external-to-internal and internal-to-external attacks and block them via the closest programmable device to the attack source. The greatest advantage of this scalable architecture is that we can incrementally construct our defensive system from the original network and security control. Thus, internal users will not notice the migration and all events can be fully recorded for analysis. In addition, stability tests are conducted on both the original network architecture and auto-blocking SDN architecture. The experiments showed that the average response time after 2000 tests and the average throughput of uploading a 100-MB file for both architectures are almost the same. Furthermore, we test our system in a complex campus network environment by simulating a malicious behavior to verify its functionality. All test results live up with good expectations.